Skip to content
This repository has been archived by the owner on Jul 3, 2021. It is now read-only.

How to configure/customise Kubectl-api --enable-admission-plugins #309

Closed
ravichandra22 opened this issue May 21, 2018 · 3 comments
Closed

How to configure/customise Kubectl-api --enable-admission-plugins #309

ravichandra22 opened this issue May 21, 2018 · 3 comments
Assignees
@tvs

Comments

@ravichandra22
Copy link

HI,

Can you please help me how to customise kubeapi-server --enable-admission-plugins. By default few admission plugins are set to deny.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/157758561

The labels on this github issue will be updated when the story is started.

@tvs
Copy link
Member

tvs commented May 21, 2018

At the moment, the kube-apiserver job does not offer any mechanism for fine-grained control over the admission controls. The only things that are currently optional are SecurityContextDeny (through allow_privileged) and DenyEscalatingExec (through deny_escalating_exec).

I've been considering opening these up to be configured on a per-controller basis (with our manifest applying the current defaults), much the same way we do with feature gates. Hopefully that or some other mechanism will give you the flexibility you want.

This was referenced May 22, 2018
Closed
Closed
@alex-slynko
Copy link
Member

It is possible to do with 0.24

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tvs tvs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tvs @alex-slynko @cf-gitbot @ravichandra22