Add Initializers admission controller

Also sync up Admission controllers with current default sets for 1.7 & 1.8
kubernetes · Aug 28, 2017 · 4d52a7c · 4d52a7c
1 parent 1e5cf2d
commit 4d52a7c
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 2 deletions.
diff --git a/pkg/apis/kops/util/versions.go b/pkg/apis/kops/util/versions.go
@@ -79,6 +79,10 @@ func IsKubernetesGTE(version string, k8sVersion semver.Version) bool {
 		return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 6)
 	case "1.7":
 		return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 7)
+	case "1.8":
+		return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 8)
+	case "1.9":
+		return k8sVersion.Major > 1 || (k8sVersion.Major == 1 && k8sVersion.Minor >= 9)
 	default:
 		panic(fmt.Sprintf("IsKubernetesGTE not supported with version %q", version))
 	}

diff --git a/pkg/model/components/apiserver.go b/pkg/model/components/apiserver.go
@@ -121,6 +121,7 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 	c.EtcdServers = []string{"http://127.0.0.1:4001"}
 	c.EtcdServersOverrides = []string{"/events#http://127.0.0.1:4002"}
 
+	// TODO: We can probably rewrite these more clearly in descending order
 	if b.IsKubernetesGTE("1.3") && b.IsKubernetesLT("1.4") {
 		c.AdmissionControl = []string{
 			"NamespaceLifecycle",
@@ -149,18 +150,48 @@ func (b *KubeAPIServerOptionsBuilder) BuildOptions(o interface{}) error {
 			"DefaultStorageClass",
 			"ResourceQuota",
 		}
-		c.AnonymousAuth = fi.Bool(false)
 	}
-	if b.IsKubernetesGTE("1.6") {
+	if b.IsKubernetesGTE("1.6") && b.IsKubernetesLT("1.7") {
+		c.AdmissionControl = []string{
+			"NamespaceLifecycle",
+			"LimitRanger",
+			"ServiceAccount",
+			"PersistentVolumeLabel",
+			"DefaultStorageClass",
+			"DefaultTolerationSeconds",
+			"ResourceQuota",
+		}
+	}
+	if b.IsKubernetesGTE("1.7") && b.IsKubernetesLT("1.8") {
 		c.AdmissionControl = []string{
+			"Initializers",
 			"NamespaceLifecycle",
 			"LimitRanger",
 			"ServiceAccount",
 			"PersistentVolumeLabel",
 			"DefaultStorageClass",
 			"DefaultTolerationSeconds",
+			"NodeRestriction",
 			"ResourceQuota",
 		}
+	}
+	if b.IsKubernetesGTE("1.8") {
+		c.AdmissionControl = []string{
+			"Initializers",
+			"NamespaceLifecycle",
+			"LimitRanger",
+			"ServiceAccount",
+			"PersistentVolumeLabel",
+			"DefaultStorageClass",
+			"DefaultTolerationSeconds",
+			"NodeRestriction",
+			"Priority",
+			"ResourceQuota",
+		}
+	}
+
+	// We make sure to disable AnonymousAuth from when it was introduced
+	if b.IsKubernetesGTE("1.5") {
 		c.AnonymousAuth = fi.Bool(false)
 	}