-
Notifications
You must be signed in to change notification settings - Fork 51
Updates kube-apiserver configuration for KUBE_ADMISSION_CONTROL #76
Conversation
@navidshaikh I dont understand why we need to remove "ServiceAccount". We need more details. |
Removing it is not correct. The correct change is to set up the signing key for service account token generation |
@liggitt : ACK! Chose location for key at |
sure, whatever path is appropriate |
@navidshaikh do u have a scratch build with this patch? Also the patch looks like 2 commits. I think it should be just one commit as the previous commit not relevant anymore. |
@navidshaikh This looks wrong:
Shouldn't it be |
FWIW, this is how it looks when configured w/ https://github.com/kubernetes/contrib/tree/master/ansible:
|
LGTM. Scratch build by @navidshaikh at http://cbs.centos.org/koji/taskinfo?taskID=29206 |
Scratch build is working fine.
|
Updates kube-apiserver configuration for KUBE_ADMISSION_CONTROL
Hi,
I'm building my own Ansible playbooks so not a big deal, but I couldn't find this in the docs on the ProjectAtomic website. Also not sure if this should be the default or not. |
Fixes: #75
Removes
ServiceAccount
from the value ofKUBE_ADMISSION_CONTROL
variablein /etc/kubernetes/apiserver