Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --enable-admission-plugins API server flag for k8s 1.10 #5221

Merged
merged 2 commits into from
May 31, 2018
Merged

Add --enable-admission-plugins API server flag for k8s 1.10 #5221

merged 2 commits into from
May 31, 2018

Conversation

ripta
Copy link
Contributor

@ripta ripta commented May 28, 2018

According to the section on recommended admission controllers:

  1. --admission-control has been deprecated in 1.10, replaced with a new flag.
  2. The order of the list of controllers no longer matters, presumably because of the addition of the ordered list of all plugins, AllOrderedPlugins.

As such, this PR:

  1. Adds --enable-admission-plugins and also the additional flag, --disable-admission-plugins.
  2. Mark --admission-control deprecated.
  3. The list of recommended admission plugins have not changed compared to 1.9, but kops has a slightly different list of plugins, which I've carried over to the new option.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 28, 2018
@ripta
Copy link
Contributor Author

ripta commented May 28, 2018

/assign @geojaz

I'm not sure the proper way to deprecate these flags are, so comments are appreciated.

gambol99
gambol99 suggested changes May 29, 2018
View reviewed changes
Copy link
Contributor

@gambol99 gambol99 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds reasonable :-)...

Could be also include here please ..and the other api versions

In retrospect perhaps we should move this logic out of the api versions ... but i'll leave that to another PR

@gambol99
Copy link
Contributor

/assign @gambol99

@ripta ripta force-pushed the enable-admission-plugins branch from 6463dd7 to d9252a1 Compare May 29, 2018 23:42
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 29, 2018
@ripta
Copy link
Contributor Author

ripta commented May 30, 2018

@gambol99 - Thanks for the review. I added another commit to modify HasAdmissionController. Let me know what you think, and if I've missed anything else!

@gambol99
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 30, 2018
gambol99
gambol99 reviewed May 30, 2018
View reviewed changes
pkg/apis/kops/componentconfig.go
@@ -461,5 +465,16 @@ func (c *KubeAPIServerConfig) HasAdmissionController(name string) bool {
}
}

for _, x := range c.DisableAdmissionPlugins {
Copy link
Contributor

@gambol99 gambol99 May 30, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps ...

for _, x := range x.DisableAdmissionPlugins {
     if x == name { 
        return false
     }
}
for _, x := range append(c.AdmissionControl, c.EnableAdmissionPlugins...)
    if x == name { 
      return true // and save a few lines
    }
}

but up to you .. it's just code preference, so no biggie :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless you and another reviewer feel strongly about combining them, I'd rather keep them separate. Subjectively, range append(c.AdmissionControl, c.EnableAdmissionPlugins...) is harder to read, only to save a couple of lines. Presumably we'll be cleaning up c.AdmissionControl in the future anyway, when it has been removed from k/k and kops stops supporting older versions.

@gambol99
Copy link
Contributor

Looks good to me ... cc'ing @justinsb for a second opinion :-)

@justinsb
Copy link
Member

/approve

/lgtm

Thanks @ripta

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 31, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justinsb, ripta

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 31, 2018
@k8s-ci-robot k8s-ci-robot merged commit 9778ab4 into kubernetes:master May 31, 2018
gambol99 added a commit to gambol99/kops that referenced this pull request Jun 2, 2018
@gambol99
Admission Controller Fix
b4e55a2 
A previous PR kubernetes#5221 introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
gambol99 added a commit to gambol99/kops that referenced this pull request Jun 2, 2018
@gambol99
Admission Controller Fix
d9a357f 
A previous PR kubernetes#5221 introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
gambol99 added a commit to gambol99/kops that referenced this pull request Jun 2, 2018
@gambol99
Admission Controller Fix
4a674ca 
A previous PR kubernetes#5221 introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
@gambol99 gambol99 mentioned this pull request Jun 2, 2018
Merged
gambol99 added a commit to gambol99/kops that referenced this pull request Jun 2, 2018
@gambol99
Admission Controller Fix
93e7fed 
A previous PR kubernetes#5221 introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
gambol99 added a commit to gambol99/kops that referenced this pull request Jun 2, 2018
@gambol99
Admission Controller Fix
b62d6df 
A previous PR kubernetes#5221 introduced the --enable-admission-plugins for >= 1.10.0 as recommended, it does however cause an issue if you already have AdmissionControl is specified in the Spec as both flags get rendered
@ripta ripta deleted the enable-admission-plugins branch June 5, 2018 00:37
This was referenced Oct 2, 2018
Merged
Merged
@dolwitz-at-sony dolwitz-at-sony mentioned this pull request Mar 13, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gambol99 gambol99 gambol99 requested changes

Assignees

@justinsb justinsb

@gambol99 gambol99

@geojaz geojaz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ripta @gambol99 @justinsb @k8s-ci-robot @geojaz