search

cloudnativer / kube-install

一键安装k8s(kubernetes):二進位離線方式部署,支持定時安裝、添加與銷毀node、銷毀與修復master、一鍵卸載集羣等。Install k8s (kubernetes): one click offline installation of highly available multiple kubernetes cluster, supports schedule installation, addition of nodes, rebuild of kubernetes master, and uninstallation of clusters.
Apache License 2.0
413 stars 111 forks source link

may add admission-control attribute to set admission #23

Open lxd5866 opened 2 years ago

lxd5866 commented 2 years ago

code example:

WorkingDirectory={{k8s_install_home}}/kubernetes/kube-apiserver
ExecStart=/usr/local/bin/kube-apiserver \
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook \
--feature-gates=ExpandInUsePersistentVolumes=true \
--advertise-address={{ip}} \
--bind-address=0.0.0.0 \
--insecure-bind-address=127.0.0.1 \

the MutatingAdmissionWebhook,ValidatingAdmissionWebhook is useful and commonly used, but it is not set default. i know it may not nessery for everyone, but when you need use it, you need edit source code in kube-install/sys/0x00000000master/apiserver/templates/kube-apiserver.service-1.xx.j2, it difficult to update.

houseonline commented 2 years ago

Yes, we can consider dealing with this requirement in v0.7.4. The new v0.7.4 and above will also add functions such as web account security, which you can follow and use at that time.

lxd5866 commented 2 years ago

i may commit for this requirement if i have time ,

houseonline commented 2 years ago

kube-install v0.7.4 has been officially released and you can start using it ! @lxd5866 See the link below for details: https://github.com/cloudnativer/kube-install/releases/tag/v0.7.4