Skip to content

Commit

Permalink
stop adding beta admission config to default master configs
Browse files Browse the repository at this point in the history
  • Loading branch information
@juanvallejo
juanvallejo committed Nov 30, 2017
1 parent e16fc4a commit d2ee0d3
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 20 deletions.
1 change: 1 addition & 0 deletions hack/lib/start.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,7 @@ function os::start::internal::patch_master_config() {
local sudo=${USE_SUDO:+sudo}
cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml"
oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml" --patch="{\"etcdConfig\": {\"address\": \"${API_HOST}:${ETCD_PORT}\"}}" | \
oc ex config patch - --patch="{\"admissionConfig\": {\"pluginConfig\": {\"openshift.io/ImagePolicy\": {\"configuration\": {\"apiVersion\": \"v1\", \"executionRules\": [{\"matchImageAnnotations\": [{\"key\": \"images.openshift.io/deny-execution\", \"value\": \"true\"}], \"name\": \"execution-denied\", \"onResources\": [{\"resource\": \"pods\"}, {\"resource\": \"builds\"}], \"reject\": true, \"skipOnResolutionFailure\": true }], \"kind\": \"ImagePolicyConfig\" }, \"location\": \"\"}}}}" | \
oc ex config patch - --patch="{\"etcdConfig\": {\"servingInfo\": {\"bindAddress\": \"${API_HOST}:${ETCD_PORT}\"}}}" | \
oc ex config patch - --type json --patch="[{\"op\": \"replace\", \"path\": \"/etcdClientInfo/urls\", \"value\": [\"${API_SCHEME}://${API_HOST}:${ETCD_PORT}\"]}]" | \
oc ex config patch - --patch="{\"etcdConfig\": {\"peerAddress\": \"${API_HOST}:${ETCD_PEER_PORT}\"}}" | \
Expand Down
20 changes: 0 additions & 20 deletions pkg/cmd/server/start/master_args.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/yaml"
"k8s.io/apiserver/pkg/util/flag"
"k8s.io/kubernetes/pkg/master/ports"
"k8s.io/kubernetes/pkg/registry/core/service/ipallocator"
Expand All @@ -24,8 +23,6 @@ import (
configapiv1 "github.com/openshift/origin/pkg/cmd/server/api/v1"
"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
cmdutil "github.com/openshift/origin/pkg/cmd/util"
imagepolicyapi "github.com/openshift/origin/pkg/image/admission/imagepolicy/api"
"github.com/openshift/origin/pkg/oc/bootstrap"
"github.com/spf13/cobra"
)

Expand Down Expand Up @@ -362,23 +359,6 @@ func (args MasterArgs) BuildSerializeableMasterConfig() (*configapi.MasterConfig
config.ServiceAccountConfig.PublicKeyFiles = []string{}
}

// embed a default policy for generated config
defaultImagePolicy, err := bootstrap.Asset("pkg/image/admission/imagepolicy/api/v1/default-policy.yaml")
if err != nil {
return nil, fmt.Errorf("unable to find default image admission policy: %v", err)
}
// TODO: this should not be necessary, runtime.Unknown#MarshalJSON should handle YAML content type correctly
defaultImagePolicy, err = yaml.ToJSON(defaultImagePolicy)
if err != nil {
return nil, err
}
if config.AdmissionConfig.PluginConfig == nil {
config.AdmissionConfig.PluginConfig = make(map[string]configapi.AdmissionPluginConfig)
}
config.AdmissionConfig.PluginConfig[imagepolicyapi.PluginName] = configapi.AdmissionPluginConfig{
Configuration: &runtime.Unknown{Raw: defaultImagePolicy},
}

internal, err := applyDefaults(config, configapiv1.SchemeGroupVersion)
if err != nil {
return nil, err
Expand Down

0 comments on commit d2ee0d3

Please sign in to comment.