mirror of https://github.com/k3s-io/k3s
96d81fe688
Automatic merge from submit-queue (batch tested with PRs 52367, 53363, 54989, 54872, 54643). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Basic GCE PodSecurityPolicy Config **What this PR does / why we need it**: This PR lays the foundation for enabling PodSecurityPolicy in GCE and other default deployments. The 3 commits are: 1. Add policies, roles & bindings for the default addons on GCE. 2. Enable the PSP admission controller & load the addon policies when the`ENABLE_POD_SECURITY_POLICY=true` environment variable is set. 3. Support the PodSecurityPolicy in the E2E environment & add PSP tests. NOTES: - ~~Depends on https://github.com/kubernetes/kubernetes/pull/52301 for privileged capabilities~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/52849 for sane mutations~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/53479 for aggregator tests to pass~~ - ~~Depends on https://github.com/kubernetes/kubernetes/pull/54175 for dedicated fluentd service~~ account - This PR is a fork of https://github.com/kubernetes/kubernetes/pull/46064, credit to @Q-Lee **Which issue this PR fixes**: #43538 **Release note**: ```release-note Add support for PodSecurityPolicy on GCE: `ENABLE_POD_SECURITY_POLICY=true` enables the admission controller, and installs policies for default addons. ``` |
||
|---|---|---|
| .. | ||
| addons | ||
| aws | ||
| centos | ||
| gce | ||
| images | ||
| juju | ||
| kubemark | ||
| kubernetes-anywhere | ||
| lib | ||
| libvirt-coreos | ||
| local | ||
| log-dump | ||
| openstack-heat | ||
| photon-controller | ||
| pre-existing | ||
| saltbase | ||
| skeleton | ||
| vagrant | ||
| vsphere | ||
| windows | ||
| BUILD | ||
| OWNERS | ||
| README.md | ||
| clientbin.sh | ||
| common.sh | ||
| get-kube-binaries.sh | ||
| get-kube-local.sh | ||
| get-kube.sh | ||
| kube-down.sh | ||
| kube-push.sh | ||
| kube-up.sh | ||
| kube-util.sh | ||
| kubeadm.sh | ||
| kubectl.sh | ||
| options.md | ||
| restore-from-backup.sh | ||
| test-e2e.sh | ||
| test-network.sh | ||
| test-smoke.sh | ||
| update-storage-objects.sh | ||
| validate-cluster.sh | ||
README.md
Cluster Configuration
Deprecation Notice: This directory has entered maintenance mode and will not be accepting new providers. Please submit new automation deployments to kube-deploy. Deployments in this directory will continue to be maintained and supported at their current level of support.
The scripts and data in this directory automate creation and configuration of a Kubernetes cluster, including networking, DNS, nodes, and master components.
See the getting-started guides for examples of how to use the scripts.
cloudprovider/config-default.sh contains a set of tweakable definitions/parameters for the cluster.
The heavy lifting of configuring the VMs is done by SaltStack.