From 9d8e2869627ceeb2ac0ac8373c6e8be5cf3f7724 Mon Sep 17 00:00:00 2001
From: Alexander Babai <aliaksandr.babai@gmail.com>
Date: Wed, 19 Sep 2018 16:40:29 +0300
Subject: [PATCH] feat(kops): add admission control to kube api server

---
 rootfs/templates/kops/default.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/rootfs/templates/kops/default.yaml b/rootfs/templates/kops/default.yaml
index 128394515..ae8b4e4ae 100644
--- a/rootfs/templates/kops/default.yaml
+++ b/rootfs/templates/kops/default.yaml
@@ -36,6 +36,20 @@ spec:
     authorizationMode: {{ getenv "KOPS_KUBE_API_SERVER_AUTHORIZATION_MODE" "RBAC,AlwaysAllow" }}
     authorizationRbacSuperUser: {{ getenv "KOPS_KUBE_API_SERVER_AUTHORIZATION_RBAC_SUPER_USER" "admin" }}
   {{- end }}
+  {{- if bool (getenv "KOPS_ADMISSION_CONTROL_ENABLED" "true") }}
+    admissionControl:
+    - NamespaceLifecycle
+    - LimitRanger
+    - ServiceAccount
+    - PersistentVolumeLabel
+    - DefaultStorageClass
+    - DefaultTolerationSeconds
+    - MutatingAdmissionWebhook
+    - ValidatingAdmissionWebhook
+    - ResourceQuota
+    - NodeRestriction
+    - Priority
+  {{- end }}
   authorization:
     {{- if bool (getenv "KOPS_AUTHORIZATION_RBAC_ENABLED" "false") }}
     rbac: {}