From aed9bab874e2d612a6a36ccb79dd0deacc386db4 Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Thu, 21 Dec 2017 09:44:38 -0500
Subject: [PATCH 1/2] UPSTREAM: <carry>: add our immortal namespaces directly
 to admission plugin

---
 .../pkg/admission/plugin/namespace/lifecycle/admission.go       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go b/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go
index 526fa5ea838f..5d5aec58657b 100644
--- a/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go
+++ b/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle/admission.go
@@ -53,7 +53,7 @@ const (
 // Register registers a plugin
 func Register(plugins *admission.Plugins) {
 	plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
-		return NewLifecycle(sets.NewString(metav1.NamespaceDefault, metav1.NamespaceSystem, metav1.NamespacePublic))
+		return NewLifecycle(sets.NewString(metav1.NamespaceDefault, metav1.NamespaceSystem, metav1.NamespacePublic, "openshift", "openshift-infra"))
 	})
 }
 

From de77da5af04e0433cb243fadef441c8753e800a4 Mon Sep 17 00:00:00 2001
From: David Eads <deads@redhat.com>
Date: Thu, 21 Dec 2017 09:44:55 -0500
Subject: [PATCH 2/2] stop special casing creation for ns lifecycle admission

---
 .../server/origin/admission/chain_builder.go  | 21 -------------------
 1 file changed, 21 deletions(-)

diff --git a/pkg/cmd/server/origin/admission/chain_builder.go b/pkg/cmd/server/origin/admission/chain_builder.go
index 998b0542f8cb..941085dda2ad 100644
--- a/pkg/cmd/server/origin/admission/chain_builder.go
+++ b/pkg/cmd/server/origin/admission/chain_builder.go
@@ -8,7 +8,6 @@ import (
 	"os"
 	"reflect"
 
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/admission"
 	admissionmetrics "k8s.io/apiserver/pkg/admission/metrics"
@@ -196,26 +195,6 @@ func newAdmissionChain(pluginNames []string, admissionConfigFilename string, opt
 		)
 
 		switch pluginName {
-		case lifecycle.PluginName:
-			// We need to include our infrastructure and shared resource namespaces in the immortal namespaces list
-			immortalNamespaces := sets.NewString(metav1.NamespaceDefault)
-			if len(options.PolicyConfig.OpenShiftSharedResourcesNamespace) > 0 {
-				immortalNamespaces.Insert(options.PolicyConfig.OpenShiftSharedResourcesNamespace)
-			}
-			if len(options.PolicyConfig.OpenShiftInfrastructureNamespace) > 0 {
-				immortalNamespaces.Insert(options.PolicyConfig.OpenShiftInfrastructureNamespace)
-			}
-			lc, err := lifecycle.NewLifecycle(immortalNamespaces)
-			if err != nil {
-				return nil, err
-			}
-			admissionInitializer.Initialize(lc)
-			if err := lc.ValidateInitialization(); err != nil {
-				return nil, err
-			}
-			plugin = lc
-			admissionInitializer.Initialize(plugin)
-
 		case serviceadmit.ExternalIPPluginName:
 			// this needs to be moved upstream to be part of core config
 			reject, admit, err := serviceadmit.ParseRejectAdmitCIDRRules(options.NetworkConfig.ExternalIPNetworkCIDRs)