Hide Forgot
Description of problem: No method provided to update admission in master config on ocp4.0 On ocp3.11 and earlier there are testing scenarios requires updating admissionConfig in /etc/origin/master/master-config.yaml, but the file does not exists on ocp4.0 How reproducible: always Steps to Reproduce: Actual results: Method provided to get admissionConfig updated Expected results: No method provided to get admissionConfig updated Additional info: unsupportedConfigOverrides may be the dev task tracking this.
(In reply to Weinan Liu from comment #0) > Additional info: > unsupportedConfigOverrides may be the dev task tracking this. unsupportedConfigOverrides can work in current 4.0 for updating admission, see https://github.com/openshift/cluster-kube-apiserver-operator
Yes, for 4.0 the only method is to use unsupportedConfigOverrides.
It works and must match this type: https://github.com/openshift/api/blob/master/kubecontrolplane/v1/types.go#L14
Hi Michal Fojtik, I tried both `AdmissionPluginConfig` and `admissionPluginConfig`. Neither one worked oc edit kubeapiserver adding... ... unsupportedConfigOverrides: AdmissionPluginConfig: alwaysPullImages: configuration: apiVersion: v1 kind: DefaultAdmissionConfig ... oc edit kubeapiserver adding... ... unsupportedConfigOverrides: admissionPluginConfig: AlwaysPullImages: configuration: apiVersion: v1 kind: DefaultAdmissionConfig ... How I checked it was not working: 1)$ cat /tmp/pod2.yaml apiVersion: v1 kind: Pod metadata: name: foo2 spec: nodeName: ip-172-31-131-75.us-east-2.compute.internal containers: - name: foo2 image: docker.io/deshuai/hello-openshift imagePullPolicy: IfNotPresent 2) kubectl create -f /tmp/pod2.yaml 3)$ oc get pod foo2 -o yaml|grep -i imagePullPolicy: imagePullPolicy: IfNotPresent imagePullPolicy in step 3) was not overridden with AlwaysPullImages
Hi Michal Fojtik, could you advise?
It's blocking us with the admission updating related test
``` unsupportedConfigOverrides: admissionPluginConfig: AlwaysPullImages: configuration: apiVersion: v1 kind: DefaultAdmissionConfig ``` syntax is correct. But AlwaysPullImages has no config at all. If the assumption has been, that giving a config will enable the plugin. This is not the case. Instead something like the following should work: ``` unsupportedConfigOverrides: admissionPluginConfig: enabledPlugins: - AlwaysPullImages ```
Correction: ``` unsupportedConfigOverrides: admission: enabledPlugins: - AlwaysPullImages ```
I double checked the upper config set via `kubectl edit kubeapiserver`, then creating the pod from comment 7 and got `imagePullPolicy: Always` as expected.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758