123. 为什么我在 kube-apiserver 配置中看不到默认的录取控制器插件列表

张

张建站

2026/4/8 7:32:40

10分钟阅读

123. 为什么我在 kube-apiserver 配置中看不到默认的录取控制器插件列表

Answer 答案Each Kubernetes minor release contains a set of admission controllers that are enabled by default. These default admission controllers are enabled within the Kubernetes API automatically and do not need to be explicitly enabled via configuration parameters. This is why they are not visible in the configuration.每个 Kubernetes 次要版本都包含一套默认启用的准入控制器。这些默认准入控制器在 Kubernetes API 中会自动启用无需通过配置参数明确启用。这就是为什么在配置中它们看不到。The--admission-control-config-fileflag is used to explicitly enable additional admission controllers.该--admission-control-config-file标志用于明确启用额外的招生控制者。See the Kubernetes documentation for more information: Admission control in Kubernetes.更多信息请参见 Kubernetes 文档Kubernetes 中的准入控制。For example, as of Kubernetes v1.33, the DenyServiceExternalIPs and EventRateLimit Admission control plugins are disabled by default, so they need be enabled via the--admission-control-config-fileflag.例如从 Kubernetes v1.33 开始DenyServiceExternalIP 和 EventRateLimit Admission 控制插件默认被禁用因此需要通过--admission-control-config-file标志来启用。In an RKE2 cluster, you can review the set of API admission control plugins that are enabled by default, by executing the commandkube-apiserver -h | grep enable-admission-pluginswithin a kube-apiserver pod, as below:在 RKE2 集群中您可以通过在 kube-apiserver 模块内执行命令kube-apiserver -h | grep enable-admission-plugins查看默认启用的 API 准入控制插件集合如下所示Identify running kube-apiserver pods:识别正在运行的 kube-apiserver podsspan stylecolor:#000000span stylebackground-color:#ffffffspan stylebackground-color:#efefefcode$ kubectl get pods -n kube-system -oname| grep -i kube-apiserver pod/kube-apiserver-controlplane-0/code/span/span/spanRunkube-apiserver -h | grep enable-admission-pluginin a kube-apiserver Pod:运行kube-apiserver -h | grep enable-admission-plugin在 kube-apiserver Pod 中span stylecolor:#000000span stylebackground-color:#ffffffspan stylebackground-color:#efefefcode$ kubectl -n kube-system exec -it kube-apiserver-controlplane-0 -- sh -c kube-apiserver -h | grep enable-admission-plugins --admission-control strings Admission is divided into two phases. In the first phase, only mutating admission plugins run. In the second phase, only validating admission plugins run. The names in the below list may represent a validating plugin, a mutating plugin, or both. The order of plugins in which they are passed to this flag does not matter. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, CertificateApproval, CertificateSigning, CertificateSubjectRestriction, ClusterTrustBundleAttest, DefaultIngressClass, DefaultStorageClass, DefaultTolerationSeconds, DenyServiceExternalIPs, EventRateLimit, ExtendedResourceToleration, ImagePolicyWebhook, LimitPodHardAntiAffinityTopology, LimitRanger, MutatingAdmissionPolicy, MutatingAdmissionWebhook, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, NodeRestriction, OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, PodNodeSelector, PodSecurity, PodTolerationRestriction, Priority, ResourceQuota, RuntimeClass, ServiceAccount, StorageObjectInUseProtection, TaintNodesByCondition, ValidatingAdmissionPolicy, ValidatingAdmissionWebhook. (DEPRECATED: Use --enable-admission-plugins or --disable-admission-plugins instead. Will be removed in a future version.) --enable-admission-plugins strings admission plugins that should be enabled in addition to default enabled ones (NamespaceLifecycle, LimitRanger, ServiceAccount, TaintNodesByCondition, PodSecurity, Priority, DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, PersistentVolumeClaimResize, RuntimeClass, CertificateApproval, CertificateSigning, ClusterTrustBundleAttest, CertificateSubjectRestriction, DefaultIngressClass, MutatingAdmissionPolicy, MutatingAdmissionWebhook, ValidatingAdmissionPolicy, ValidatingAdmissionWebhook, ResourceQuota). Comma-delimited list of admission plugins: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, CertificateApproval, CertificateSigning, CertificateSubjectRestriction, ClusterTrustBundleAttest, DefaultIngressClass, DefaultStorageClass, DefaultTolerationSeconds, DenyServiceExternalIPs, EventRateLimit, ExtendedResourceToleration, ImagePolicyWebhook, LimitPodHardAntiAffinityTopology, LimitRanger, MutatingAdmissionPolicy, MutatingAdmissionWebhook, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, NodeRestriction, OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, PodNodeSelector, PodSecurity, PodTolerationRestriction, Priority, ResourceQuota, RuntimeClass, ServiceAccount, StorageObjectInUseProtection, TaintNodesByCondition, ValidatingAdmissionPolicy, ValidatingAdmissionWebhook. The order of plugins in this flag does not matter./code/span/span/spanEnvironment 环境A standalone or Rancher-provisioned RKE2 or K3s cluster一个独立或牧场配置的 RKE2 或 K3s 集群访问Rancher-K8S解决方案博主企业合作伙伴 https://blog.csdn.net/lidw2009

如何快速上手Scala Exercises：面向初学者的完整入门指南

如何快速上手Scala Exercises：面向初学者的完整入门指南【免费下载链接】scala-exercises The easy way to learn Scala. 项目地址: https://gitcode.com/gh_mirrors/sc/scala-exercises Scala Exercises是一个基于Scala编程语言的开源交互式学习平台&#…...

2026/4/8 7:28:46 阅读更多 →

IHaskell与Python对比分析：函数式编程在数据科学中的独特价值

IHaskell与Python对比分析：函数式编程在数据科学中的独特价值【免费下载链接】IHaskell A Haskell kernel for the Jupyter project. 项目地址: https://gitcode.com/gh_mirrors/ih/IHaskell 在数据科学领域，选择合适的编程语言往往直接影响开发…...

2026/4/8 7:27:45 阅读更多 →

BetterGI：用计算机视觉技术重新定义《原神》游戏体验的5大核心技术解析

2026/4/8 7:27:44 阅读更多 →

ESP32硬件PWM控制库PWMOutESP32实战指南

1. PWMOutESP32 库深度解析：面向嵌入式工程师的 ESP32 PWM 控制实践指南 1.1 库定位与工程价值 PWMOutESP32 是一个专为 ESP32 系列微控制器设计的轻量级 PWM 输出控制库，其核心目标是提供 Arduino 风格的 pwm.analogWrite(pin, value) 接口&#xff…...

2026/4/5 0:05:17 阅读更多 →

AVR长周期看门狗库：突破8秒限制实现毫秒级精准复位与睡眠唤醒

1. LongerWatchDog 库概述：突破AVR看门狗定时器的固有约束在嵌入式系统开发中，看门狗定时器（Watchdog Timer, WDT）是保障系统可靠性的关键机制。传统Arduino平台（尤其是基于ATmega328P、ATmega2560等AVR架构的板卡&…...

2026/4/5 0:08:58 阅读更多 →

LeetCode 92. Reverse Linked List II 题解

LeetCode 92. Reverse Linked List II 题解题目描述给你单链表的头指针 head 和两个整数 left 和 right ，其中 left < right 。请你反转从位置 left 到位置 right 的链表节点，返回反转后的链表。示例 1： 输入：head [1,2,…...

2026/4/8 7:20:54 阅读更多 →