I tried (unsuccessfully) to set up an initializer admission controller on k8s 1.10, running in minikube. kubectl does not show 'initializerconfiguration' as a valid object type and attempting 'kubectl create -f init.yaml' with a file containing an initializerConfiguration object (similar to the exmaple found here: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#configure-initializers-on-the-fly) returns this:
no matches for kind "InitializerConfiguration" in version "admissionregistration.k8s.io/v1alpha1"
(I tried with /v1beta1 as well, because kubectl api-versions doesn't show admissionregistration.k8s.io/v1alpha1 but does have .../v1beta1; no luck with that, either).
"Initializers" is enabled in the --admission-control option for kube-apiserver and all possible APIs are also turned on by default in minikube - so it should have worked, according to the k8s documentation.
According to the document mentioned in question:
Enable initializers alpha feature
Initializers is an alpha feature, so it is disabled by default. To turn it on, you need to:
Include “Initializers” in the
--enable-admission-plugins
flag when startingkube-apiserver
. If you have multiplekube-apiserver
replicas, all should have the same flag setting.Enable the dynamic admission controller registration API by adding
admissionregistration.k8s.io/v1alpha1
to the--runtime-config
flag passed tokube-apiserver
, e.g.--runtime-config=admissionregistration.k8s.io/v1alpha1
. Again, all replicas should have the same flag setting.
NOTE: For those looking to use this on minikube
, use this to pass runtime-config
to the apiserver:
minikube start --vm-driver=none --extra-config=apiserver.runtime-config=admissionregistration.k8s.io/v1alpha1=true