summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBertrand NOEL <bertrand.noel.88@gmail.com>2016-12-01 14:23:42 +0100
committerMohammed Naser <mnaser@vexxhost.com>2017-07-14 09:51:40 -0400
commit98f4ae9942ee55c1e7454bb257f21d935c403cb2 (patch)
tree2ecc0993a01aad221d410deb8856941d3173972c
parentdad5b6340a08705c6fdc4c8116393b0c0bb4b56d (diff)
K8S: Allows to specify admission control plugins to enable3.3.0
If nothing is specified a set of recommended default plugins is used, which includes the ServiceAccount one. Change-Id: I1383aae09ba68f8e83b07e3eaae40ab071f7be94 Closes-Bug: #1646489 (cherry picked from commit 1f3b0500b7de384a6d1cacc39affdf716f0b0679)
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: yatin <ykarel@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Sat, 15 Jul 2017 00:02:09 +0000 Reviewed-on: https://review.openstack.org/483940 Project: openstack/magnum Branch: refs/heads/stable/newton
-rw-r--r--doc/source/userguide.rst13
-rw-r--r--magnum/drivers/common/k8s_template_def.py3
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh18
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml1
-rw-r--r--magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml6
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml7
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml6
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml7
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml6
-rw-r--r--magnum/tests/functional/k8s/test_k8s_python_client.py5
-rw-r--r--magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py12
-rw-r--r--magnum/tests/unit/drivers/test_template_definition.py6
12 files changed, 84 insertions, 6 deletions
diff --git a/doc/source/userguide.rst b/doc/source/userguide.rst
index 6fb9e19..fe5f848 100644
--- a/doc/source/userguide.rst
+++ b/doc/source/userguide.rst
@@ -296,6 +296,8 @@ the table are linked to more details elsewhere in the user guide.
296+---------------------------------------+--------------------+---------------+ 296+---------------------------------------+--------------------+---------------+
297| `mesos_slave_executor_env_variables`_ | (file name) | "" | 297| `mesos_slave_executor_env_variables`_ | (file name) | "" |
298+---------------------------------------+--------------------+---------------+ 298+---------------------------------------+--------------------+---------------+
299| `admission_control_list`_ | see below | see below |
300+---------------------------------------+--------------------+---------------+
299 301
300 302
301======= 303=======
@@ -889,6 +891,17 @@ Log into the servers
889 You can log into the master servers using the login 'fedora' and the 891 You can log into the master servers using the login 'fedora' and the
890 keypair specified in the ClusterTemplate. 892 keypair specified in the ClusterTemplate.
891 893
894In addition to the common attributes in the ClusterTemplate, you can specify
895the following attributes that are specific to Kubernetes by using the
896labels attribute.
897
898_`admission_control_list`
899 This label corresponds to Kubernetes parameter for the API server '--admission-control'.
900 For more details, refer to the `Admission Controllers
901 <https://kubernetes.io/docs/admin/admission-controllers//>`_.
902 The default value corresponds to the one recommended in this doc
903 for our current Kubernetes version.
904
892External load balancer for services 905External load balancer for services
893----------------------------------- 906-----------------------------------
894 907
diff --git a/magnum/drivers/common/k8s_template_def.py b/magnum/drivers/common/k8s_template_def.py
index dba4417..dda7a58 100644
--- a/magnum/drivers/common/k8s_template_def.py
+++ b/magnum/drivers/common/k8s_template_def.py
@@ -102,7 +102,8 @@ class K8sTemplateDefinition(template_def.BaseTemplateDefinition):
102 extra_params['kubernetes_port'] = 8080 102 extra_params['kubernetes_port'] = 8080
103 103
104 label_list = ['flannel_network_cidr', 'flannel_backend', 104 label_list = ['flannel_network_cidr', 'flannel_backend',
105 'flannel_network_subnetlen'] 105 'flannel_network_subnetlen', 'admission_control_list']
106
106 for label in label_list: 107 for label in label_list:
107 extra_params[label] = cluster_template.labels.get(label) 108 extra_params[label] = cluster_template.labels.get(label)
108 109
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index 0d6308b..9a183ff 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -29,12 +29,17 @@ else
29 KUBE_API_ARGS="$KUBE_API_ARGS --client_ca_file=/srv/kubernetes/ca.crt" 29 KUBE_API_ARGS="$KUBE_API_ARGS --client_ca_file=/srv/kubernetes/ca.crt"
30fi 30fi
31 31
32KUBE_ADMISSION_CONTROL=""
33if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
34 KUBE_ADMISSION_CONTROL="--admission-control=${ADMISSION_CONTROL_LIST}"
35fi
36
32sed -i ' 37sed -i '
33 /^KUBE_API_ADDRESS=/ s/=.*/='"${KUBE_API_ADDRESS}"'/ 38 /^KUBE_API_ADDRESS=/ s/=.*/='"${KUBE_API_ADDRESS}"'/
34 /^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"| 39 /^KUBE_SERVICE_ADDRESSES=/ s|=.*|="--service-cluster-ip-range='"$PORTAL_NETWORK_CIDR"'"|
35 /^KUBE_API_ARGS=/ s/KUBE_API_ARGS.// 40 /^KUBE_API_ARGS=/ s/KUBE_API_ARGS.//
36 /^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd_servers=http:\/\/127.0.0.1:2379"/ 41 /^KUBE_ETCD_SERVERS=/ s/=.*/="--etcd_servers=http:\/\/127.0.0.1:2379"/
37 /^KUBE_ADMISSION_CONTROL=/ s/=.*/=""/ 42 /^KUBE_ADMISSION_CONTROL=/ s/=.*/="'"${KUBE_ADMISSION_CONTROL}"'"/
38' /etc/kubernetes/apiserver 43' /etc/kubernetes/apiserver
39cat << _EOC_ >> /etc/kubernetes/apiserver 44cat << _EOC_ >> /etc/kubernetes/apiserver
40#Uncomment the following line to disable Load Balancer feature 45#Uncomment the following line to disable Load Balancer feature
@@ -43,10 +48,19 @@ KUBE_API_ARGS="$KUBE_API_ARGS"
43#KUBE_API_ARGS="$KUBE_API_ARGS --cloud_config=/etc/sysconfig/kube_openstack_config --cloud_provider=openstack" 48#KUBE_API_ARGS="$KUBE_API_ARGS --cloud_config=/etc/sysconfig/kube_openstack_config --cloud_provider=openstack"
44_EOC_ 49_EOC_
45 50
51# Add controller manager args
52KUBE_CONTROLLER_MANAGER_ARGS=""
53if [ -n "${ADMISSION_CONTROL_LIST}" ] && [ "${TLS_DISABLED}" == "False" ]; then
54 KUBE_CONTROLLER_MANAGER_ARGS="--service-account-private-key-file=/srv/kubernetes/server.key"
55fi
46sed -i ' 56sed -i '
47 /^KUBELET_ADDRESSES=/ s/=.*/="--machines='""'"/ 57 /^KUBELET_ADDRESSES=/ s/=.*/="--machines='""'"/
48 /^KUBE_CONTROLLER_MANAGER_ARGS=/ s/KUBE_CONTROLLER_MANAGER_ARGS.*/#Uncomment the following line to enable Kubernetes Load Balancer feature \n#KUBE_CONTROLLER_MANAGER_ARGS="--cloud-config=\/etc\/sysconfig\/kube_openstack_config --cloud-provider=openstack"/ 58 /^KUBE_CONTROLLER_MANAGER_ARGS=/ s#\(KUBE_CONTROLLER_MANAGER_ARGS\).*#\1="'"${KUBE_CONTROLLER_MANAGER_ARGS}"'"#
49' /etc/kubernetes/controller-manager 59' /etc/kubernetes/controller-manager
60cat << _EOC_ >> /etc/kubernetes/controller-manager
61#Uncomment the following line to enable Kubernetes Load Balancer feature
62#KUBE_CONTROLLER_MANAGER_ARGS="\$KUBE_CONTROLLER_MANAGER_ARGS --cloud-config=/etc/sysconfig/kube_openstack_config --cloud-provider=openstack"
63_EOC_
50 64
51KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=$KUBE_NODE_IP" 65KUBELET_ARGS="--register-node=true --register-schedulable=false --config=/etc/kubernetes/manifests --hostname-override=$KUBE_NODE_IP"
52 66
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
index dc2d2fa..0d8a5f0 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
@@ -20,6 +20,7 @@ write_files:
20 FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN" 20 FLANNEL_NETWORK_SUBNETLEN="$FLANNEL_NETWORK_SUBNETLEN"
21 FLANNEL_BACKEND="$FLANNEL_BACKEND" 21 FLANNEL_BACKEND="$FLANNEL_BACKEND"
22 PORTAL_NETWORK_CIDR="$PORTAL_NETWORK_CIDR" 22 PORTAL_NETWORK_CIDR="$PORTAL_NETWORK_CIDR"
23 ADMISSION_CONTROL_LIST="$ADMISSION_CONTROL_LIST"
23 ETCD_DISCOVERY_URL="$ETCD_DISCOVERY_URL" 24 ETCD_DISCOVERY_URL="$ETCD_DISCOVERY_URL"
24 USERNAME="$USERNAME" 25 USERNAME="$USERNAME"
25 PASSWORD="$PASSWORD" 26 PASSWORD="$PASSWORD"
diff --git a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
index 9a31b22..97ed23f 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/kubecluster.yaml
@@ -80,6 +80,12 @@ parameters:
80 constraints: 80 constraints:
81 - allowed_values: ["udp", "vxlan", "host-gw"] 81 - allowed_values: ["udp", "vxlan", "host-gw"]
82 82
83 admission_control_list:
84 type: string
85 description: >
86 Not used by this driver
87 default: ""
88
83 kube_allow_priv: 89 kube_allow_priv:
84 type: string 90 type: string
85 description: > 91 description: >
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index a7a6dd8..6aa3b84 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -79,6 +79,12 @@ parameters:
79 constraints: 79 constraints:
80 - allowed_values: ["udp", "vxlan", "host-gw"] 80 - allowed_values: ["udp", "vxlan", "host-gw"]
81 81
82 admission_control_list:
83 type: string
84 description: >
85 List of admission control plugins to activate
86 default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
87
82 kube_allow_priv: 88 kube_allow_priv:
83 type: string 89 type: string
84 description: > 90 description: >
@@ -474,6 +480,7 @@ resources:
474 flannel_network_subnetlen: {get_param: flannel_network_subnetlen} 480 flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
475 flannel_backend: {get_param: flannel_backend} 481 flannel_backend: {get_param: flannel_backend}
476 portal_network_cidr: {get_param: portal_network_cidr} 482 portal_network_cidr: {get_param: portal_network_cidr}
483 admission_control_list: {get_param: admission_control_list}
477 discovery_url: {get_param: discovery_url} 484 discovery_url: {get_param: discovery_url}
478 cluster_uuid: {get_param: cluster_uuid} 485 cluster_uuid: {get_param: cluster_uuid}
479 magnum_url: {get_param: magnum_url} 486 magnum_url: {get_param: magnum_url}
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index 66d779a..ebf44ac 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -63,6 +63,11 @@ parameters:
63 constraints: 63 constraints:
64 - allowed_values: ["udp", "vxlan", "host-gw"] 64 - allowed_values: ["udp", "vxlan", "host-gw"]
65 65
66 admission_control_list:
67 type: string
68 description: >
69 List of admission control plugins to activate
70
66 discovery_url: 71 discovery_url:
67 type: string 72 type: string
68 description: > 73 description: >
@@ -237,6 +242,7 @@ resources:
237 "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen} 242 "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
238 "$FLANNEL_BACKEND": {get_param: flannel_backend} 243 "$FLANNEL_BACKEND": {get_param: flannel_backend}
239 "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr} 244 "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
245 "$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
240 "$ETCD_DISCOVERY_URL": {get_param: discovery_url} 246 "$ETCD_DISCOVERY_URL": {get_param: discovery_url}
241 "$AUTH_URL": {get_param: auth_url} 247 "$AUTH_URL": {get_param: auth_url}
242 "$USERNAME": {get_param: username} 248 "$USERNAME": {get_param: username}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
index d3eb814..72e10b3 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
@@ -87,6 +87,12 @@ parameters:
87 constraints: 87 constraints:
88 - allowed_values: ["udp", "vxlan", "host-gw"] 88 - allowed_values: ["udp", "vxlan", "host-gw"]
89 89
90 admission_control_list:
91 type: string
92 description: >
93 List of admission control plugins to activate
94 default: "NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota"
95
90 kube_allow_priv: 96 kube_allow_priv:
91 type: string 97 type: string
92 description: > 98 description: >
@@ -438,6 +444,7 @@ resources:
438 flannel_network_subnetlen: {get_param: flannel_network_subnetlen} 444 flannel_network_subnetlen: {get_param: flannel_network_subnetlen}
439 flannel_backend: {get_param: flannel_backend} 445 flannel_backend: {get_param: flannel_backend}
440 portal_network_cidr: {get_param: portal_network_cidr} 446 portal_network_cidr: {get_param: portal_network_cidr}
447 admission_control_list: {get_param: admission_control_list}
441 discovery_url: {get_param: discovery_url} 448 discovery_url: {get_param: discovery_url}
442 cluster_uuid: {get_param: cluster_uuid} 449 cluster_uuid: {get_param: cluster_uuid}
443 magnum_url: {get_param: magnum_url} 450 magnum_url: {get_param: magnum_url}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
index 27f4fe2..468084d 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
@@ -63,6 +63,11 @@ parameters:
63 constraints: 63 constraints:
64 - allowed_values: ["udp", "vxlan", "host-gw"] 64 - allowed_values: ["udp", "vxlan", "host-gw"]
65 65
66 admission_control_list:
67 type: string
68 description: >
69 List of admission control plugins to activate
70
66 discovery_url: 71 discovery_url:
67 type: string 72 type: string
68 description: > 73 description: >
@@ -235,6 +240,7 @@ resources:
235 "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen} 240 "$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
236 "$FLANNEL_BACKEND": {get_param: flannel_backend} 241 "$FLANNEL_BACKEND": {get_param: flannel_backend}
237 "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr} 242 "$PORTAL_NETWORK_CIDR": {get_param: portal_network_cidr}
243 "$ADMISSION_CONTROL_LIST": {get_param: admission_control_list}
238 "$ETCD_DISCOVERY_URL": {get_param: discovery_url} 244 "$ETCD_DISCOVERY_URL": {get_param: discovery_url}
239 "$AUTH_URL": {get_param: auth_url} 245 "$AUTH_URL": {get_param: auth_url}
240 "$USERNAME": {get_param: username} 246 "$USERNAME": {get_param: username}
diff --git a/magnum/tests/functional/k8s/test_k8s_python_client.py b/magnum/tests/functional/k8s/test_k8s_python_client.py
index f658652..2172c8d 100644
--- a/magnum/tests/functional/k8s/test_k8s_python_client.py
+++ b/magnum/tests/functional/k8s/test_k8s_python_client.py
@@ -18,5 +18,8 @@ class TestKubernetesAPIs(base.BaseK8sTest):
18 "tls_disabled": False, 18 "tls_disabled": False,
19 "network_driver": 'flannel', 19 "network_driver": 'flannel',
20 "volume_driver": 'cinder', 20 "volume_driver": 'cinder',
21 "fixed_network": '192.168.0.0/24' 21 "fixed_network": '192.168.0.0/24',
22 "labels": {
23 "admission_control_list": "",
24 }
22 } 25 }
diff --git a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
index cd9c9d2..985ebf9 100644
--- a/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
+++ b/magnum/tests/unit/conductor/handlers/test_k8s_cluster_conductor.py
@@ -43,7 +43,8 @@ class TestClusterConductorWithK8s(base.TestCase):
43 'no_proxy': 'no_proxy', 43 'no_proxy': 'no_proxy',
44 'labels': {'flannel_network_cidr': '10.101.0.0/16', 44 'labels': {'flannel_network_cidr': '10.101.0.0/16',
45 'flannel_network_subnetlen': '26', 45 'flannel_network_subnetlen': '26',
46 'flannel_backend': 'vxlan'}, 46 'flannel_backend': 'vxlan',
47 'admission_control_list': 'fake_list'},
47 'tls_disabled': False, 48 'tls_disabled': False,
48 'server_type': 'vm', 49 'server_type': 'vm',
49 'registry_enabled': False, 50 'registry_enabled': False,
@@ -133,7 +134,8 @@ class TestClusterConductorWithK8s(base.TestCase):
133 'discovery_url': 'discovery_url', 134 'discovery_url': 'discovery_url',
134 'labels': {'flannel_network_cidr': '10.101.0.0/16', 135 'labels': {'flannel_network_cidr': '10.101.0.0/16',
135 'flannel_network_subnetlen': '26', 136 'flannel_network_subnetlen': '26',
136 'flannel_backend': 'vxlan'}, 137 'flannel_backend': 'vxlan',
138 'admission_control_list': 'fake_list'},
137 'http_proxy': 'http_proxy', 139 'http_proxy': 'http_proxy',
138 'https_proxy': 'https_proxy', 140 'https_proxy': 'https_proxy',
139 'no_proxy': 'no_proxy', 141 'no_proxy': 'no_proxy',
@@ -159,6 +161,7 @@ class TestClusterConductorWithK8s(base.TestCase):
159 'flannel_network_cidr': '10.101.0.0/16', 161 'flannel_network_cidr': '10.101.0.0/16',
160 'flannel_network_subnetlen': '26', 162 'flannel_network_subnetlen': '26',
161 'flannel_backend': 'vxlan', 163 'flannel_backend': 'vxlan',
164 'admission_control_list': 'fake_list',
162 'http_proxy': 'http_proxy', 165 'http_proxy': 'http_proxy',
163 'https_proxy': 'https_proxy', 166 'https_proxy': 'https_proxy',
164 'no_proxy': 'no_proxy', 167 'no_proxy': 'no_proxy',
@@ -230,6 +233,7 @@ class TestClusterConductorWithK8s(base.TestCase):
230 'flannel_backend': 'vxlan', 233 'flannel_backend': 'vxlan',
231 'flannel_network_cidr': '10.101.0.0/16', 234 'flannel_network_cidr': '10.101.0.0/16',
232 'flannel_network_subnetlen': '26', 235 'flannel_network_subnetlen': '26',
236 'admission_control_list': 'fake_list',
233 'http_proxy': 'http_proxy', 237 'http_proxy': 'http_proxy',
234 'https_proxy': 'https_proxy', 238 'https_proxy': 'https_proxy',
235 'magnum_url': 'http://127.0.0.1:9511/v1', 239 'magnum_url': 'http://127.0.0.1:9511/v1',
@@ -305,6 +309,7 @@ class TestClusterConductorWithK8s(base.TestCase):
305 'flannel_backend': 'vxlan', 309 'flannel_backend': 'vxlan',
306 'flannel_network_cidr': '10.101.0.0/16', 310 'flannel_network_cidr': '10.101.0.0/16',
307 'flannel_network_subnetlen': '26', 311 'flannel_network_subnetlen': '26',
312 'admission_control_list': 'fake_list',
308 'insecure_registry_url': '10.0.0.1:5000', 313 'insecure_registry_url': '10.0.0.1:5000',
309 'kube_version': 'fake-version', 314 'kube_version': 'fake-version',
310 'magnum_url': 'http://127.0.0.1:9511/v1', 315 'magnum_url': 'http://127.0.0.1:9511/v1',
@@ -370,6 +375,7 @@ class TestClusterConductorWithK8s(base.TestCase):
370 'flannel_network_cidr': '10.101.0.0/16', 375 'flannel_network_cidr': '10.101.0.0/16',
371 'flannel_network_subnetlen': '26', 376 'flannel_network_subnetlen': '26',
372 'flannel_backend': 'vxlan', 377 'flannel_backend': 'vxlan',
378 'admission_control_list': 'fake_list',
373 'tls_disabled': False, 379 'tls_disabled': False,
374 'registry_enabled': False, 380 'registry_enabled': False,
375 'trustee_domain_id': self.mock_keystone.trustee_domain_id, 381 'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@@ -427,6 +433,7 @@ class TestClusterConductorWithK8s(base.TestCase):
427 'flannel_network_cidr': '10.101.0.0/16', 433 'flannel_network_cidr': '10.101.0.0/16',
428 'flannel_network_subnetlen': '26', 434 'flannel_network_subnetlen': '26',
429 'flannel_backend': 'vxlan', 435 'flannel_backend': 'vxlan',
436 'admission_control_list': 'fake_list',
430 'tls_disabled': False, 437 'tls_disabled': False,
431 'registry_enabled': False, 438 'registry_enabled': False,
432 'trustee_domain_id': self.mock_keystone.trustee_domain_id, 439 'trustee_domain_id': self.mock_keystone.trustee_domain_id,
@@ -578,6 +585,7 @@ class TestClusterConductorWithK8s(base.TestCase):
578 'flannel_network_cidr': '10.101.0.0/16', 585 'flannel_network_cidr': '10.101.0.0/16',
579 'flannel_network_subnetlen': '26', 586 'flannel_network_subnetlen': '26',
580 'flannel_backend': 'vxlan', 587 'flannel_backend': 'vxlan',
588 'admission_control_list': 'fake_list',
581 'tenant_name': 'fake_tenant', 589 'tenant_name': 'fake_tenant',
582 'username': 'fake_user', 590 'username': 'fake_user',
583 'cluster_uuid': self.cluster_dict['uuid'], 591 'cluster_uuid': self.cluster_dict['uuid'],
diff --git a/magnum/tests/unit/drivers/test_template_definition.py b/magnum/tests/unit/drivers/test_template_definition.py
index f3320ef..7f0c21b 100644
--- a/magnum/tests/unit/drivers/test_template_definition.py
+++ b/magnum/tests/unit/drivers/test_template_definition.py
@@ -266,6 +266,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
266 flannel_subnet = mock_cluster_template.labels.get( 266 flannel_subnet = mock_cluster_template.labels.get(
267 'flannel_network_subnetlen') 267 'flannel_network_subnetlen')
268 flannel_backend = mock_cluster_template.labels.get('flannel_backend') 268 flannel_backend = mock_cluster_template.labels.get('flannel_backend')
269 admission_control_list = mock_cluster_template.labels.get(
270 'admission_control_list')
269 271
270 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() 272 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
271 273
@@ -278,6 +280,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
278 'flannel_network_cidr': flannel_cidr, 280 'flannel_network_cidr': flannel_cidr,
279 'flannel_network_subnetlen': flannel_subnet, 281 'flannel_network_subnetlen': flannel_subnet,
280 'flannel_backend': flannel_backend, 282 'flannel_backend': flannel_backend,
283 'admission_control_list': admission_control_list,
281 'username': 'fake_user', 284 'username': 'fake_user',
282 'tenant_name': 'fake_tenant', 285 'tenant_name': 'fake_tenant',
283 'magnum_url': mock_osc.magnum_url.return_value, 286 'magnum_url': mock_osc.magnum_url.return_value,
@@ -322,6 +325,8 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
322 flannel_subnet = mock_cluster_template.labels.get( 325 flannel_subnet = mock_cluster_template.labels.get(
323 'flannel_network_subnetlen') 326 'flannel_network_subnetlen')
324 flannel_backend = mock_cluster_template.labels.get('flannel_backend') 327 flannel_backend = mock_cluster_template.labels.get('flannel_backend')
328 admission_control_list = mock_cluster_template.labels.get(
329 'admission_control_list')
325 330
326 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition() 331 k8s_def = k8sa_tdef.AtomicK8sTemplateDefinition()
327 332
@@ -334,6 +339,7 @@ class AtomicK8sTemplateDefinitionTestCase(BaseTemplateDefinitionTestCase):
334 'flannel_network_cidr': flannel_cidr, 339 'flannel_network_cidr': flannel_cidr,
335 'flannel_network_subnetlen': flannel_subnet, 340 'flannel_network_subnetlen': flannel_subnet,
336 'flannel_backend': flannel_backend, 341 'flannel_backend': flannel_backend,
342 'admission_control_list': admission_control_list,
337 'username': 'fake_user', 343 'username': 'fake_user',
338 'tenant_name': 'fake_tenant', 344 'tenant_name': 'fake_tenant',
339 'magnum_url': mock_osc.magnum_url.return_value, 345 'magnum_url': mock_osc.magnum_url.return_value,