@@ -1,7 +1,7 @@

-From 40064b0cbc084faa76f8f2d29f1c3ed8ae693b02 Mon Sep 17 00:00:00 2001

+From 6b4efdbb56d5d4a0521fd0612e770b17f1e8aae2 Mon Sep 17 00:00:00 2001

 From: Bo Gan <ganb@vmware.com>

-Date: Fri, 8 Jun 2018 16:29:28 -0700

-Subject: [PATCH] Cascade Kubernetes patches for v1.9.6 (df346df)

+Date: Sun, 10 Jun 2018 02:16:47 -0700

+Subject: [PATCH] Cascade Kubernetes patches for v1.9.6 (d06c534)

 ---

  api/swagger-spec/apps_v1alpha1.json                |  21 +

@@ -4079,7 +4079,7 @@ index 0000000..b0a6026

 \ No newline at end of file

 diff --git a/plugin/pkg/admission/vke/admission.go b/plugin/pkg/admission/vke/admission.go

 new file mode 100644

-index 0000000..15cbb85

+index 0000000..6325ca0

 --- /dev/null

 +++ b/plugin/pkg/admission/vke/admission.go

 @@ -0,0 +1,349 @@

@@ -4353,7 +4353,7 @@ index 0000000..15cbb85

 +	// If it is a Connect or Delete operation, allow it. We restrict access to connect to any pods in the vke-system

 +	// namespace. Also, DenyEscalatingExec admission controller denies access to connect to any privileged pod in

 +	// general. So it is OK to allow this.

-+	if a.GetOperation() == admission.Connect && a.GetOperation() == admission.Delete {

++	if a.GetOperation() == admission.Connect || a.GetOperation() == admission.Delete {

 +		return nil

 +	}

 +

@@ -1,7 +1,7 @@

-From e4ee3045ca2827e20374b9f1da439eb400d3366c Mon Sep 17 00:00:00 2001

+From ba75f0a3934a48bfc8be1908c7eefdff3e9b9eaa Mon Sep 17 00:00:00 2001

 From: Bo Gan <ganb@vmware.com>

-Date: Fri, 8 Jun 2018 16:15:19 -0700

-Subject: [PATCH] Cascade Kubernetes patches for v1.10.2 (df346df)

+Date: Sun, 10 Jun 2018 02:13:51 -0700

+Subject: [PATCH] Cascade Kubernetes patches for v1.10.2 (d06c534)

 ---

  api/swagger-spec/apps_v1alpha1.json                |  21 +

@@ -4104,7 +4104,7 @@ index 0000000..b0a6026

 \ No newline at end of file

 diff --git a/plugin/pkg/admission/vke/admission.go b/plugin/pkg/admission/vke/admission.go

 new file mode 100644

-index 0000000..c1566ae

+index 0000000..e33d4e9

 --- /dev/null

 +++ b/plugin/pkg/admission/vke/admission.go

 @@ -0,0 +1,349 @@

@@ -4378,7 +4378,7 @@ index 0000000..c1566ae

 +	// If it is a Connect or Delete operation, allow it. We restrict access to connect to any pods in the vke-system

 +	// namespace. Also, DenyEscalatingExec admission controller denies access to connect to any privileged pod in

 +	// general. So it is OK to allow this.

-+	if a.GetOperation() == admission.Connect && a.GetOperation() == admission.Delete {

++	if a.GetOperation() == admission.Connect || a.GetOperation() == admission.Delete {

 +		return nil

 +	}

 +

@@ -1,7 +1,7 @@

 Summary:        Kubernetes cluster management

 Name:           kubernetes

 Version:        1.10.2

-Release:        5%{?dist}

+Release:        6%{?dist}

 License:        ASL 2.0

 URL:            https://github.com/kubernetes/kubernetes/archive/v%{version}.tar.gz

 Source0:        kubernetes-%{version}.tar.gz

@@ -207,6 +207,8 @@ fi

 /opt/vmware/kubernetes/windows/amd64/kubectl.exe

 %changelog

+*   Sat Jun 09 2018 Bo Gan <ganb@vmware.com> 1.10.2-6

+-   Update vke patch (d06c534)

 *   Fri Jun 08 2018 Bo Gan <ganb@vmware.com> 1.10.2-5

 -   Update vke patch (df346df)

 *   Sat Jun 02 2018 Bo Gan <ganb@vmware.com> 1.10.2-4

@@ -1,7 +1,7 @@

 Summary:        Kubernetes cluster management

 Name:           kubernetes

 Version:        1.9.6

-Release:        4%{?dist}

+Release:        5%{?dist}

 License:        ASL 2.0

 URL:            https://github.com/kubernetes/kubernetes/archive/v%{version}.tar.gz

 Source0:        kubernetes-v%{version}.tar.gz

@@ -185,6 +185,8 @@ fi

 %{_bindir}/pause-amd64

 %changelog

+*   Sat Jun 09 2018 Bo Gan <ganb@vmware.com> 1.9.6-5

+-   Update vke patch (d06c534)

 *   Fri Jun 08 2018 Bo Gan <ganb@vmware.com> 1.9.6-4

 -   Update vke patch (df346df)

 *   Sat Jun 02 2018 Bo Gan <ganb@vmware.com> 1.9.6-3