Documentation ¶
Index ¶
- Variables
- func IsAdmissionPluginActivated(name string, config io.Reader) bool
- func NewAdmissionChains(options configapi.MasterConfig, ...) (admission.Interface, error)
- func NewPluginInitializer(options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, ...) (admission.PluginInitializer, genericapiserver.PostStartHookFunc, error)
- func RegisterAllAdmissionPlugins(plugins *admission.Plugins)
- type InformerAccess
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // these are admission plugins that cannot be applied until after the kubeapiserver starts. // TODO if nothing comes to mind in 3.10, kill this SkipRunLevelZeroPlugins = sets.NewString() // these are admission plugins that cannot be applied until after the openshiftapiserver apiserver starts. SkipRunLevelOnePlugins = sets.NewString( "ProjectRequestLimit", "openshift.io/RestrictSubjectBindings", "openshift.io/ClusterResourceQuota", imagepolicy.PluginName, overrideapi.PluginName, "OriginPodNodeEnvironment", "RunOnceDuration", sccadmission.PluginName, "SCCExecRestrictions", ) )
View Source
var ( DefaultOnPlugins = sets.NewString( "OriginNamespaceLifecycle", "openshift.io/JenkinsBootstrapper", "openshift.io/BuildConfigSecretInjector", "BuildByStrategy", storageclassdefaultadmission.PluginName, imageadmission.PluginName, lifecycle.PluginName, "OriginPodNodeEnvironment", "PodNodeSelector", serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, "LimitRanger", "ServiceAccount", noderestriction.PluginName, securityadmission.PluginName, "StorageObjectInUseProtection", "SCCExecRestrictions", "PersistentVolumeLabel", "DefaultStorageClass", "OwnerReferencesPermissionEnforcement", "PodTolerationRestriction", "ResourceQuota", "openshift.io/ClusterResourceQuota", "openshift.io/IngressAdmission", ) // DefaultOffPlugins includes plugins which require explicit configuration to run // if you wire them incorrectly, they may prevent the server from starting DefaultOffPlugins = sets.NewString( "ProjectRequestLimit", "RunOnceDuration", "PodNodeConstraints", overrideapi.PluginName, imagepolicyapi.PluginName, "AlwaysPullImages", "ImagePolicyWebhook", "openshift.io/RestrictSubjectBindings", "LimitPodHardAntiAffinityTopology", "DefaultTolerationSeconds", "PodPreset", "EventRateLimit", "PodSecurityPolicy", "Priority", "Initializers", "ValidatingAdmissionWebhook", "MutatingAdmissionWebhook", "ExtendedResourceToleration", expandpvcadmission.PluginName, "AlwaysAdmit", "AlwaysDeny", "DenyEscalatingExec", "DenyExecOnPrivileged", "InitialResources", "NamespaceAutoProvision", "NamespaceExists", "SecurityContextDeny", ) )
View Source
var OriginAdmissionPlugins = admission.NewPlugins()
TODO register this per apiserver or at least per process
Functions ¶
func NewAdmissionChains ¶
func NewAdmissionChains( options configapi.MasterConfig, admissionInitializer admission.PluginInitializer, admissionDecorator admission.Decorator, ) (admission.Interface, error)
func NewPluginInitializer ¶
func NewPluginInitializer( options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, informers InformerAccess, authorizer authorizer.Authorizer, projectCache *projectcache.ProjectCache, clusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController, ) (admission.PluginInitializer, genericapiserver.PostStartHookFunc, error)
func RegisterAllAdmissionPlugins ¶
RegisterAllAdmissionPlugins registers all admission plugins
Types ¶
type InformerAccess ¶
type InformerAccess interface { GetInternalKubeInformers() kinternalinformers.SharedInformerFactory GetExternalKubeInformers() kexternalinformers.SharedInformerFactory GetImageInformers() imageinformer.SharedInformerFactory GetQuotaInformers() quotainformer.SharedInformerFactory GetSecurityInformers() securityinformer.SharedInformerFactory GetUserInformers() userinformer.SharedInformerFactory }
Click to show internal directories.
Click to hide internal directories.