Documentation ¶
Index ¶
- Variables
- func IsAdmissionPluginActivated(name string, config io.Reader) bool
- func NewAdmissionChains(options configapi.MasterConfig, kubeClientSet kclientsetinternal.Interface, ...) (admission.Interface, admission.Interface, error)
- func NewPluginInitializer(options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, ...) (admission.PluginInitializer, genericapiserver.PostStartHookFunc, error)
- func RegisterAllAdmissionPlugins(plugins *admission.Plugins)
- type InformerAccess
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // KubeAdmissionPlugins gives the in-order default admission chain for kube resources. KubeAdmissionPlugins = []string{ lifecycle.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "PodPreset", "LimitRanger", "ServiceAccount", noderestriction.PluginName, "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, "DefaultTolerationSeconds", "Initializers", "GenericAdmissionWebhook", "PodTolerationRestriction", "ResourceQuota", "openshift.io/ClusterResourceQuota", } // CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources. // When possible, this list is used. The set of openshift+kube chains must exactly match this set. In addition, // the order specified in the openshift and kube chains must match the order here. CombinedAdmissionControlPlugins = []string{ lifecycle.PluginName, "ProjectRequestLimit", "OriginNamespaceLifecycle", "openshift.io/RestrictSubjectBindings", "PodNodeConstraints", "openshift.io/JenkinsBootstrapper", "openshift.io/BuildConfigSecretInjector", "BuildByStrategy", imageadmission.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "PodPreset", "LimitRanger", "ServiceAccount", noderestriction.PluginName, "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, "DefaultTolerationSeconds", "Initializers", "GenericAdmissionWebhook", "PodTolerationRestriction", "ResourceQuota", "openshift.io/ClusterResourceQuota", } )
View Source
var ( DefaultOnPlugins = sets.NewString( "OriginNamespaceLifecycle", "openshift.io/JenkinsBootstrapper", "openshift.io/BuildConfigSecretInjector", "BuildByStrategy", storageclassdefaultadmission.PluginName, imageadmission.PluginName, lifecycle.PluginName, "OriginPodNodeEnvironment", "PodNodeSelector", serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, "LimitRanger", "ServiceAccount", noderestriction.PluginName, "SecurityContextConstraint", "SCCExecRestrictions", "PersistentVolumeLabel", "DefaultStorageClass", "OwnerReferencesPermissionEnforcement", "ResourceQuota", "openshift.io/ClusterResourceQuota", "openshift.io/IngressAdmission", ) // DefaultOffPlugins includes plugins which require explicit configuration to run // if you wire them incorrectly, they may prevent the server from starting DefaultOffPlugins = sets.NewString( "ProjectRequestLimit", "RunOnceDuration", "PodNodeConstraints", overrideapi.PluginName, imagepolicyapi.PluginName, "AlwaysPullImages", "ImagePolicyWebhook", "openshift.io/RestrictSubjectBindings", "LimitPodHardAntiAffinityTopology", "DefaultTolerationSeconds", "PodPreset", "Initializers", "GenericAdmissionWebhook", "PodTolerationRestriction", ) )
View Source
var OriginAdmissionPlugins = &admission.Plugins{}
TODO register this per apiserver or at least per process
Functions ¶
func NewAdmissionChains ¶
func NewAdmissionChains( options configapi.MasterConfig, kubeClientSet kclientsetinternal.Interface, admissionInitializer admission.PluginInitializer, ) (admission.Interface, admission.Interface, error)
func NewPluginInitializer ¶
func NewPluginInitializer( options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, informers InformerAccess, authorizer authorizer.Authorizer, projectCache *projectcache.ProjectCache, clusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController, ) (admission.PluginInitializer, genericapiserver.PostStartHookFunc, error)
func RegisterAllAdmissionPlugins ¶
RegisterAllAdmissionPlugins registers all admission plugins
Types ¶
type InformerAccess ¶
type InformerAccess interface { GetInternalKubeInformers() kinternalinformers.SharedInformerFactory GetExternalKubeInformers() kexternalinformers.SharedInformerFactory GetClientGoKubeInformers() kubeclientgoinformers.SharedInformerFactory GetImageInformers() imageinformer.SharedInformerFactory GetQuotaInformers() quotainformer.SharedInformerFactory GetSecurityInformers() securityinformer.SharedInformerFactory GetUserInformers() userinformer.SharedInformerFactory }
Click to show internal directories.
Click to hide internal directories.