Documentation ¶
Overview ¶
Package podtolerationrestriction is a plugin that first verifies any conflict between a pod's tolerations and its namespace's tolerations, and rejects the pod if there's a conflict. If there's no conflict, the pod's tolerations are merged with its namespace's toleration. Resulting pod's tolerations are verified against its namespace's whitelist of tolerations. If the verification is successful, the pod is admitted otherwise rejected. If a namespace does not have associated default or whitelist of tolerations, then cluster level default or whitelist of tolerations are used instead if specified. Tolerations to a namespace are assigned via scheduler.alpha.kubernetes.io/defaultTolerations and scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations keys.
Index ¶
- Constants
- func Register(plugins *admission.Plugins)
- type Plugin
- func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
- func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)
- func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)
- func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
- func (p *Plugin) ValidateInitialization() error
Constants ¶
const ( NSDefaultTolerations string = "scheduler.alpha.kubernetes.io/defaultTolerations" NSWLTolerations string = "scheduler.alpha.kubernetes.io/tolerationsWhitelist" )
The annotation keys for default and whitelist of tolerations
const PluginName = "PodTolerationRestriction"
PluginName is a string with the name of the plugin
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Plugin ¶
Plugin contains the client used by the admission controller
func NewPodTolerationsPlugin ¶
func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin
NewPodTolerationsPlugin initializes a Plugin
func (*Plugin) Admit ¶
func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Admit checks the admission policy and triggers corresponding actions
func (*Plugin) SetExternalKubeClientSet ¶
func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)
SetExternalKubeClientSet sets th client
func (*Plugin) SetExternalKubeInformerFactory ¶
func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)
SetExternalKubeInformerFactory initializes the Informer Factory
func (*Plugin) Validate ¶
func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Validate we can obtain a whitelist of tolerations
func (*Plugin) ValidateInitialization ¶
ValidateInitialization checks the object is properly initialized
Directories ¶
Path | Synopsis |
---|---|
apis
|
|
podtolerationrestriction/install
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
|
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
podtolerationrestriction/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
|
Package v1alpha1 is the v1alpha1 version of the API. |