podsecuritypolicy

package

v1.9.0-beta.0 Latest Latest Go to latest Published: Nov 17, 2017 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wking/kubernetes

Documentation ¶

Index ¶

Constants
func Register(plugins *admission.Plugins)
type PSPMatchFn
type PodSecurityPolicyPlugin
- func NewPlugin(strategyFactory psp.StrategyFactory, pspMatcher PSPMatchFn, ...) *PodSecurityPolicyPlugin

Constants ¶

View Source

const (
	PluginName = "PodSecurityPolicy"
)

Variables ¶

This section is empty.

Functions ¶

func Register ¶ added in v1.7.0

func Register(plugins *admission.Plugins)

Register registers a plugin

Types ¶

type PSPMatchFn ¶

type PSPMatchFn func(lister extensionslisters.PodSecurityPolicyLister, user user.Info, sa user.Info, authz authorizer.Authorizer, namespace string) ([]*extensions.PodSecurityPolicy, error)

PSPMatchFn allows plugging in how PSPs are matched against user information.

type PodSecurityPolicyPlugin ¶ added in v1.9.0

type PodSecurityPolicyPlugin struct {
	*admission.Handler
	// contains filtered or unexported fields
}

PodSecurityPolicyPlugin holds state for and implements the admission plugin.

func NewPlugin ¶

func NewPlugin(strategyFactory psp.StrategyFactory, pspMatcher PSPMatchFn, failOnNoPolicies bool) *PodSecurityPolicyPlugin

NewPlugin creates a new PSP admission plugin.

func (*PodSecurityPolicyPlugin) Admit ¶ added in v1.9.0

func (c *PodSecurityPolicyPlugin) Admit(a admission.Attributes) error

Admit determines if the pod should be admitted based on the requested security context and the available PSPs.

Find available PSPs.
Create the providers, includes setting pre-allocated values if necessary.
Try to generate and validate a PSP with providers. If we find one then admit the pod with the validated PSP. If we don't find any reject the pod and give all errors from the failed attempts.

func (*PodSecurityPolicyPlugin) SetAuthorizer ¶ added in v1.9.0

func (plugin *PodSecurityPolicyPlugin) SetAuthorizer(authz authorizer.Authorizer)

SetAuthorizer sets the authorizer.

func (*PodSecurityPolicyPlugin) SetInternalKubeInformerFactory ¶ added in v1.9.0

func (a *PodSecurityPolicyPlugin) SetInternalKubeInformerFactory(f informers.SharedInformerFactory)

func (*PodSecurityPolicyPlugin) Validate ¶ added in v1.9.0

func (c *PodSecurityPolicyPlugin) Validate(a admission.Attributes) error

func (*PodSecurityPolicyPlugin) ValidateInitialization ¶ added in v1.9.0

func (plugin *PodSecurityPolicyPlugin) ValidateInitialization() error

ValidateInitialization ensures an authorizer is set.

Source Files ¶

View all Source files

admission.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL