podtolerationrestriction

package
v1.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 18, 2023 License: Apache-2.0 Imports: 24 Imported by: 31

Documentation

Overview

Package podtolerationrestriction is a plugin that first verifies any conflict between a pod's tolerations and its namespace's tolerations, and rejects the pod if there's a conflict. If there's no conflict, the pod's tolerations are merged with its namespace's toleration. Resulting pod's tolerations are verified against its namespace's whitelist of tolerations. If the verification is successful, the pod is admitted otherwise rejected. If a namespace does not have associated default or whitelist of tolerations, then cluster level default or whitelist of tolerations are used instead if specified. Tolerations to a namespace are assigned via scheduler.alpha.kubernetes.io/defaultTolerations and scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations keys.

Index

Constants

View Source
const (
	NSDefaultTolerations string = "scheduler.alpha.kubernetes.io/defaultTolerations"
	NSWLTolerations      string = "scheduler.alpha.kubernetes.io/tolerationsWhitelist"
)

The annotation keys for default and whitelist of tolerations

View Source
const PluginName = "PodTolerationRestriction"

PluginName is a string with the name of the plugin

Variables

This section is empty.

Functions

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type Plugin added in v1.15.0

type Plugin struct {
	*admission.Handler
	// contains filtered or unexported fields
}

Plugin contains the client used by the admission controller

func NewPodTolerationsPlugin

func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin

NewPodTolerationsPlugin initializes a Plugin

func (*Plugin) Admit added in v1.15.0

Admit checks the admission policy and triggers corresponding actions

func (*Plugin) SetExternalKubeClientSet added in v1.15.0

func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)

SetExternalKubeClientSet sets th client

func (*Plugin) SetExternalKubeInformerFactory added in v1.15.0

func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)

SetExternalKubeInformerFactory initializes the Informer Factory

func (*Plugin) Validate added in v1.15.0

Validate we can obtain a whitelist of tolerations

func (*Plugin) ValidateInitialization added in v1.15.0

func (p *Plugin) ValidateInitialization() error

ValidateInitialization checks the object is properly initialized

Directories

Path Synopsis
apis
podtolerationrestriction/install
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
podtolerationrestriction/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL