k3s/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/plugins.go

/*
Copyright 2014 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package options

// This file exists to force the desired plugin implementations to be linked.
// This should probably be part of some configuration fed into the build for a
// given binary target.
import (
	// Admission policies
	"k8s.io/kubernetes/plugin/pkg/admission/admit"
	"k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages"
	"k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"
	"k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds"
	"k8s.io/kubernetes/plugin/pkg/admission/deny"
	"k8s.io/kubernetes/plugin/pkg/admission/eventratelimit"
	"k8s.io/kubernetes/plugin/pkg/admission/exec"
	"k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration"
	"k8s.io/kubernetes/plugin/pkg/admission/gc"
	"k8s.io/kubernetes/plugin/pkg/admission/imagepolicy"
	"k8s.io/kubernetes/plugin/pkg/admission/limitranger"
	"k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision"
	"k8s.io/kubernetes/plugin/pkg/admission/namespace/exists"
	"k8s.io/kubernetes/plugin/pkg/admission/noderestriction"
	"k8s.io/kubernetes/plugin/pkg/admission/nodetaint"
	"k8s.io/kubernetes/plugin/pkg/admission/podnodeselector"
	"k8s.io/kubernetes/plugin/pkg/admission/podpreset"
	"k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction"
	podpriority "k8s.io/kubernetes/plugin/pkg/admission/priority"
	"k8s.io/kubernetes/plugin/pkg/admission/resourcequota"
	"k8s.io/kubernetes/plugin/pkg/admission/security/podsecuritypolicy"
	"k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny"
	"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
	"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label"
	"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize"
	"k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault"
	"k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection"

	"k8s.io/apimachinery/pkg/util/sets"
	"k8s.io/apiserver/pkg/admission"
	"k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle"
	mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"
	validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"
	utilfeature "k8s.io/apiserver/pkg/util/feature"
	"k8s.io/kubernetes/pkg/features"
)

// AllOrderedPlugins is the list of all the plugins in order.
var AllOrderedPlugins = []string{
	admit.PluginName,                        // AlwaysAdmit
	autoprovision.PluginName,                // NamespaceAutoProvision
	lifecycle.PluginName,                    // NamespaceLifecycle
	exists.PluginName,                       // NamespaceExists
	scdeny.PluginName,                       // SecurityContextDeny
	antiaffinity.PluginName,                 // LimitPodHardAntiAffinityTopology
	podpreset.PluginName,                    // PodPreset
	limitranger.PluginName,                  // LimitRanger
	serviceaccount.PluginName,               // ServiceAccount
	noderestriction.PluginName,              // NodeRestriction
	nodetaint.PluginName,                    // TaintNodesByCondition
	alwayspullimages.PluginName,             // AlwaysPullImages
	imagepolicy.PluginName,                  // ImagePolicyWebhook
	podsecuritypolicy.PluginName,            // PodSecurityPolicy
	podnodeselector.PluginName,              // PodNodeSelector
	podpriority.PluginName,                  // Priority
	defaulttolerationseconds.PluginName,     // DefaultTolerationSeconds
	podtolerationrestriction.PluginName,     // PodTolerationRestriction
	exec.DenyEscalatingExec,                 // DenyEscalatingExec
	exec.DenyExecOnPrivileged,               // DenyExecOnPrivileged
	eventratelimit.PluginName,               // EventRateLimit
	extendedresourcetoleration.PluginName,   // ExtendedResourceToleration
	label.PluginName,                        // PersistentVolumeLabel
	setdefault.PluginName,                   // DefaultStorageClass
	storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection
	gc.PluginName,                           // OwnerReferencesPermissionEnforcement
	resize.PluginName,                       // PersistentVolumeClaimResize
	mutatingwebhook.PluginName,              // MutatingAdmissionWebhook
	validatingwebhook.PluginName,            // ValidatingAdmissionWebhook
	resourcequota.PluginName,                // ResourceQuota
	deny.PluginName,                         // AlwaysDeny
}

// RegisterAllAdmissionPlugins registers all admission plugins and
// sets the recommended plugins order.
func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {
	admit.Register(plugins) // DEPRECATED as no real meaning
	alwayspullimages.Register(plugins)
	antiaffinity.Register(plugins)
	defaulttolerationseconds.Register(plugins)
	deny.Register(plugins) // DEPRECATED as no real meaning
	eventratelimit.Register(plugins)
	exec.Register(plugins)
	extendedresourcetoleration.Register(plugins)
	gc.Register(plugins)
	imagepolicy.Register(plugins)
	limitranger.Register(plugins)
	autoprovision.Register(plugins)
	exists.Register(plugins)
	noderestriction.Register(plugins)
	nodetaint.Register(plugins)
	label.Register(plugins) // DEPRECATED, future PVs should not rely on labels for zone topology
	podnodeselector.Register(plugins)
	podpreset.Register(plugins)
	podtolerationrestriction.Register(plugins)
	resourcequota.Register(plugins)
	podsecuritypolicy.Register(plugins)
	podpriority.Register(plugins)
	scdeny.Register(plugins)
	serviceaccount.Register(plugins)
	setdefault.Register(plugins)
	resize.Register(plugins)
	storageobjectinuseprotection.Register(plugins)
}

// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func DefaultOffAdmissionPlugins() sets.String {
	defaultOnPlugins := sets.NewString(
		lifecycle.PluginName,                    //NamespaceLifecycle
		limitranger.PluginName,                  //LimitRanger
		serviceaccount.PluginName,               //ServiceAccount
		setdefault.PluginName,                   //DefaultStorageClass
		resize.PluginName,                       //PersistentVolumeClaimResize
		defaulttolerationseconds.PluginName,     //DefaultTolerationSeconds
		mutatingwebhook.PluginName,              //MutatingAdmissionWebhook
		validatingwebhook.PluginName,            //ValidatingAdmissionWebhook
		resourcequota.PluginName,                //ResourceQuota
		storageobjectinuseprotection.PluginName, //StorageObjectInUseProtection
	)

	if utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) {
		defaultOnPlugins.Insert(podpriority.PluginName) //PodPriority
	}

	if utilfeature.DefaultFeatureGate.Enabled(features.TaintNodesByCondition) {
		defaultOnPlugins.Insert(nodetaint.PluginName) //TaintNodesByCondition
	}

	return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)
}
Update vendor 2019-01-12 04:58:27 +00:00			`/*`
			`Copyright 2014 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package options`

			`// This file exists to force the desired plugin implementations to be linked.`
			`// This should probably be part of some configuration fed into the build for a`
			`// given binary target.`
			`import (`
			`// Admission policies`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/admit"`
			`"k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages"`
			`"k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"`
Update vendor 2019-01-12 04:58:27 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/deny"`
			`"k8s.io/kubernetes/plugin/pkg/admission/eventratelimit"`
			`"k8s.io/kubernetes/plugin/pkg/admission/exec"`
			`"k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration"`
			`"k8s.io/kubernetes/plugin/pkg/admission/gc"`
			`"k8s.io/kubernetes/plugin/pkg/admission/imagepolicy"`
Update vendor 2019-01-12 04:58:27 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/limitranger"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision"`
			`"k8s.io/kubernetes/plugin/pkg/admission/namespace/exists"`
Update vendor 2019-04-07 17:07:55 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/noderestriction"`
Update vendor 2019-01-31 22:42:07 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/nodetaint"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/podnodeselector"`
			`"k8s.io/kubernetes/plugin/pkg/admission/podpreset"`
			`"k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction"`
Update vendor 2019-01-12 04:58:27 +00:00			`podpriority "k8s.io/kubernetes/plugin/pkg/admission/priority"`
			`"k8s.io/kubernetes/plugin/pkg/admission/resourcequota"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/security/podsecuritypolicy"`
			`"k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny"`
Update vendor 2019-01-12 04:58:27 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label"`
Update vendor 2019-01-12 04:58:27 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize"`
			`"k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault"`
Update vendor 2019-08-30 18:33:25 +00:00			`"k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection"`
Update vendor 2019-01-12 04:58:27 +00:00
			`"k8s.io/apimachinery/pkg/util/sets"`
			`"k8s.io/apiserver/pkg/admission"`
			`"k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle"`
			`mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"`
			`validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"`
			`utilfeature "k8s.io/apiserver/pkg/util/feature"`
			`"k8s.io/kubernetes/pkg/features"`
			`)`

			`// AllOrderedPlugins is the list of all the plugins in order.`
			`var AllOrderedPlugins = []string{`
Update vendor 2019-08-30 18:33:25 +00:00			`admit.PluginName, // AlwaysAdmit`
			`autoprovision.PluginName, // NamespaceAutoProvision`
Update vendor 2019-04-07 17:07:55 +00:00			`lifecycle.PluginName, // NamespaceLifecycle`
Update vendor 2019-08-30 18:33:25 +00:00			`exists.PluginName, // NamespaceExists`
			`scdeny.PluginName, // SecurityContextDeny`
			`antiaffinity.PluginName, // LimitPodHardAntiAffinityTopology`
			`podpreset.PluginName, // PodPreset`
Update vendor 2019-04-07 17:07:55 +00:00			`limitranger.PluginName, // LimitRanger`
			`serviceaccount.PluginName, // ServiceAccount`
			`noderestriction.PluginName, // NodeRestriction`
			`nodetaint.PluginName, // TaintNodesByCondition`
Update vendor 2019-08-30 18:33:25 +00:00			`alwayspullimages.PluginName, // AlwaysPullImages`
			`imagepolicy.PluginName, // ImagePolicyWebhook`
			`podsecuritypolicy.PluginName, // PodSecurityPolicy`
			`podnodeselector.PluginName, // PodNodeSelector`
Update vendor 2019-04-07 17:07:55 +00:00			`podpriority.PluginName, // Priority`
			`defaulttolerationseconds.PluginName, // DefaultTolerationSeconds`
Update vendor 2019-08-30 18:33:25 +00:00			`podtolerationrestriction.PluginName, // PodTolerationRestriction`
			`exec.DenyEscalatingExec, // DenyEscalatingExec`
			`exec.DenyExecOnPrivileged, // DenyExecOnPrivileged`
			`eventratelimit.PluginName, // EventRateLimit`
			`extendedresourcetoleration.PluginName, // ExtendedResourceToleration`
			`label.PluginName, // PersistentVolumeLabel`
Update vendor 2019-04-07 17:07:55 +00:00			`setdefault.PluginName, // DefaultStorageClass`
Update vendor 2019-08-30 18:33:25 +00:00			`storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection`
			`gc.PluginName, // OwnerReferencesPermissionEnforcement`
Update vendor 2019-04-07 17:07:55 +00:00			`resize.PluginName, // PersistentVolumeClaimResize`
			`mutatingwebhook.PluginName, // MutatingAdmissionWebhook`
			`validatingwebhook.PluginName, // ValidatingAdmissionWebhook`
			`resourcequota.PluginName, // ResourceQuota`
Update vendor 2019-08-30 18:33:25 +00:00			`deny.PluginName, // AlwaysDeny`
Update vendor 2019-01-12 04:58:27 +00:00			`}`

			`// RegisterAllAdmissionPlugins registers all admission plugins and`
			`// sets the recommended plugins order.`
			`func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {`
Update vendor 2019-08-30 18:33:25 +00:00			`admit.Register(plugins) // DEPRECATED as no real meaning`
			`alwayspullimages.Register(plugins)`
			`antiaffinity.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`defaulttolerationseconds.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`deny.Register(plugins) // DEPRECATED as no real meaning`
			`eventratelimit.Register(plugins)`
			`exec.Register(plugins)`
			`extendedresourcetoleration.Register(plugins)`
			`gc.Register(plugins)`
			`imagepolicy.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`limitranger.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`autoprovision.Register(plugins)`
			`exists.Register(plugins)`
Update vendor 2019-04-07 17:07:55 +00:00			`noderestriction.Register(plugins)`
Update vendor 2019-01-31 22:42:07 +00:00			`nodetaint.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`label.Register(plugins) // DEPRECATED, future PVs should not rely on labels for zone topology`
			`podnodeselector.Register(plugins)`
			`podpreset.Register(plugins)`
			`podtolerationrestriction.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`resourcequota.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`podsecuritypolicy.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`podpriority.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`scdeny.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`serviceaccount.Register(plugins)`
			`setdefault.Register(plugins)`
			`resize.Register(plugins)`
Update vendor 2019-08-30 18:33:25 +00:00			`storageobjectinuseprotection.Register(plugins)`
Update vendor 2019-01-12 04:58:27 +00:00			`}`

			`// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.`
			`func DefaultOffAdmissionPlugins() sets.String {`
			`defaultOnPlugins := sets.NewString(`
Update vendor 2019-08-30 18:33:25 +00:00			`lifecycle.PluginName, //NamespaceLifecycle`
			`limitranger.PluginName, //LimitRanger`
			`serviceaccount.PluginName, //ServiceAccount`
			`setdefault.PluginName, //DefaultStorageClass`
			`resize.PluginName, //PersistentVolumeClaimResize`
			`defaulttolerationseconds.PluginName, //DefaultTolerationSeconds`
			`mutatingwebhook.PluginName, //MutatingAdmissionWebhook`
			`validatingwebhook.PluginName, //ValidatingAdmissionWebhook`
			`resourcequota.PluginName, //ResourceQuota`
			`storageobjectinuseprotection.PluginName, //StorageObjectInUseProtection`
Update vendor 2019-01-12 04:58:27 +00:00			`)`

			`if utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) {`
			`defaultOnPlugins.Insert(podpriority.PluginName) //PodPriority`
			`}`

Update vendor 2019-01-31 22:42:07 +00:00			`if utilfeature.DefaultFeatureGate.Enabled(features.TaintNodesByCondition) {`
			`defaultOnPlugins.Insert(nodetaint.PluginName) //TaintNodesByCondition`
			`}`

Update vendor 2019-01-12 04:58:27 +00:00			`return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)`
			`}`