k3s/vendor/k8s.io/kubernetes/pkg/kubeapiserver/options/plugins.go

166 lines
8.0 KiB
Go
Raw Normal View History

2019-01-12 04:58:27 +00:00
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package options
// This file exists to force the desired plugin implementations to be linked.
// This should probably be part of some configuration fed into the build for a
// given binary target.
import (
// Admission policies
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/admit"
"k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages"
"k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"
2020-03-26 21:07:15 +00:00
certapproval "k8s.io/kubernetes/plugin/pkg/admission/certificates/approval"
certsigning "k8s.io/kubernetes/plugin/pkg/admission/certificates/signing"
certsubjectrestriction "k8s.io/kubernetes/plugin/pkg/admission/certificates/subjectrestriction"
"k8s.io/kubernetes/plugin/pkg/admission/defaultingressclass"
2019-01-12 04:58:27 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/deny"
"k8s.io/kubernetes/plugin/pkg/admission/eventratelimit"
"k8s.io/kubernetes/plugin/pkg/admission/exec"
"k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration"
"k8s.io/kubernetes/plugin/pkg/admission/gc"
"k8s.io/kubernetes/plugin/pkg/admission/imagepolicy"
2019-01-12 04:58:27 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/limitranger"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision"
"k8s.io/kubernetes/plugin/pkg/admission/namespace/exists"
2019-04-07 17:07:55 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/noderestriction"
2019-01-31 22:42:07 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/nodetaint"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/podnodeselector"
"k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction"
2019-01-12 04:58:27 +00:00
podpriority "k8s.io/kubernetes/plugin/pkg/admission/priority"
2019-09-27 21:51:53 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/runtimeclass"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/security/podsecuritypolicy"
"k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny"
2019-01-12 04:58:27 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label"
2019-01-12 04:58:27 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize"
"k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault"
2019-08-30 18:33:25 +00:00
"k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection"
2019-01-12 04:58:27 +00:00
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/admission"
"k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle"
"k8s.io/apiserver/pkg/admission/plugin/resourcequota"
2019-01-12 04:58:27 +00:00
mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"
validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"
)
// AllOrderedPlugins is the list of all the plugins in order.
var AllOrderedPlugins = []string{
2019-08-30 18:33:25 +00:00
admit.PluginName, // AlwaysAdmit
autoprovision.PluginName, // NamespaceAutoProvision
2019-04-07 17:07:55 +00:00
lifecycle.PluginName, // NamespaceLifecycle
2019-08-30 18:33:25 +00:00
exists.PluginName, // NamespaceExists
scdeny.PluginName, // SecurityContextDeny
antiaffinity.PluginName, // LimitPodHardAntiAffinityTopology
2019-04-07 17:07:55 +00:00
limitranger.PluginName, // LimitRanger
serviceaccount.PluginName, // ServiceAccount
noderestriction.PluginName, // NodeRestriction
nodetaint.PluginName, // TaintNodesByCondition
2019-08-30 18:33:25 +00:00
alwayspullimages.PluginName, // AlwaysPullImages
imagepolicy.PluginName, // ImagePolicyWebhook
podsecuritypolicy.PluginName, // PodSecurityPolicy
podnodeselector.PluginName, // PodNodeSelector
2019-04-07 17:07:55 +00:00
podpriority.PluginName, // Priority
defaulttolerationseconds.PluginName, // DefaultTolerationSeconds
2019-08-30 18:33:25 +00:00
podtolerationrestriction.PluginName, // PodTolerationRestriction
exec.DenyEscalatingExec, // DenyEscalatingExec
exec.DenyExecOnPrivileged, // DenyExecOnPrivileged
eventratelimit.PluginName, // EventRateLimit
extendedresourcetoleration.PluginName, // ExtendedResourceToleration
label.PluginName, // PersistentVolumeLabel
2019-04-07 17:07:55 +00:00
setdefault.PluginName, // DefaultStorageClass
2019-08-30 18:33:25 +00:00
storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection
gc.PluginName, // OwnerReferencesPermissionEnforcement
2019-04-07 17:07:55 +00:00
resize.PluginName, // PersistentVolumeClaimResize
2020-03-26 21:07:15 +00:00
runtimeclass.PluginName, // RuntimeClass
certapproval.PluginName, // CertificateApproval
certsigning.PluginName, // CertificateSigning
certsubjectrestriction.PluginName, // CertificateSubjectRestriction
defaultingressclass.PluginName, // DefaultIngressClass
// new admission plugins should generally be inserted above here
// webhook, resourcequota, and deny plugins must go at the end
mutatingwebhook.PluginName, // MutatingAdmissionWebhook
validatingwebhook.PluginName, // ValidatingAdmissionWebhook
resourcequota.PluginName, // ResourceQuota
deny.PluginName, // AlwaysDeny
2019-01-12 04:58:27 +00:00
}
// RegisterAllAdmissionPlugins registers all admission plugins and
// sets the recommended plugins order.
func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {
2019-08-30 18:33:25 +00:00
admit.Register(plugins) // DEPRECATED as no real meaning
alwayspullimages.Register(plugins)
antiaffinity.Register(plugins)
2019-01-12 04:58:27 +00:00
defaulttolerationseconds.Register(plugins)
2020-03-26 21:07:15 +00:00
defaultingressclass.Register(plugins)
2019-08-30 18:33:25 +00:00
deny.Register(plugins) // DEPRECATED as no real meaning
eventratelimit.Register(plugins)
exec.Register(plugins)
extendedresourcetoleration.Register(plugins)
gc.Register(plugins)
imagepolicy.Register(plugins)
2019-01-12 04:58:27 +00:00
limitranger.Register(plugins)
2019-08-30 18:33:25 +00:00
autoprovision.Register(plugins)
exists.Register(plugins)
2019-04-07 17:07:55 +00:00
noderestriction.Register(plugins)
2019-01-31 22:42:07 +00:00
nodetaint.Register(plugins)
2019-08-30 18:33:25 +00:00
label.Register(plugins) // DEPRECATED, future PVs should not rely on labels for zone topology
podnodeselector.Register(plugins)
podtolerationrestriction.Register(plugins)
2019-09-27 21:51:53 +00:00
runtimeclass.Register(plugins)
2019-01-12 04:58:27 +00:00
resourcequota.Register(plugins)
2019-08-30 18:33:25 +00:00
podsecuritypolicy.Register(plugins)
2019-01-12 04:58:27 +00:00
podpriority.Register(plugins)
2019-08-30 18:33:25 +00:00
scdeny.Register(plugins)
2019-01-12 04:58:27 +00:00
serviceaccount.Register(plugins)
setdefault.Register(plugins)
resize.Register(plugins)
2019-08-30 18:33:25 +00:00
storageobjectinuseprotection.Register(plugins)
2020-03-26 21:07:15 +00:00
certapproval.Register(plugins)
certsigning.Register(plugins)
certsubjectrestriction.Register(plugins)
2019-01-12 04:58:27 +00:00
}
// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func DefaultOffAdmissionPlugins() sets.String {
defaultOnPlugins := sets.NewString(
2019-08-30 18:33:25 +00:00
lifecycle.PluginName, //NamespaceLifecycle
limitranger.PluginName, //LimitRanger
serviceaccount.PluginName, //ServiceAccount
setdefault.PluginName, //DefaultStorageClass
resize.PluginName, //PersistentVolumeClaimResize
defaulttolerationseconds.PluginName, //DefaultTolerationSeconds
mutatingwebhook.PluginName, //MutatingAdmissionWebhook
validatingwebhook.PluginName, //ValidatingAdmissionWebhook
resourcequota.PluginName, //ResourceQuota
storageobjectinuseprotection.PluginName, //StorageObjectInUseProtection
2019-09-27 21:51:53 +00:00
podpriority.PluginName, //PodPriority
2019-12-12 01:27:03 +00:00
nodetaint.PluginName, //TaintNodesByCondition
runtimeclass.PluginName, //RuntimeClass
2020-03-26 21:07:15 +00:00
certapproval.PluginName, // CertificateApproval
certsigning.PluginName, // CertificateSigning
certsubjectrestriction.PluginName, // CertificateSubjectRestriction
defaultingressclass.PluginName, //DefaultIngressClass
2019-01-12 04:58:27 +00:00
)
return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)
}