Documentation ¶
Index ¶
Constants ¶
View Source
const ( // DenyEscalatingExec indicates name of admission plugin. // Deprecated, will be removed in v1.18. // Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead. DenyEscalatingExec = "DenyEscalatingExec" // DenyExecOnPrivileged indicates name of admission plugin. // Deprecated, will be removed in v1.18. // Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead. DenyExecOnPrivileged = "DenyExecOnPrivileged" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type DenyExec ¶
DenyExec is an implementation of admission.Interface which says no to a pod/exec on a pod using host based configurations.
func NewDenyEscalatingExec ¶
func NewDenyEscalatingExec() *DenyExec
NewDenyEscalatingExec creates a new admission controller that denies an exec operation on a pod using host based configurations.
func NewDenyExecOnPrivileged ¶
func NewDenyExecOnPrivileged() *DenyExec
NewDenyExecOnPrivileged creates a new admission controller that is only checking the privileged option. This is for legacy support of the DenyExecOnPrivileged admission controller. Most of the time NewDenyEscalatingExec should be preferred.
func (*DenyExec) SetExternalKubeClientSet ¶
func (d *DenyExec) SetExternalKubeClientSet(client kubernetes.Interface)
SetExternalKubeClientSet implements the WantsInternalKubeClientSet interface.
func (*DenyExec) Validate ¶
func (d *DenyExec) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error)
Validate makes an admission decision based on the request attributes
Click to show internal directories.
Click to hide internal directories.