podtolerationrestriction

package
Version: v0.0.0-...-d88c8b5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

Package podtolerationrestriction is a plugin that first verifies any conflict between a pod's tolerations and its namespace's tolerations, and rejects the pod if there's a conflict. If there's no conflict, the pod's tolerations are merged with its namespace's toleration. Resulting pod's tolerations are verified against its namespace's whitelist of tolerations. If the verification is successful, the pod is admitted otherwise rejected. If a namespace does not have associated default or whitelist of tolerations, then cluster level default or whitelist of tolerations are used instead if specified. Tolerations to a namespace are assigned via scheduler.alpha.kubernetes.io/defaultTolerations and scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations keys.

Index

Constants

View Source
const (
	NSDefaultTolerations string = "scheduler.alpha.kubernetes.io/defaultTolerations"
	NSWLTolerations      string = "scheduler.alpha.kubernetes.io/tolerationsWhitelist"
)

The annotation keys for default and whitelist of tolerations

View Source
const PluginName = "PodTolerationRestriction"

PluginName is a string with the name of the plugin

Variables

This section is empty.

Functions

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type Plugin

type Plugin struct {
	*admission.Handler
	// contains filtered or unexported fields
}

Plugin contains the client used by the admission controller

func NewPodTolerationsPlugin

func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin

NewPodTolerationsPlugin initializes a Plugin

func (*Plugin) Admit

Admit checks the admission policy and triggers corresponding actions

func (*Plugin) SetExternalKubeClientSet

func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)

SetExternalKubeClientSet sets th client

func (*Plugin) SetExternalKubeInformerFactory

func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)

SetExternalKubeInformerFactory initializes the Informer Factory

func (*Plugin) Validate

Validate we can obtain a whitelist of tolerations

func (*Plugin) ValidateInitialization

func (p *Plugin) ValidateInitialization() error

ValidateInitialization checks the object is properly initialized

Directories

Path Synopsis
apis
podtolerationrestriction/install
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery.
podtolerationrestriction/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to