Version: v1.14.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 21, 2019 License: Apache-2.0 Imports: 23 Imported by: 0



serviceaccount enforces all pods having an associated serviceaccount, and all containers mounting the API token for that serviceaccount at a known location



View Source
const (
	// DefaultServiceAccountName is the name of the default service account to set on pods which do not specify a service account
	DefaultServiceAccountName = "default"

	// EnforceMountableSecretsAnnotation is a default annotation that indicates that a service account should enforce mountable secrets.
	// The value must be true to have this annotation take effect
	EnforceMountableSecretsAnnotation = ""

	ServiceAccountVolumeName = "kube-api-access"

	// DefaultAPITokenMountPath is the path that ServiceAccountToken secrets are automounted to.
	// The token file would then be accessible at /var/run/secrets/
	DefaultAPITokenMountPath = "/var/run/secrets/"

	// PluginName is the name of this admission plugin
	PluginName = "ServiceAccount"


This section is empty.


func NewServiceAccount

func NewServiceAccount() *serviceAccount

NewServiceAccount returns an admission.Interface implementation which limits admission of Pod CREATE requests based on the pod's ServiceAccount: 1. If the pod does not specify a ServiceAccount, it sets the pod's ServiceAccount to "default" 2. It ensures the ServiceAccount referenced by the pod exists 3. If LimitSecretReferences is true, it rejects the pod if the pod references Secret objects which the pod's ServiceAccount does not reference 4. If the pod does not contain any ImagePullSecrets, the ImagePullSecrets of the service account are added. 5. If MountServiceAccountToken is true, it adds a VolumeMount with the pod's ServiceAccount's api token secret to containers

func Register added in v1.7.0

func Register(plugins *admission.Plugins)

Register registers a plugin


This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL