alwayspullimages

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 23, 2018 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package alwayspullimages contains an admission controller that modifies every new Pod to force the image pull policy to Always. This is useful in a multitenant cluster so that users can be assured that their private images can only be used by those who have the credentials to pull them. Without this admission controller, once an image has been pulled to a node, any pod from any user can use it simply by knowing the image's name (assuming the Pod is scheduled onto the right node), without any authorization check against the image. With this admission controller enabled, images are always pulled prior to starting containers, which means valid credentials are required.

Index

Constants

View Source
const PluginName = "AlwaysPullImages"

PluginName indicates name of admission plugin.

Variables

This section is empty.

Functions

func Register added in v1.7.0

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type AlwaysPullImages added in v1.9.0

type AlwaysPullImages struct {
	*admission.Handler
}

AlwaysPullImages is an implementation of admission.Interface. It looks at all new pods and overrides each container's image pull policy to Always.

func NewAlwaysPullImages

func NewAlwaysPullImages() *AlwaysPullImages

NewAlwaysPullImages creates a new always pull images admission control handler

func (*AlwaysPullImages) Admit added in v1.9.0

func (a *AlwaysPullImages) Admit(attributes admission.Attributes) (err error)

Admit makes an admission decision based on the request attributes

func (*AlwaysPullImages) Validate added in v1.9.0

func (*AlwaysPullImages) Validate(attributes admission.Attributes) (err error)

Validate makes sure that all containers are set to always pull images

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL