Documentation

Index

Constants

View Source
const (
	PluginName = "PodSecurityPolicy"
)

Variables

This section is empty.

Functions

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type PodSecurityPolicyPlugin

type PodSecurityPolicyPlugin struct {
	*admission.Handler
	// contains filtered or unexported fields
}

PodSecurityPolicyPlugin holds state for and implements the admission plugin.

func (*PodSecurityPolicyPlugin) Admit

Admit determines if the pod should be admitted based on the requested security context and the available PSPs.

1. Find available PSPs. 2. Create the providers, includes setting pre-allocated values if necessary. 3. Try to generate and validate a PSP with providers. If we find one then admit the pod

with the validated PSP.  If we don't find any reject the pod and give all errors from the
failed attempts.

func (*PodSecurityPolicyPlugin) SetAuthorizer

func (plugin *PodSecurityPolicyPlugin) SetAuthorizer(authz authorizer.Authorizer)

SetAuthorizer sets the authorizer.

func (*PodSecurityPolicyPlugin) SetExternalKubeInformerFactory

func (a *PodSecurityPolicyPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)

func (*PodSecurityPolicyPlugin) Validate

func (*PodSecurityPolicyPlugin) ValidateInitialization

func (plugin *PodSecurityPolicyPlugin) ValidateInitialization() error

ValidateInitialization ensures an authorizer is set.

Source Files