Documentation

Index

Constants

const PluginName = "CertificateSubjectRestriction"

PluginName is a string with the name of the plugin


Variables

This section is empty.

Functions

func Register

func Register(plugins *admission.Plugins)

Register registers the plugin

Types

type Plugin

type Plugin struct {
	*admission.Handler
}

Plugin holds state for and implements the admission plugin.

func NewPlugin

func NewPlugin() *Plugin

NewPlugin constructs a new instance of the CertificateSubjectRestrictions admission interface.

func (*Plugin) Validate

func (p *Plugin) Validate(_ context.Context, a admission.Attributes, _ admission.ObjectInterfaces) error

Validate ensures that if the signerName on a CSR is set to `kubernetes.io/kube-apiserver-client`, that its organization (group) attribute is not set to `system:masters`.

func (*Plugin) ValidateInitialization

func (p *Plugin) ValidateInitialization() error

ValidateInitialization always returns nil.

Source Files