Documentation

Index

Constants

const (
	// DenyEscalatingExec indicates name of admission plugin.
	// Deprecated, will be removed in v1.18.
	// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
	DenyEscalatingExec = "DenyEscalatingExec"
	// DenyExecOnPrivileged indicates name of admission plugin.
	// Deprecated, will be removed in v1.18.
	// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
	DenyExecOnPrivileged = "DenyExecOnPrivileged"
)

Variables

This section is empty.

Functions

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type DenyExec

type DenyExec struct {
	*admission.Handler
	// contains filtered or unexported fields
}

DenyExec is an implementation of admission.Interface which says no to a pod/exec on a pod using host based configurations.

func NewDenyEscalatingExec

func NewDenyEscalatingExec() *DenyExec

NewDenyEscalatingExec creates a new admission controller that denies an exec operation on a pod using host based configurations.

func NewDenyExecOnPrivileged

func NewDenyExecOnPrivileged() *DenyExec

NewDenyExecOnPrivileged creates a new admission controller that is only checking the privileged option. This is for legacy support of the DenyExecOnPrivileged admission controller. Most of the time NewDenyEscalatingExec should be preferred.

func (*DenyExec) SetExternalKubeClientSet

func (d *DenyExec) SetExternalKubeClientSet(client kubernetes.Interface)

SetExternalKubeClientSet implements the WantsInternalKubeClientSet interface.

func (*DenyExec) Validate

func (d *DenyExec) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) (err error)

Validate makes an admission decision based on the request attributes

func (*DenyExec) ValidateInitialization

func (d *DenyExec) ValidateInitialization() error

ValidateInitialization implements the InitializationValidator interface.

Source Files