package alwayspullimages

kubernetes – k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages Index | Files

package alwayspullimages

import "k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages"

Package alwayspullimages contains an admission controller that modifies every new Pod to force the image pull policy to Always. This is useful in a multitenant cluster so that users can be assured that their private images can only be used by those who have the credentials to pull them. Without this admission controller, once an image has been pulled to a node, any pod from any user can use it simply by knowing the image's name (assuming the Pod is scheduled onto the right node), without any authorization check against the image. With this admission controller enabled, images are always pulled prior to starting containers, which means valid credentials are required.

Index ¶

func NewAlwaysPullImages() admission.Interface
func Register(plugins *admission.Plugins)

Functions ¶

func NewAlwaysPullImages ¶

func NewAlwaysPullImages() admission.Interface

NewAlwaysPullImages creates a new always pull images admission control handler

func Register ¶

func Register(plugins *admission.Plugins)

Source Files ¶

admission.go

Version: v1.7.8
Published: Oct 5, 2017
Platform: js/wasm
Imports: 4 packages
Last checked: 1 minute ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples