package podtolerationrestriction
import "k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction"
Package podtolerationrestriction is a plugin that first verifies any conflict between a pod's tolerations and its namespace's tolerations, and rejects the pod if there's a conflict. If there's no conflict, the pod's tolerations are merged with its namespace's toleration. Resulting pod's tolerations are verified against its namespace's whitelist of tolerations. If the verification is successful, the pod is admitted otherwise rejected. If a namespace does not have associated default or whitelist of tolerations, then cluster level default or whitelist of tolerations are used instead if specified. Tolerations to a namespace are assigned via scheduler.alpha.kubernetes.io/defaultTolerations and scheduler.alpha.kubernetes.io/tolerationsWhitelist annotations keys.
Index ¶
- Constants
- func Register(plugins *admission.Plugins)
- type Plugin
- func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin
- func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
- func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)
- func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)
- func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
- func (p *Plugin) ValidateInitialization() error
Constants ¶
const ( NSDefaultTolerations string = "scheduler.alpha.kubernetes.io/defaultTolerations" NSWLTolerations string = "scheduler.alpha.kubernetes.io/tolerationsWhitelist" )
The annotation keys for default and whitelist of tolerations
const PluginName = "PodTolerationRestriction"
PluginName is a string with the name of the plugin
Functions ¶
func Register ¶
Register registers a plugin
Types ¶
type Plugin ¶
Plugin contains the client used by the admission controller
func NewPodTolerationsPlugin ¶
func NewPodTolerationsPlugin(pluginConfig *pluginapi.Configuration) *Plugin
NewPodTolerationsPlugin initializes a Plugin
func (*Plugin) Admit ¶
func (p *Plugin) Admit(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Admit checks the admission policy and triggers corresponding actions
func (*Plugin) SetExternalKubeClientSet ¶
func (p *Plugin) SetExternalKubeClientSet(client kubernetes.Interface)
SetExternalKubeClientSet sets th client
func (*Plugin) SetExternalKubeInformerFactory ¶
func (p *Plugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)
SetExternalKubeInformerFactory initializes the Informer Factory
func (*Plugin) Validate ¶
func (p *Plugin) Validate(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces) error
Validate we can obtain a whitelist of tolerations
func (*Plugin) ValidateInitialization ¶
ValidateInitialization checks the object is properly initialized
Source Files ¶
admission.go config.go doc.go
Directories ¶
| Path | Synopsis |
|---|---|
| plugin/pkg/admission/podtolerationrestriction/apis | |
| plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction | |
| plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/install | Package install installs the experimental API group, making it available as an option to all of the API encoding/decoding machinery. |
| plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/v1alpha1 | Package v1alpha1 is the v1alpha1 version of the API. |
| plugin/pkg/admission/podtolerationrestriction/apis/podtolerationrestriction/validation |
- Version
- v1.33.0 (latest)
- Published
- Apr 23, 2025
- Platform
- linux/amd64
- Imports
- 23 packages
- Last checked
- 5 hours ago –
Tools for package owners.