github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #43698 from sttts/sttts-non-global-admission-plugin-registry

Browse Source 
Automatic merge from submit-queue

Non global admission plugin registry

For testing the global state is a problem. This PR turns the actual registry into a struct that must be instantiated. For the beginning, we do this in `pkg/kubeapiserver/admission`. In some follow-up (where we hunt down all globals some day), we will move this into the genericapiserver.
This commit is contained in:
Kubernetes Submit Queue
2017-04-12 04:12:11 -07:00
committed by GitHub
parent 9db7953c24 63f547e1b1
commit 949440b43a
41 changed files with 124 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
plugin/pkg/admission/admit/BUILD
View File

@@ -12,7 +12,10 @@ go_library(
name = "go_default_library",
srcs = ["admission.go"],
tags = ["automanaged"],
deps = ["//vendor:k8s.io/apiserver/pkg/admission"],
deps = [
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apiserver/pkg/admission",
],
)
go_test(

3
plugin/pkg/admission/admit/admission.go
View File

@@ -20,10 +20,11 @@ import (
"io"
"k8s.io/apiserver/pkg/admission"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("AlwaysAdmit", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("AlwaysAdmit", func(config io.Reader) (admission.Interface, error) {
return NewAlwaysAdmit(), nil
})
}

1
plugin/pkg/admission/alwayspullimages/BUILD
View File

@@ -14,6 +14,7 @@ go_library(
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apiserver/pkg/admission",
],

3
plugin/pkg/admission/alwayspullimages/admission.go
View File

@@ -30,10 +30,11 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apiserver/pkg/admission"
"k8s.io/kubernetes/pkg/api"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("AlwaysPullImages", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("AlwaysPullImages", func(config io.Reader) (admission.Interface, error) {
return NewAlwaysPullImages(), nil
})
}

1
plugin/pkg/admission/antiaffinity/BUILD
View File

@@ -17,6 +17,7 @@ go_library(
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apiserver/pkg/admission",

3
plugin/pkg/admission/antiaffinity/admission.go
View File

@@ -24,10 +24,11 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apiserver/pkg/admission"
"k8s.io/kubernetes/pkg/api"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("LimitPodHardAntiAffinityTopology", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("LimitPodHardAntiAffinityTopology", func(config io.Reader) (admission.Interface, error) {
return NewInterPodAntiAffinity(), nil
})
}

1
plugin/pkg/admission/defaulttolerationseconds/BUILD
View File

@@ -28,6 +28,7 @@ go_library(
deps = [
"//pkg/api:go_default_library",
"//pkg/api/helper:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apimachinery/pkg/apis/meta/v1",
"//vendor:k8s.io/apiserver/pkg/admission",

3
plugin/pkg/admission/defaulttolerationseconds/admission.go
View File

@@ -26,6 +26,7 @@ import (
"k8s.io/apiserver/pkg/admission"
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/helper"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
var (
@@ -39,7 +40,7 @@ var (
)
func init() {
admission.RegisterPlugin("DefaultTolerationSeconds", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("DefaultTolerationSeconds", func(config io.Reader) (admission.Interface, error) {
return NewDefaultTolerationSeconds(), nil
})
}

5
plugin/pkg/admission/deny/BUILD
View File

@@ -12,7 +12,10 @@ go_library(
name = "go_default_library",
srcs = ["admission.go"],
tags = ["automanaged"],
deps = ["//vendor:k8s.io/apiserver/pkg/admission"],
deps = [
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apiserver/pkg/admission",
],
)
go_test(

3
plugin/pkg/admission/deny/admission.go
View File

@@ -21,10 +21,11 @@ import (
"io"
"k8s.io/apiserver/pkg/admission"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("AlwaysDeny", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("AlwaysDeny", func(config io.Reader) (admission.Interface, error) {
return NewAlwaysDeny(), nil
})
}

4
plugin/pkg/admission/exec/admission.go
View File

@@ -30,13 +30,13 @@ import (
)
func init() {
admission.RegisterPlugin("DenyEscalatingExec", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("DenyEscalatingExec", func(config io.Reader) (admission.Interface, error) {
return NewDenyEscalatingExec(), nil
})
// This is for legacy support of the DenyExecOnPrivileged admission controller. Most
// of the time DenyEscalatingExec should be preferred.
admission.RegisterPlugin("DenyExecOnPrivileged", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("DenyExecOnPrivileged", func(config io.Reader) (admission.Interface, error) {
return NewDenyExecOnPrivileged(), nil
})
}

1
plugin/pkg/admission/gc/BUILD
View File

@@ -13,6 +13,7 @@ go_library(
srcs = ["gc_admission.go"],
tags = ["automanaged"],
deps = [
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/api/equality",
"//vendor:k8s.io/apimachinery/pkg/api/meta",
"//vendor:k8s.io/apimachinery/pkg/runtime",

3
plugin/pkg/admission/gc/gc_admission.go
View File

@@ -25,10 +25,11 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/admission"
"k8s.io/apiserver/pkg/authorization/authorizer"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("OwnerReferencesPermissionEnforcement", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("OwnerReferencesPermissionEnforcement", func(config io.Reader) (admission.Interface, error) {
return &gcPermissionsEnforcement{
Handler: admission.NewHandler(admission.Create, admission.Update),
}, nil

1
plugin/pkg/admission/imagepolicy/BUILD
View File

@@ -20,6 +20,7 @@ go_library(
"//pkg/api:go_default_library",
"//pkg/apis/imagepolicy/install:go_default_library",
"//pkg/apis/imagepolicy/v1alpha1:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:github.com/golang/glog",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apimachinery/pkg/runtime/schema",

3
plugin/pkg/admission/imagepolicy/admission.go
View File

@@ -39,6 +39,7 @@ import (
"k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/apis/imagepolicy/v1alpha1"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
// install the clientgo image policy API for use with api registry
_ "k8s.io/kubernetes/pkg/apis/imagepolicy/install"
@@ -49,7 +50,7 @@ var (
)
func init() {
admission.RegisterPlugin("ImagePolicyWebhook", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("ImagePolicyWebhook", func(config io.Reader) (admission.Interface, error) {
newImagePolicyWebhook, err := NewImagePolicyWebhook(config)
if err != nil {
return nil, err

1
plugin/pkg/admission/initialresources/BUILD
View File

@@ -20,6 +20,7 @@ go_library(
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:cloud.google.com/go/compute/metadata",
"//vendor:github.com/golang/glog",
"//vendor:github.com/hawkular/hawkular-client-go/metrics",

3
plugin/pkg/admission/initialresources/admission.go
View File

@@ -29,6 +29,7 @@ import (
"k8s.io/apimachinery/pkg/api/resource"
"k8s.io/apiserver/pkg/admission"
"k8s.io/kubernetes/pkg/api"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
var (
@@ -46,7 +47,7 @@ const (
// WARNING: this feature is experimental and will definitely change.
func init() {
admission.RegisterPlugin("InitialResources", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("InitialResources", func(config io.Reader) (admission.Interface, error) {
// TODO: remove the usage of flags in favor of reading versioned configuration
s, err := newDataSource(*source)
if err != nil {

2
plugin/pkg/admission/limitranger/admission.go
View File

@@ -44,7 +44,7 @@ const (
)
func init() {
admission.RegisterPlugin("LimitRanger", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("LimitRanger", func(config io.Reader) (admission.Interface, error) {
return NewLimitRanger(&DefaultLimitRangerActions{})
})
}

2
plugin/pkg/admission/namespace/autoprovision/admission.go
View File

@@ -31,7 +31,7 @@ import (
)
func init() {
admission.RegisterPlugin("NamespaceAutoProvision", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("NamespaceAutoProvision", func(config io.Reader) (admission.Interface, error) {
return NewProvision(), nil
})
}

2
plugin/pkg/admission/namespace/exists/admission.go
View File

@@ -31,7 +31,7 @@ import (
)
func init() {
admission.RegisterPlugin("NamespaceExists", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("NamespaceExists", func(config io.Reader) (admission.Interface, error) {
return NewExists(), nil
})
}

2
plugin/pkg/admission/namespace/lifecycle/admission.go
View File

@@ -51,7 +51,7 @@ const (
)
func init() {
admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
return NewLifecycle(sets.NewString(metav1.NamespaceDefault, metav1.NamespaceSystem, metav1.NamespacePublic))
})
}

2
plugin/pkg/admission/persistentvolume/label/admission.go
View File

@@ -33,7 +33,7 @@ import (
)
func init() {
admission.RegisterPlugin("PersistentVolumeLabel", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("PersistentVolumeLabel", func(config io.Reader) (admission.Interface, error) {
persistentVolumeLabelAdmission := NewPersistentVolumeLabel()
return persistentVolumeLabelAdmission, nil
})

2
plugin/pkg/admission/podnodeselector/admission.go
View File

@@ -40,7 +40,7 @@ import (
var NamespaceNodeSelectors = []string{"scheduler.alpha.kubernetes.io/node-selector"}
func init() {
admission.RegisterPlugin("PodNodeSelector", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("PodNodeSelector", func(config io.Reader) (admission.Interface, error) {
// TODO move this to a versioned configuration file format.
pluginConfig := readConfig(config)
plugin := NewPodNodeSelector(pluginConfig.PodNodeSelectorPluginConfig)

2
plugin/pkg/admission/podpreset/admission.go
View File

@@ -41,7 +41,7 @@ const (
)
func init() {
admission.RegisterPlugin(pluginName, func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register(pluginName, func(config io.Reader) (admission.Interface, error) {
return NewPlugin(), nil
})
}

2
plugin/pkg/admission/podtolerationrestriction/admission.go
View File

@@ -37,7 +37,7 @@ import (
)
func init() {
admission.RegisterPlugin("PodTolerationRestriction", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("PodTolerationRestriction", func(config io.Reader) (admission.Interface, error) {
pluginConfig, err := loadConfiguration(config)
if err != nil {
return nil, err

2
plugin/pkg/admission/resourcequota/admission.go
View File

@@ -33,7 +33,7 @@ import (
)
func init() {
admission.RegisterPlugin("ResourceQuota",
kubeapiserveradmission.Plugins.Register("ResourceQuota",
func(config io.Reader) (admission.Interface, error) {
// load the configuration provided (if any)
configuration, err := LoadConfiguration(config)

2
plugin/pkg/admission/security/podsecuritypolicy/admission.go
View File

@@ -45,7 +45,7 @@ const (
)
func init() {
admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
plugin := NewPlugin(psp.NewSimpleStrategyFactory(), getMatchingPolicies, true)
return plugin, nil
})

1
plugin/pkg/admission/securitycontext/scdeny/BUILD
View File

@@ -14,6 +14,7 @@ go_library(
tags = ["automanaged"],
deps = [
"//pkg/api:go_default_library",
"//pkg/kubeapiserver/admission:go_default_library",
"//vendor:k8s.io/apimachinery/pkg/api/errors",
"//vendor:k8s.io/apiserver/pkg/admission",
],

3
plugin/pkg/admission/securitycontext/scdeny/admission.go
View File

@@ -23,10 +23,11 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apiserver/pkg/admission"
"k8s.io/kubernetes/pkg/api"
kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
)
func init() {
admission.RegisterPlugin("SecurityContextDeny", func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register("SecurityContextDeny", func(config io.Reader) (admission.Interface, error) {
return NewSecurityContextDeny(), nil
})
}

2
plugin/pkg/admission/serviceaccount/admission.go
View File

@@ -55,7 +55,7 @@ const DefaultAPITokenMountPath = "/var/run/secrets/kubernetes.io/serviceaccount"
const PluginName = "ServiceAccount"
func init() {
admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
serviceAccountAdmission := NewServiceAccount()
return serviceAccountAdmission, nil
})

2
plugin/pkg/admission/storageclass/default/admission.go
View File

@@ -39,7 +39,7 @@ const (
)
func init() {
admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) {
kubeapiserveradmission.Plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
plugin := newPlugin()
return plugin, nil
})