Merge pull request #34829 from deads2k/api-25-gc-admission

Automatic merge from submit-queue add ownerref permission checks Adds an admission plugin that ensures that anyone adding an `ownerReference` to a resource has delete rights on the resource they're setting up a delete for. @caesarxuchao example admission plugin that tests for ownerReference diffs and uses an authorizer to drive the decision. @liggitt @ncdc we've talked about this before
2016-10-17 09:34:31 -07:00
parent f85d8f2e66 14c164a328
commit f90deb2bdd
5 changed files with 331 additions and 0 deletions
--- a/cmd/kube-apiserver/app/plugins.go
+++ b/cmd/kube-apiserver/app/plugins.go
@@ -29,6 +29,7 @@ import (
 	_ "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"
 	_ "k8s.io/kubernetes/plugin/pkg/admission/deny"
 	_ "k8s.io/kubernetes/plugin/pkg/admission/exec"
+	_ "k8s.io/kubernetes/plugin/pkg/admission/gc"
 	_ "k8s.io/kubernetes/plugin/pkg/admission/imagepolicy"
 	_ "k8s.io/kubernetes/plugin/pkg/admission/initialresources"
 	_ "k8s.io/kubernetes/plugin/pkg/admission/limitranger"