func init() { admission.RegisterPlugin("DenyEscalatingExec", func(config io.Reader) (admission.Interface, error) { return NewDenyEscalatingExec(), nil }) // This is for legacy support of the DenyExecOnPrivileged admission controller. Most // of the time DenyEscalatingExec should be preferred. admission.RegisterPlugin("DenyExecOnPrivileged", func(config io.Reader) (admission.Interface, error) { return NewDenyExecOnPrivileged(), nil }) }
func init() { admission.RegisterPlugin("OwnerReferencesPermissionEnforcement", func(config io.Reader) (admission.Interface, error) { return &gcPermissionsEnforcement{ Handler: admission.NewHandler(admission.Create, admission.Update), }, nil }) }
func init() { admission.RegisterPlugin("PodNodeSelector", func(config io.Reader) (admission.Interface, error) { // TODO move this to a versioned configuration file format. pluginConfig := readConfig(config) plugin := NewPodNodeSelector(pluginConfig.PodNodeSelectorPluginConfig) return plugin, nil }) }
func init() { admission.RegisterPlugin("ResourceQuota", func(config io.Reader) (admission.Interface, error) { // NOTE: we do not provide informers to the registry because admission level decisions // does not require us to open watches for all items tracked by quota. registry := install.NewRegistry(nil, nil) return NewResourceQuota(registry, 5, make(chan struct{})) }) }
func init() { admission.RegisterPlugin("ImagePolicyWebhook", func(config io.Reader) (admission.Interface, error) { newImagePolicyWebhook, err := NewImagePolicyWebhook(config) if err != nil { return nil, err } return newImagePolicyWebhook, nil }) }
// WARNING: this feature is experimental and will definitely change. func init() { admission.RegisterPlugin("InitialResources", func(config io.Reader) (admission.Interface, error) { // TODO: remove the usage of flags in favor of reading versioned configuration s, err := newDataSource(*source) if err != nil { return nil, err } return newInitialResources(s, *percentile, *nsOnly), nil }) }
func init() { admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) { plugin := NewPlugin(psp.NewSimpleStrategyFactory(), getMatchingPolicies, true) return plugin, nil }) }
func init() { admission.RegisterPlugin("AlwaysAdmit", func(config io.Reader) (admission.Interface, error) { return NewAlwaysAdmit(), nil }) }
func init() { admission.RegisterPlugin("NamespaceAutoProvision", func(config io.Reader) (admission.Interface, error) { return NewProvision(), nil }) }
func init() { admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) { serviceAccountAdmission := NewServiceAccount() return serviceAccountAdmission, nil }) }
func init() { admission.RegisterPlugin("SecurityContextDeny", func(config io.Reader) (admission.Interface, error) { return NewSecurityContextDeny(), nil }) }
func init() { admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) { return NewLifecycle(sets.NewString(api.NamespaceDefault, api.NamespaceSystem)) }) }
func init() { admission.RegisterPlugin(PluginName, func(config io.Reader) (admission.Interface, error) { plugin := newPlugin() return plugin, nil }) }
func init() { admission.RegisterPlugin("NamespaceExists", func(config io.Reader) (admission.Interface, error) { return NewExists(), nil }) }
func init() { admission.RegisterPlugin("LimitPodHardAntiAffinityTopology", func(config io.Reader) (admission.Interface, error) { return NewInterPodAntiAffinity(), nil }) }
func init() { admission.RegisterPlugin("LimitRanger", func(config io.Reader) (admission.Interface, error) { return NewLimitRanger(&DefaultLimitRangerActions{}) }) }
func init() { admission.RegisterPlugin("PersistentVolumeLabel", func(config io.Reader) (admission.Interface, error) { persistentVolumeLabelAdmission := NewPersistentVolumeLabel() return persistentVolumeLabelAdmission, nil }) }