// NewConstraint creates a new SCC constraint admission plugin.
func NewConstraint(kclient client.Interface) kadmission.Interface {
store := cache.NewStore(cache.MetaNamespaceKeyFunc)
reflector := cache.NewReflector(
&cache.ListWatch{
ListFunc: func() (runtime.Object, error) {
return kclient.SecurityContextConstraints().List(labels.Everything(), fields.Everything())
},
WatchFunc: func(resourceVersion string) (watch.Interface, error) {
return kclient.SecurityContextConstraints().Watch(labels.Everything(), fields.Everything(), resourceVersion)
},
},
&kapi.SecurityContextConstraints{},
store,
0,
)
reflector.Run()
return &constraint{
Handler: kadmission.NewHandler(kadmission.Create),
client: kclient,
store: store,
}
}