首页 发现 帮助
登录
tzeneto
/
custom-kube-scheduler
关注 1
点赞 0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: cb14858ef6
分支列表 标签列表
custom-kube-...
/
kubernetes
/
pkg
/
kubeapiserver
/
options
/
plugins.go

plugins.go 7.1 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 
  1. /*
    2. 

  2. Copyright 2014 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package options
    18. 

  18. 

  19. // This file exists to force the desired plugin implementations to be linked.
    20. 

  20. // This should probably be part of some configuration fed into the build for a
    21. 

  21. // given binary target.
    22. 

  22. import (
    23. 

  23. 	// Admission policies
    24. 

  24. 	"k8s.io/kubernetes/plugin/pkg/admission/admit"
    25. 

  25. 	"k8s.io/kubernetes/plugin/pkg/admission/alwayspullimages"
    26. 

  26. 	"k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"
    27. 

  27. 	"k8s.io/kubernetes/plugin/pkg/admission/defaulttolerationseconds"
    28. 

  28. 	"k8s.io/kubernetes/plugin/pkg/admission/deny"
    29. 

  29. 	"k8s.io/kubernetes/plugin/pkg/admission/eventratelimit"
    30. 

  30. 	"k8s.io/kubernetes/plugin/pkg/admission/exec"
    31. 

  31. 	"k8s.io/kubernetes/plugin/pkg/admission/extendedresourcetoleration"
    32. 

  32. 	"k8s.io/kubernetes/plugin/pkg/admission/gc"
    33. 

  33. 	"k8s.io/kubernetes/plugin/pkg/admission/imagepolicy"
    34. 

  34. 	"k8s.io/kubernetes/plugin/pkg/admission/limitranger"
    35. 

  35. 	"k8s.io/kubernetes/plugin/pkg/admission/namespace/autoprovision"
    36. 

  36. 	"k8s.io/kubernetes/plugin/pkg/admission/namespace/exists"
    37. 

  37. 	"k8s.io/kubernetes/plugin/pkg/admission/noderestriction"
    38. 

  38. 	"k8s.io/kubernetes/plugin/pkg/admission/nodetaint"
    39. 

  39. 	"k8s.io/kubernetes/plugin/pkg/admission/podnodeselector"
    40. 

  40. 	"k8s.io/kubernetes/plugin/pkg/admission/podpreset"
    41. 

  41. 	"k8s.io/kubernetes/plugin/pkg/admission/podtolerationrestriction"
    42. 

  42. 	podpriority "k8s.io/kubernetes/plugin/pkg/admission/priority"
    43. 

  43. 	"k8s.io/kubernetes/plugin/pkg/admission/resourcequota"
    44. 

  44. 	"k8s.io/kubernetes/plugin/pkg/admission/runtimeclass"
    45. 

  45. 	"k8s.io/kubernetes/plugin/pkg/admission/security/podsecuritypolicy"
    46. 

  46. 	"k8s.io/kubernetes/plugin/pkg/admission/securitycontext/scdeny"
    47. 

  47. 	"k8s.io/kubernetes/plugin/pkg/admission/serviceaccount"
    48. 

  48. 	"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/label"
    49. 

  49. 	"k8s.io/kubernetes/plugin/pkg/admission/storage/persistentvolume/resize"
    50. 

  50. 	"k8s.io/kubernetes/plugin/pkg/admission/storage/storageclass/setdefault"
    51. 

  51. 	"k8s.io/kubernetes/plugin/pkg/admission/storage/storageobjectinuseprotection"
    52. 

  52. 

  53. 	"k8s.io/apimachinery/pkg/util/sets"
    54. 

  54. 	"k8s.io/apiserver/pkg/admission"
    55. 

  55. 	"k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle"
    56. 

  56. 	mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"
    57. 

  57. 	validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"
    58. 

  58. )
    59. 

  59. 

  60. // AllOrderedPlugins is the list of all the plugins in order.
    61. 

  61. var AllOrderedPlugins = []string{
    62. 

  62. 	admit.PluginName,                        // AlwaysAdmit
    63. 

  63. 	autoprovision.PluginName,                // NamespaceAutoProvision
    64. 

  64. 	lifecycle.PluginName,                    // NamespaceLifecycle
    65. 

  65. 	exists.PluginName,                       // NamespaceExists
    66. 

  66. 	scdeny.PluginName,                       // SecurityContextDeny
    67. 

  67. 	antiaffinity.PluginName,                 // LimitPodHardAntiAffinityTopology
    68. 

  68. 	podpreset.PluginName,                    // PodPreset
    69. 

  69. 	limitranger.PluginName,                  // LimitRanger
    70. 

  70. 	serviceaccount.PluginName,               // ServiceAccount
    71. 

  71. 	noderestriction.PluginName,              // NodeRestriction
    72. 

  72. 	nodetaint.PluginName,                    // TaintNodesByCondition
    73. 

  73. 	alwayspullimages.PluginName,             // AlwaysPullImages
    74. 

  74. 	imagepolicy.PluginName,                  // ImagePolicyWebhook
    75. 

  75. 	podsecuritypolicy.PluginName,            // PodSecurityPolicy
    76. 

  76. 	podnodeselector.PluginName,              // PodNodeSelector
    77. 

  77. 	podpriority.PluginName,                  // Priority
    78. 

  78. 	defaulttolerationseconds.PluginName,     // DefaultTolerationSeconds
    79. 

  79. 	podtolerationrestriction.PluginName,     // PodTolerationRestriction
    80. 

  80. 	exec.DenyEscalatingExec,                 // DenyEscalatingExec
    81. 

  81. 	exec.DenyExecOnPrivileged,               // DenyExecOnPrivileged
    82. 

  82. 	eventratelimit.PluginName,               // EventRateLimit
    83. 

  83. 	extendedresourcetoleration.PluginName,   // ExtendedResourceToleration
    84. 

  84. 	label.PluginName,                        // PersistentVolumeLabel
    85. 

  85. 	setdefault.PluginName,                   // DefaultStorageClass
    86. 

  86. 	storageobjectinuseprotection.PluginName, // StorageObjectInUseProtection
    87. 

  87. 	gc.PluginName,                           // OwnerReferencesPermissionEnforcement
    88. 

  88. 	resize.PluginName,                       // PersistentVolumeClaimResize
    89. 

  89. 	mutatingwebhook.PluginName,              // MutatingAdmissionWebhook
    90. 

  90. 	validatingwebhook.PluginName,            // ValidatingAdmissionWebhook
    91. 

  91. 	runtimeclass.PluginName,                 //RuntimeClass
    92. 

  92. 	resourcequota.PluginName,                // ResourceQuota
    93. 

  93. 	deny.PluginName,                         // AlwaysDeny
    94. 

  94. }
    95. 

  95. 

  96. // RegisterAllAdmissionPlugins registers all admission plugins and
    97. 

  97. // sets the recommended plugins order.
    98. 

  98. func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {
    99. 

  99. 	admit.Register(plugins) // DEPRECATED as no real meaning
    100. 

  100. 	alwayspullimages.Register(plugins)
    101. 

  101. 	antiaffinity.Register(plugins)
    102. 

  102. 	defaulttolerationseconds.Register(plugins)
    103. 

  103. 	deny.Register(plugins) // DEPRECATED as no real meaning
    104. 

  104. 	eventratelimit.Register(plugins)
    105. 

  105. 	exec.Register(plugins)
    106. 

  106. 	extendedresourcetoleration.Register(plugins)
    107. 

  107. 	gc.Register(plugins)
    108. 

  108. 	imagepolicy.Register(plugins)
    109. 

  109. 	limitranger.Register(plugins)
    110. 

  110. 	autoprovision.Register(plugins)
    111. 

  111. 	exists.Register(plugins)
    112. 

  112. 	noderestriction.Register(plugins)
    113. 

  113. 	nodetaint.Register(plugins)
    114. 

  114. 	label.Register(plugins) // DEPRECATED, future PVs should not rely on labels for zone topology
    115. 

  115. 	podnodeselector.Register(plugins)
    116. 

  116. 	podpreset.Register(plugins)
    117. 

  117. 	podtolerationrestriction.Register(plugins)
    118. 

  118. 	runtimeclass.Register(plugins)
    119. 

  119. 	resourcequota.Register(plugins)
    120. 

  120. 	podsecuritypolicy.Register(plugins)
    121. 

  121. 	podpriority.Register(plugins)
    122. 

  122. 	scdeny.Register(plugins)
    123. 

  123. 	serviceaccount.Register(plugins)
    124. 

  124. 	setdefault.Register(plugins)
    125. 

  125. 	resize.Register(plugins)
    126. 

  126. 	storageobjectinuseprotection.Register(plugins)
    127. 

  127. }
    128. 

  128. 

  129. // DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
    130. 

  130. func DefaultOffAdmissionPlugins() sets.String {
    131. 

  131. 	defaultOnPlugins := sets.NewString(
    132. 

  132. 		lifecycle.PluginName,                    //NamespaceLifecycle
    133. 

  133. 		limitranger.PluginName,                  //LimitRanger
    134. 

  134. 		serviceaccount.PluginName,               //ServiceAccount
    135. 

  135. 		setdefault.PluginName,                   //DefaultStorageClass
    136. 

  136. 		resize.PluginName,                       //PersistentVolumeClaimResize
    137. 

  137. 		defaulttolerationseconds.PluginName,     //DefaultTolerationSeconds
    138. 

  138. 		mutatingwebhook.PluginName,              //MutatingAdmissionWebhook
    139. 

  139. 		validatingwebhook.PluginName,            //ValidatingAdmissionWebhook
    140. 

  140. 		resourcequota.PluginName,                //ResourceQuota
    141. 

  141. 		storageobjectinuseprotection.PluginName, //StorageObjectInUseProtection
    142. 

  142. 		podpriority.PluginName,                  //PodPriority
    143. 

  143. 		nodetaint.PluginName,                    //TaintNodesByCondition
    144. 

  144. 		runtimeclass.PluginName,                 //RuntimeClass, gates internally on the feature
    145. 

  145. 	)
    146. 

  146. 

  147. 	return sets.NewString(AllOrderedPlugins...).Difference(defaultOnPlugins)
    148. 

  148. }
    149. 

  149.