- Sort Score
- Result 10 results
- Languages All
Results 1 - 8 of 8 for NodeRestriction (0.2 sec)
-
cmd/kubeadm/app/phases/controlplane/manifests_test.go
CertificatesDir: testCertsDir, }, endpoint: &kubeadmapi.APIEndpoint{BindPort: 123, AdvertiseAddress: "1.2.3.4"}, expected: []string{ "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sun Mar 03 14:43:47 UTC 2024 - 48.5K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/node/node_authorizer.go
// edge from the existing slice object to the node, which is the case if the // existing object has the node in its NodeName field. For create, the access gets // granted because the noderestriction admission plugin checks that the NodeName // is set to the node. // 5. For other resources, authorize all nodes uniformly using statically defined rules type NodeAuthorizer struct { graph *Graph
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 16K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
// Needed for the node to create/delete mirror pods. // Use the NodeRestriction admission plugin to limit a node to creating/deleting mirror pods bound to itself. rbacv1helpers.NewRule("create", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), // Needed for the node to report status of pods it is running. // Use the NodeRestriction admission plugin to limit a node to updating status of pods bound to itself.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 08 19:25:10 UTC 2024 - 34.4K bytes - Viewed (0) -
plugin/pkg/admission/noderestriction/admission.go
// PluginName is a string with the name of the plugin const PluginName = "NodeRestriction" // Register registers a plugin func Register(plugins *admission.Plugins) { plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) { return NewPlugin(nodeidentifier.NewDefaultNodeIdentifier()), nil }) } // NewPlugin creates a new NodeRestriction admission plugin. // This plugin identifies requests from nodes
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 23.6K bytes - Viewed (0) -
cmd/kubeadm/app/phases/controlplane/manifests.go
defaultArguments := []kubeadmapi.Arg{ {Name: "advertise-address", Value: localAPIEndpoint.AdvertiseAddress}, {Name: "enable-admission-plugins", Value: "NodeRestriction"}, {Name: "service-cluster-ip-range", Value: cfg.Networking.ServiceSubnet}, {Name: "service-account-key-file", Value: filepath.Join(cfg.CertificatesDir, kubeadmconstants.ServiceAccountPublicKeyName)},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sun Mar 03 14:43:47 UTC 2024 - 17.8K bytes - Viewed (0) -
plugin/pkg/auth/authorizer/node/graph.go
// Short-circuit adding edges to other resources for mirror pods. // A node must never be able to create a pod that grants them permissions on other API objects. // The NodeRestriction admission plugin prevents creation of such pods, but short-circuiting here gives us defense in depth. if _, isMirrorPod := pod.Annotations[corev1.MirrorPodAnnotationKey]; isMirrorPod { return }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 07 21:22:55 UTC 2024 - 17.5K bytes - Viewed (0) -
cluster/gce/config-test.sh
fi CUSTOM_INGRESS_YAML=${CUSTOM_INGRESS_YAML:-} if [[ -z "${KUBE_ADMISSION_CONTROL:-}" ]]; then ADMISSION_CONTROL='NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,Priority,StorageObjectInUseProtection,PersistentVolumeClaimResize,RuntimeClass' # ResourceQuota must come last, or a creation is recorded, but the pod may be forbidden.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 18 17:20:24 UTC 2024 - 29.8K bytes - Viewed (0) -
cluster/gce/config-default.sh
# Admission Controllers to invoke prior to persisting objects in cluster ADMISSION_CONTROL=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,PersistentVolumeClaimResize,DefaultTolerationSeconds,NodeRestriction,Priority,StorageObjectInUseProtection,RuntimeClass # MutatingAdmissionWebhook should be the last controller that modifies the # request object, otherwise users will be confused if the mutating webhooks'
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 16 20:16:32 UTC 2024 - 26.9K bytes - Viewed (0)