forked from gardener/gardener
-
Notifications
You must be signed in to change notification settings - Fork 0
/
plugins.go
141 lines (133 loc) · 8.17 KB
/
plugins.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Copyright 2023 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package pkg
import (
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apiserver/pkg/admission/plugin/namespace/lifecycle"
"k8s.io/apiserver/pkg/admission/plugin/resourcequota"
"k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy"
mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"
validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"
)
const (
// PluginNameBastion is the name of the Bastion admission plugin.
PluginNameBastion = "Bastion"
// PluginNameControllerRegistrationResources is the name of the ControllerRegistrationResources admission plugin.
PluginNameControllerRegistrationResources = "ControllerRegistrationResources"
// PluginNameCustomVerbAuthorizer is the name of the CustomVerbAuthorizer admission plugin.
PluginNameCustomVerbAuthorizer = "CustomVerbAuthorizer"
// PluginNameDeletionConfirmation is the name of the DeletionConfirmation admission plugin.
PluginNameDeletionConfirmation = "DeletionConfirmation"
// PluginNameExtensionLabels is the name of the ExtensionLabels admission plugin.
PluginNameExtensionLabels = "ExtensionLabels"
// PluginNameExtensionValidator is the name of the ExtensionValidator admission plugin.
PluginNameExtensionValidator = "ExtensionValidator"
// PluginNameResourceReferenceManager is the name of the ResourceReferenceManager admission plugin.
PluginNameResourceReferenceManager = "ResourceReferenceManager"
// PluginNameManagedSeedShoot is the name of the ManagedSeedShoot admission plugin.
PluginNameManagedSeedShoot = "ManagedSeedShoot"
// PluginNameManagedSeed is the name of the ManagedSeed admission plugin.
PluginNameManagedSeed = "ManagedSeed"
// PluginNameProjectValidator is the name of the ProjectValidator admission plugin.
PluginNameProjectValidator = "ProjectValidator"
// PluginNameSeedValidator is the name of the SeedValidator admission plugin.
PluginNameSeedValidator = "SeedValidator"
// PluginNameShootDNS is the name of the ShootDNS admission plugin.
PluginNameShootDNS = "ShootDNS"
// PluginNameShootDNSRewriting is the name of the ShootDNSRewriting admission plugin.
PluginNameShootDNSRewriting = "ShootDNSRewriting"
// PluginNameShootExposureClass is the name of the ShootExposureClass admission plugin.
PluginNameShootExposureClass = "ShootExposureClass"
// PluginNameShootManagedSeed is the name of the ShootManagedSeed admission plugin.
PluginNameShootManagedSeed = "ShootManagedSeed"
// PluginNameShootNodeLocalDNSEnabledByDefault is the name of the ShootNodeLocalDNSEnabledByDefault admission plugin.
PluginNameShootNodeLocalDNSEnabledByDefault = "ShootNodeLocalDNSEnabledByDefault"
// PluginNameClusterOpenIDConnectPreset is the name of the ClusterOpenIDConnectPreset admission plugin.
PluginNameClusterOpenIDConnectPreset = "ClusterOpenIDConnectPreset"
// PluginNameOpenIDConnectPreset is the name of the OpenIDConnectPreset admission plugin.
PluginNameOpenIDConnectPreset = "OpenIDConnectPreset"
// PluginNameShootQuotaValidator is the name of the ShootQuotaValidator admission plugin.
PluginNameShootQuotaValidator = "ShootQuotaValidator"
// PluginNameShootTolerationRestriction is the name of the ShootTolerationRestriction admission plugin.
PluginNameShootTolerationRestriction = "ShootTolerationRestriction"
// PluginNameShootValidator is the name of the ShootValidator admission plugin.
PluginNameShootValidator = "ShootValidator"
// PluginNameShootVPAEnabledByDefault is the name of the ShootVPAEnabledByDefault admission plugin.
PluginNameShootVPAEnabledByDefault = "ShootVPAEnabledByDefault"
)
// AllPluginNames returns the names of all plugins.
func AllPluginNames() []string {
return []string{
lifecycle.PluginName, // NamespaceLifecycle
PluginNameResourceReferenceManager, // ResourceReferenceManager
PluginNameExtensionValidator, // ExtensionValidator
PluginNameExtensionLabels, // ExtensionLabels
PluginNameShootTolerationRestriction, // ShootTolerationRestriction
PluginNameShootExposureClass, // ShootExposureClass
PluginNameShootDNS, // ShootDNS
PluginNameShootManagedSeed, // ShootManagedSeed
PluginNameShootNodeLocalDNSEnabledByDefault, // ShootNodeLocalDNSEnabledByDefault
PluginNameShootDNSRewriting, // ShootDNSRewriting
PluginNameShootQuotaValidator, // ShootQuotaValidator
PluginNameShootValidator, // ShootValidator
PluginNameSeedValidator, // SeedValidator
PluginNameControllerRegistrationResources, // ControllerRegistrationResources
PluginNameProjectValidator, // ProjectValidator
PluginNameDeletionConfirmation, // DeletionConfirmation
PluginNameOpenIDConnectPreset, // OpenIDConnectPreset
PluginNameClusterOpenIDConnectPreset, // ClusterOpenIDConnectPreset
PluginNameCustomVerbAuthorizer, // CustomVerbAuthorizer
PluginNameShootVPAEnabledByDefault, // ShootVPAEnabledByDefault
PluginNameManagedSeed, // ManagedSeed
PluginNameManagedSeedShoot, // ManagedSeedShoot
PluginNameBastion, // Bastion
// new admission plugins should generally be inserted above here
// webhook, and resourcequota plugins must go at the end
mutatingwebhook.PluginName, // MutatingAdmissionWebhook
validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy
validatingwebhook.PluginName, // ValidatingAdmissionWebhook
// This plugin must remain the last one in the list since it updates the quota usage
// which can only happen reliably if previous plugins permitted the request.
resourcequota.PluginName, // ResourceQuota
}
}
// DefaultOnPlugins is the set of admission plugins that are enabled by default.
func DefaultOnPlugins() sets.Set[string] {
return sets.New[string](
lifecycle.PluginName, // NamespaceLifecycle
PluginNameResourceReferenceManager, // ResourceReferenceManager
PluginNameExtensionValidator, // ExtensionValidator
PluginNameExtensionLabels, // ExtensionLabels
PluginNameShootTolerationRestriction, // ShootTolerationRestriction
PluginNameShootExposureClass, // ShootExposureClass
PluginNameShootDNS, // ShootDNS
PluginNameShootManagedSeed, // ShootManagedSeed
PluginNameShootQuotaValidator, // ShootQuotaValidator
PluginNameShootValidator, // ShootValidator
PluginNameSeedValidator, // SeedValidator
PluginNameControllerRegistrationResources, // ControllerRegistrationResources
PluginNameProjectValidator, // ProjectValidator
PluginNameDeletionConfirmation, // DeletionConfirmation
PluginNameOpenIDConnectPreset, // OpenIDConnectPreset
PluginNameClusterOpenIDConnectPreset, // ClusterOpenIDConnectPreset
PluginNameCustomVerbAuthorizer, // CustomVerbAuthorizer
PluginNameManagedSeed, // ManagedSeed
PluginNameManagedSeedShoot, // ManagedSeedShoot
PluginNameBastion, // Bastion
mutatingwebhook.PluginName, // MutatingAdmissionWebhook
validatingwebhook.PluginName, // ValidatingAdmissionWebhook
validatingadmissionpolicy.PluginName, // ValidatingAdmissionPolicy
resourcequota.PluginName, // ResourceQuota
)
}