github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #72737 from liggitt/deprecate-deny-exec-admission 

Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins
pull/564/head
Kubernetes Prow Robot 2019-01-11 03:30:48 -08:00 committed by GitHub
parent e44330dfab 61be3683f3
commit 33a9c6e892
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugin/pkg/admission/exec/BUILD
View File

@ -16,6 +16,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/admission:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/admission/initializer:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

10
plugin/pkg/admission/exec/admission.go
View File

@ -25,25 +25,33 @@ import (
"k8s.io/apiserver/pkg/admission"
genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer"
"k8s.io/client-go/kubernetes"
"k8s.io/klog"
)
const (
// DenyEscalatingExec indicates name of admission plugin.
// Deprecated, will be removed in v1.18.
// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
DenyEscalatingExec = "DenyEscalatingExec"
// DenyExecOnPrivileged indicates name of admission plugin.
// Deprecated, should use DenyEscalatingExec instead.
// Deprecated, will be removed in v1.18.
// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
DenyExecOnPrivileged = "DenyExecOnPrivileged"
)
// Register registers a plugin
func Register(plugins *admission.Plugins) {
plugins.Register(DenyEscalatingExec, func(config io.Reader) (admission.Interface, error) {
klog.Warningf("the %s admission plugin is deprecated and will be removed in v1.18", DenyEscalatingExec)
klog.Warningf("use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead")
return NewDenyEscalatingExec(), nil
})
// This is for legacy support of the DenyExecOnPrivileged admission controller. Most
// of the time DenyEscalatingExec should be preferred.
plugins.Register(DenyExecOnPrivileged, func(config io.Reader) (admission.Interface, error) {
klog.Warningf("the %s admission plugin is deprecated and will be removed in v1.18", DenyExecOnPrivileged)
klog.Warningf("use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead")
return NewDenyExecOnPrivileged(), nil
})
}