mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
plugin/admission; including resourcequota admission
This commit is contained in:
parent
f782aba56e
commit
1044aa4500
@ -68,9 +68,9 @@ type liveLookupEntry struct {
|
||||
}
|
||||
|
||||
func (l *limitRanger) SetInformerFactory(f informers.SharedInformerFactory) {
|
||||
limitRangeInformer := f.LimitRanges().Informer()
|
||||
limitRangeInformer := f.InternalLimitRanges().Informer()
|
||||
l.SetReadyFunc(limitRangeInformer.HasSynced)
|
||||
l.lister = f.LimitRanges().Lister()
|
||||
l.lister = f.InternalLimitRanges().Lister()
|
||||
}
|
||||
|
||||
func (l *limitRanger) Validate() error {
|
||||
|
@ -588,7 +588,7 @@ func newMockClientForTest(limitRanges []api.LimitRange) *fake.Clientset {
|
||||
|
||||
// newHandlerForTest returns a handler configured for testing.
|
||||
func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) {
|
||||
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
|
||||
f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute)
|
||||
handler, err := NewLimitRanger(c, &DefaultLimitRangerActions{})
|
||||
if err != nil {
|
||||
return nil, f, err
|
||||
|
@ -88,7 +88,7 @@ func NewProvision(c clientset.Interface) admission.Interface {
|
||||
}
|
||||
|
||||
func (p *provision) SetInformerFactory(f informers.SharedInformerFactory) {
|
||||
p.namespaceInformer = f.Namespaces().Informer()
|
||||
p.namespaceInformer = f.InternalNamespaces().Informer()
|
||||
p.SetReadyFunc(p.namespaceInformer.HasSynced)
|
||||
}
|
||||
|
||||
|
@ -35,7 +35,7 @@ import (
|
||||
|
||||
// newHandlerForTest returns the admission controller configured for testing.
|
||||
func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) {
|
||||
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
|
||||
f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute)
|
||||
handler := NewProvision(c)
|
||||
plugins := []admission.Interface{handler}
|
||||
pluginInitializer := admission.NewPluginInitializer(f, nil)
|
||||
|
@ -95,7 +95,7 @@ func NewExists(c clientset.Interface) admission.Interface {
|
||||
}
|
||||
|
||||
func (e *exists) SetInformerFactory(f informers.SharedInformerFactory) {
|
||||
e.namespaceInformer = f.Namespaces().Informer()
|
||||
e.namespaceInformer = f.InternalNamespaces().Informer()
|
||||
e.SetReadyFunc(e.namespaceInformer.HasSynced)
|
||||
}
|
||||
|
||||
|
@ -34,7 +34,7 @@ import (
|
||||
|
||||
// newHandlerForTest returns the admission controller configured for testing.
|
||||
func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.SharedInformerFactory, error) {
|
||||
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
|
||||
f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute)
|
||||
handler := NewExists(c)
|
||||
plugins := []admission.Interface{handler}
|
||||
pluginInitializer := admission.NewPluginInitializer(f, nil)
|
||||
|
@ -181,7 +181,7 @@ func newLifecycleWithClock(c clientset.Interface, immortalNamespaces sets.String
|
||||
}
|
||||
|
||||
func (l *lifecycle) SetInformerFactory(f informers.SharedInformerFactory) {
|
||||
l.namespaceInformer = f.Namespaces().Informer()
|
||||
l.namespaceInformer = f.InternalNamespaces().Informer()
|
||||
l.SetReadyFunc(l.namespaceInformer.HasSynced)
|
||||
}
|
||||
|
||||
|
@ -41,7 +41,7 @@ func newHandlerForTest(c clientset.Interface) (admission.Interface, informers.Sh
|
||||
|
||||
// newHandlerForTestWithClock returns a configured handler for testing.
|
||||
func newHandlerForTestWithClock(c clientset.Interface, cacheClock clock.Clock) (admission.Interface, informers.SharedInformerFactory, error) {
|
||||
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
|
||||
f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute)
|
||||
handler, err := newLifecycleWithClock(c, sets.NewString(api.NamespaceDefault, api.NamespaceSystem), cacheClock)
|
||||
if err != nil {
|
||||
return nil, f, err
|
||||
|
@ -165,7 +165,7 @@ func NewPodNodeSelector(client clientset.Interface, clusterNodeSelectors map[str
|
||||
}
|
||||
|
||||
func (p *podNodeSelector) SetInformerFactory(f informers.SharedInformerFactory) {
|
||||
p.namespaceInformer = f.Namespaces().Informer()
|
||||
p.namespaceInformer = f.InternalNamespaces().Informer()
|
||||
p.SetReadyFunc(p.namespaceInformer.HasSynced)
|
||||
}
|
||||
|
||||
|
@ -178,7 +178,7 @@ func TestHandles(t *testing.T) {
|
||||
|
||||
// newHandlerForTest returns the admission controller configured for testing.
|
||||
func newHandlerForTest(c clientset.Interface) (*podNodeSelector, informers.SharedInformerFactory, error) {
|
||||
f := informers.NewSharedInformerFactory(c, 5*time.Minute)
|
||||
f := informers.NewSharedInformerFactory(nil, c, 5*time.Minute)
|
||||
handler := NewPodNodeSelector(c, nil)
|
||||
plugins := []admission.Interface{handler}
|
||||
pluginInitializer := admission.NewPluginInitializer(f, nil)
|
||||
|
@ -33,7 +33,7 @@ func init() {
|
||||
func(client clientset.Interface, config io.Reader) (admission.Interface, error) {
|
||||
// NOTE: we do not provide informers to the registry because admission level decisions
|
||||
// does not require us to open watches for all items tracked by quota.
|
||||
registry := install.NewRegistry(client, nil)
|
||||
registry := install.NewRegistry(nil, nil)
|
||||
return NewResourceQuota(client, registry, 5, make(chan struct{}))
|
||||
})
|
||||
}
|
||||
|
@ -126,7 +126,7 @@ func TestAdmissionIgnoresDelete(t *testing.T) {
|
||||
kubeClient := fake.NewSimpleClientset()
|
||||
stopCh := make(chan struct{})
|
||||
defer close(stopCh)
|
||||
handler, err := NewResourceQuota(kubeClient, install.NewRegistry(kubeClient, nil), 5, stopCh)
|
||||
handler, err := NewResourceQuota(kubeClient, install.NewRegistry(nil, nil), 5, stopCh)
|
||||
if err != nil {
|
||||
t.Errorf("Unexpected error %v", err)
|
||||
}
|
||||
@ -158,7 +158,7 @@ func TestAdmissionIgnoresSubresources(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -201,7 +201,7 @@ func TestAdmitBelowQuotaLimit(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -283,7 +283,7 @@ func TestAdmitHandlesOldObjects(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -379,7 +379,7 @@ func TestAdmitHandlesCreatingUpdates(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -472,7 +472,7 @@ func TestAdmitExceedQuotaLimit(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -515,7 +515,7 @@ func TestAdmitEnforceQuotaConstraints(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -568,7 +568,7 @@ func TestAdmitPodInNamespaceWithoutQuota(t *testing.T) {
|
||||
quotaAccessor.indexer = indexer
|
||||
quotaAccessor.liveLookupCache = liveLookupCache
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -633,7 +633,7 @@ func TestAdmitBelowTerminatingQuotaLimit(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -737,7 +737,7 @@ func TestAdmitBelowBestEffortQuotaLimit(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -828,7 +828,7 @@ func TestAdmitBestEffortQuotaLimitIgnoresBurstable(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -945,7 +945,7 @@ func TestAdmissionSetsMissingNamespace(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
evaluator.(*quotaEvaluator).registry = registry
|
||||
|
||||
handler := "aAdmission{
|
||||
@ -990,7 +990,7 @@ func TestAdmitRejectsNegativeUsage(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
@ -1035,7 +1035,7 @@ func TestAdmitWhenUnrelatedResourceExceedsQuota(t *testing.T) {
|
||||
quotaAccessor, _ := newQuotaAccessor(kubeClient)
|
||||
quotaAccessor.indexer = indexer
|
||||
go quotaAccessor.Run(stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(kubeClient, nil), nil, 5, stopCh)
|
||||
evaluator := NewQuotaEvaluator(quotaAccessor, install.NewRegistry(nil, nil), nil, 5, stopCh)
|
||||
|
||||
handler := "aAdmission{
|
||||
Handler: admission.NewHandler(admission.Create, admission.Update),
|
||||
|
@ -26,6 +26,7 @@ import (
|
||||
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
|
||||
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
"k8s.io/kubernetes/pkg/client/cache"
|
||||
"k8s.io/kubernetes/pkg/runtime"
|
||||
"k8s.io/kubernetes/pkg/storage/etcd"
|
||||
@ -73,11 +74,15 @@ func newQuotaAccessor(client clientset.Interface) (*quotaAccessor, error) {
|
||||
return nil, err
|
||||
}
|
||||
lw := &cache.ListWatch{
|
||||
ListFunc: func(options api.ListOptions) (runtime.Object, error) {
|
||||
return client.Core().ResourceQuotas(api.NamespaceAll).List(options)
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return client.Core().ResourceQuotas(api.NamespaceAll).List(internalOptions)
|
||||
},
|
||||
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
|
||||
return client.Core().ResourceQuotas(api.NamespaceAll).Watch(options)
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return client.Core().ResourceQuotas(api.NamespaceAll).Watch(internalOptions)
|
||||
},
|
||||
}
|
||||
indexer, reflector := cache.NewNamespaceKeyedIndexerAndReflector(lw, &api.ResourceQuota{}, 0)
|
||||
|
@ -26,6 +26,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/admission"
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/api/errors"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
"k8s.io/kubernetes/pkg/auth/authorizer"
|
||||
"k8s.io/kubernetes/pkg/auth/user"
|
||||
@ -91,11 +92,15 @@ func NewPlugin(kclient clientset.Interface, strategyFactory psp.StrategyFactory,
|
||||
store := cache.NewStore(cache.MetaNamespaceKeyFunc)
|
||||
reflector := cache.NewReflector(
|
||||
&cache.ListWatch{
|
||||
ListFunc: func(options api.ListOptions) (runtime.Object, error) {
|
||||
return kclient.Extensions().PodSecurityPolicies().List(options)
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return kclient.Extensions().PodSecurityPolicies().List(internalOptions)
|
||||
},
|
||||
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
|
||||
return kclient.Extensions().PodSecurityPolicies().Watch(options)
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return kclient.Extensions().PodSecurityPolicies().Watch(internalOptions)
|
||||
},
|
||||
},
|
||||
&extensions.PodSecurityPolicy{},
|
||||
@ -228,7 +233,7 @@ func assignSecurityContext(provider psp.Provider, pod *api.Pod, fldPath *field.P
|
||||
// since that is how the sc provider will eventually apply settings in the runtime.
|
||||
// This results in an SC that is based on the Pod's PSC with the set fields from the container
|
||||
// overriding pod level settings.
|
||||
containerCopy.SecurityContext = sc.DetermineEffectiveSecurityContext(pod, &containerCopy)
|
||||
containerCopy.SecurityContext = sc.InternalDetermineEffectiveSecurityContext(pod, &containerCopy)
|
||||
|
||||
sc, scAnnotations, err := provider.CreateContainerSecurityContext(pod, &containerCopy)
|
||||
if err != nil {
|
||||
@ -249,7 +254,7 @@ func assignSecurityContext(provider psp.Provider, pod *api.Pod, fldPath *field.P
|
||||
// since that is how the sc provider will eventually apply settings in the runtime.
|
||||
// This results in an SC that is based on the Pod's PSC with the set fields from the container
|
||||
// overriding pod level settings.
|
||||
containerCopy.SecurityContext = sc.DetermineEffectiveSecurityContext(pod, &containerCopy)
|
||||
containerCopy.SecurityContext = sc.InternalDetermineEffectiveSecurityContext(pod, &containerCopy)
|
||||
|
||||
sc, scAnnotations, err := provider.CreateContainerSecurityContext(pod, &containerCopy)
|
||||
if err != nil {
|
||||
|
@ -751,7 +751,7 @@ func TestAdmitSELinux(t *testing.T) {
|
||||
func TestAdmitAppArmor(t *testing.T) {
|
||||
createPodWithAppArmor := func(profile string) *kapi.Pod {
|
||||
pod := goodPod()
|
||||
apparmor.SetProfileName(pod, defaultContainerName, profile)
|
||||
apparmor.SetProfileNameFromPodAnnotations(pod.Annotations, defaultContainerName, profile)
|
||||
return pod
|
||||
}
|
||||
|
||||
@ -822,7 +822,7 @@ func TestAdmitAppArmor(t *testing.T) {
|
||||
testPSPAdmit(k, []*extensions.PodSecurityPolicy{v.psp}, v.pod, v.shouldPass, v.psp.Name, t)
|
||||
|
||||
if v.shouldPass {
|
||||
assert.Equal(t, v.expectedProfile, apparmor.GetProfileName(v.pod, defaultContainerName), k)
|
||||
assert.Equal(t, v.expectedProfile, apparmor.GetProfileNameFromPodAnnotations(v.pod.Annotations, defaultContainerName), k)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,6 +29,7 @@ import (
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/api/errors"
|
||||
"k8s.io/kubernetes/pkg/api/unversioned"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
"k8s.io/kubernetes/pkg/client/cache"
|
||||
"k8s.io/kubernetes/pkg/fields"
|
||||
kubelet "k8s.io/kubernetes/pkg/kubelet/types"
|
||||
@ -91,11 +92,15 @@ type serviceAccount struct {
|
||||
func NewServiceAccount(cl clientset.Interface) *serviceAccount {
|
||||
serviceAccountsIndexer, serviceAccountsReflector := cache.NewNamespaceKeyedIndexerAndReflector(
|
||||
&cache.ListWatch{
|
||||
ListFunc: func(options api.ListOptions) (runtime.Object, error) {
|
||||
return cl.Core().ServiceAccounts(api.NamespaceAll).List(options)
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return cl.Core().ServiceAccounts(api.NamespaceAll).List(internalOptions)
|
||||
},
|
||||
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
|
||||
return cl.Core().ServiceAccounts(api.NamespaceAll).Watch(options)
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return cl.Core().ServiceAccounts(api.NamespaceAll).Watch(internalOptions)
|
||||
},
|
||||
},
|
||||
&api.ServiceAccount{},
|
||||
@ -105,13 +110,17 @@ func NewServiceAccount(cl clientset.Interface) *serviceAccount {
|
||||
tokenSelector := fields.SelectorFromSet(map[string]string{api.SecretTypeField: string(api.SecretTypeServiceAccountToken)})
|
||||
secretsIndexer, secretsReflector := cache.NewNamespaceKeyedIndexerAndReflector(
|
||||
&cache.ListWatch{
|
||||
ListFunc: func(options api.ListOptions) (runtime.Object, error) {
|
||||
options.FieldSelector = tokenSelector
|
||||
return cl.Core().Secrets(api.NamespaceAll).List(options)
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
internalOptions.FieldSelector = tokenSelector
|
||||
return cl.Core().Secrets(api.NamespaceAll).List(internalOptions)
|
||||
},
|
||||
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
|
||||
options.FieldSelector = tokenSelector
|
||||
return cl.Core().Secrets(api.NamespaceAll).Watch(options)
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
internalOptions.FieldSelector = tokenSelector
|
||||
return cl.Core().Secrets(api.NamespaceAll).Watch(internalOptions)
|
||||
},
|
||||
},
|
||||
&api.Secret{},
|
||||
@ -304,7 +313,7 @@ func (s *serviceAccount) getServiceAccountTokens(serviceAccount *api.ServiceAcco
|
||||
for _, obj := range index {
|
||||
token := obj.(*api.Secret)
|
||||
|
||||
if serviceaccount.IsServiceAccountToken(token, serviceAccount) {
|
||||
if serviceaccount.InternalIsServiceAccountToken(token, serviceAccount) {
|
||||
tokens = append(tokens, token)
|
||||
}
|
||||
}
|
||||
|
@ -25,6 +25,7 @@ import (
|
||||
admission "k8s.io/kubernetes/pkg/admission"
|
||||
api "k8s.io/kubernetes/pkg/api"
|
||||
"k8s.io/kubernetes/pkg/api/errors"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
"k8s.io/kubernetes/pkg/apis/storage"
|
||||
storageutil "k8s.io/kubernetes/pkg/apis/storage/util"
|
||||
"k8s.io/kubernetes/pkg/client/cache"
|
||||
@ -62,11 +63,15 @@ func newPlugin(kclient clientset.Interface) *claimDefaulterPlugin {
|
||||
store := cache.NewStore(cache.MetaNamespaceKeyFunc)
|
||||
reflector := cache.NewReflector(
|
||||
&cache.ListWatch{
|
||||
ListFunc: func(options api.ListOptions) (runtime.Object, error) {
|
||||
return kclient.Storage().StorageClasses().List(options)
|
||||
ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return kclient.Storage().StorageClasses().List(internalOptions)
|
||||
},
|
||||
WatchFunc: func(options api.ListOptions) (watch.Interface, error) {
|
||||
return kclient.Storage().StorageClasses().Watch(options)
|
||||
WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
|
||||
internalOptions := api.ListOptions{}
|
||||
v1.Convert_v1_ListOptions_To_api_ListOptions(&options, &internalOptions, nil)
|
||||
return kclient.Storage().StorageClasses().Watch(internalOptions)
|
||||
},
|
||||
},
|
||||
&storage.StorageClass{},
|
||||
|
Loading…
Reference in New Issue
Block a user