github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-09 21:21:14 +00:00
Code Issues Projects Releases Wiki Activity

Add admission controller to force image pulls

Browse Source 
Add an admission controller that forces every container's image pull policy to
Always when a pod is created.
This commit is contained in:
Andy Goldstein
2015-12-18 16:48:49 -05:00
parent 1f26fa4049
commit f175a22443
5 changed files with 202 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/admin/kube-apiserver.md
View File

@@ -50,7 +50,7 @@ kube-apiserver
### Options
```
--admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, ResourceQuota, SecurityContextDeny, ServiceAccount
--admission-control="AlwaysAdmit": Ordered list of plug-ins to do admission control of resources into cluster. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DenyEscalatingExec, DenyExecOnPrivileged, InitialResources, LimitRanger, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, ResourceQuota, SecurityContextDeny, ServiceAccount
--admission-control-config-file="": File with admission control configuration.
--advertise-address=<nil>: The IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster. If blank, the --bind-address will be used. If --bind-address is unspecified, the host's default interface will be used.
--allow-privileged[=false]: If true, allow privileged containers.
@@ -106,7 +106,7 @@ kube-apiserver
--watch-cache[=true]: Enable watch caching in the apiserver
```
###### Auto generated by spf13/cobra on 18-Dec-2015
###### Auto generated by spf13/cobra on 22-Dec-2015
<!-- BEGIN MUNGE: GENERATED_ANALYTICS -->