diff options
| author | p0lyn0mial <lukasz.szaszkiewicz@gmail.com> | 2017-08-15 12:14:40 +0200 |
|---|---|---|
| committer | p0lyn0mial <lukasz.szaszkiewicz@gmail.com> | 2017-08-23 20:59:02 +0200 |
| commit | e5609b81a5c66788fa5ec31fcf5a4d299bb6838a (patch) | |
| tree | def06b2d51b3a263f22c6e99c2b25979541acf0e | |
| parent | 2754ac127a1ae974511360463918a49a0bb906ee (diff) | |
this PR adds an example that highlights relevant parts of source code from sample apiserver that deals with admission registration.
close #47868
| -rw-r--r-- | contributors/design-proposals/apiserver-build-in-admission-plugins.md | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/contributors/design-proposals/apiserver-build-in-admission-plugins.md b/contributors/design-proposals/apiserver-build-in-admission-plugins.md index 10708b1f..10d2c0d1 100644 --- a/contributors/design-proposals/apiserver-build-in-admission-plugins.md +++ b/contributors/design-proposals/apiserver-build-in-admission-plugins.md @@ -53,6 +53,28 @@ following series of steps: 2. Register the plugin 3. Reference the plugin in the admission chain -**TODO**(p0lyn0mial): There is also a [sample apiserver](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/sample-apiserver/main.go) to demonstrate the usage of the generic API library. -After implementation sample could would be placed there - copy & paste it here and include a reference. +## An example +The sample apiserver provides an example admission plugin that makes meaningful use of the "standard" plugin initializer. +The admission plugin ensures that a resource name is not on the list of banned names. +The source code of the plugin can be found [here](https://github.com/kubernetes/kubernetes/blob/2f00e6d72c9d58fe3edc3488a91948cf4bfcc6d9/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission.go). +Having the plugin, the next step is the registration. [AdmissionOptions](https://github.com/kubernetes/kubernetes/blob/2f00e6d72c9d58fe3edc3488a91948cf4bfcc6d9/staging/src/k8s.io/apiserver/pkg/server/options/admission.go) +provides two important things. Firstly it exposes [a register](https://github.com/kubernetes/kubernetes/blob/2f00e6d72c9d58fe3edc3488a91948cf4bfcc6d9/staging/src/k8s.io/apiserver/pkg/server/options/admission.go#L43) +under which all addmission plugins are registered. In fact, that's exactly what the [Register](https://github.com/kubernetes/kubernetes/blob/2f00e6d72c9d58fe3edc3488a91948cf4bfcc6d9/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission.go#L33) +method does from our example admision plugin. It accepts a global registry as a parameter and then simply registers itself in that registry. +Secondly, it adds an admission chain to the server configuration via [ApplyTo](https://github.com/kubernetes/kubernetes/blob/2f00e6d72c9d58fe3edc3488a91948cf4bfcc6d9/staging/src/k8s.io/apiserver/pkg/server/options/admission.go#L66) method. +The method accepts optional parameters in the form of `pluginInitalizers`. This is useful when admission plugins need custom configuration that is not provided by the generic initializer. + +The following code has been extracted from the sample server and ilustrates how to register and wire an admission plugin: + +```go + // register admission plugins + banflunder.Register(o.Admission.Plugins) + + // create custom plugin initializer + informerFactory := informers.NewSharedInformerFactory(client, serverConfig.LoopbackClientConfig.Timeout) + admissionInitializer, _ := wardleinitializer.New(informerFactory) + + // add admission chain to the server configuration + o.Admission.ApplyTo(serverConfig, admissionInitializer) +``` |