forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
doc.go
44 lines (38 loc) · 1.27 KB
/
doc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
/*
Package podnodeconstraints contains the PodNodeConstraints admission
control plugin. This plugin allows administrators to set policy
governing the use of the NodeName and NodeSelector attributes in pod
specs.
Enabling this plugin will prevent the use of the NodeName field in Pod
templates for users and serviceaccounts which lack the "pods/binding"
permission, and which don't belong to groups which have the
"pods/binding" permission.
This plugin will also prevent users, serviceaccounts and groups which
lack the "pods/binding" permission from specifying the NodeSelector field
in Pod templates for labels which appear in the
nodeSelectorLabelBlacklist list field.
Configuration
The plugin is configured via a PodNodeConstraintsConfig object in the
origin and kubernetes Master configs:
admissionConfig:
pluginConfig:
PodNodeConstraints:
configuration:
apiVersion: v1
kind: PodNodeConstraintsConfig
nodeSelectorLabelBlacklist:
- label1
- label2
...
kubernetesMasterConfig:
admissionConfig:
pluginConfig:
PodNodeConstraints:
configuration:
apiVersion: v1
kind: PodNodeConstraintsConfig
nodeSelectorLabelBlacklist:
- label1
- label2
*/
package podnodeconstraints