Skip to content
Permalink
Browse files

Merge pull request #72737 from liggitt/deprecate-deny-exec-admission

Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins
  • Loading branch information...
k8s-ci-robot committed Jan 11, 2019
2 parents e44330d + 61be368 commit 33a9c6e892f69e20be9527ba00bd33dfa5de221b
Showing with 10 additions and 1 deletion.
  1. +1 −0 plugin/pkg/admission/exec/BUILD
  2. +9 −1 plugin/pkg/admission/exec/admission.go
@@ -16,6 +16,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/admission:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/admission/initializer:go_default_library",
"//staging/src/k8s.io/client-go/kubernetes:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
],
)

@@ -25,25 +25,33 @@ import (
"k8s.io/apiserver/pkg/admission"
genericadmissioninitializer "k8s.io/apiserver/pkg/admission/initializer"
"k8s.io/client-go/kubernetes"
"k8s.io/klog"
)

const (
// DenyEscalatingExec indicates name of admission plugin.
// Deprecated, will be removed in v1.18.
// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
DenyEscalatingExec = "DenyEscalatingExec"
// DenyExecOnPrivileged indicates name of admission plugin.
// Deprecated, should use DenyEscalatingExec instead.
// Deprecated, will be removed in v1.18.
// Use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead.
DenyExecOnPrivileged = "DenyExecOnPrivileged"
)

// Register registers a plugin
func Register(plugins *admission.Plugins) {
plugins.Register(DenyEscalatingExec, func(config io.Reader) (admission.Interface, error) {
klog.Warningf("the %s admission plugin is deprecated and will be removed in v1.18", DenyEscalatingExec)
klog.Warningf("use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead")
return NewDenyEscalatingExec(), nil
})

// This is for legacy support of the DenyExecOnPrivileged admission controller. Most
// of the time DenyEscalatingExec should be preferred.
plugins.Register(DenyExecOnPrivileged, func(config io.Reader) (admission.Interface, error) {
klog.Warningf("the %s admission plugin is deprecated and will be removed in v1.18", DenyExecOnPrivileged)
klog.Warningf("use of PodSecurityPolicy or a custom admission plugin to limit creation of pods is recommended instead")
return NewDenyExecOnPrivileged(), nil
})
}

0 comments on commit 33a9c6e

Please sign in to comment.
You can’t perform that action at this time.