k8s admission-plugins 准入插件具体个数 

hyperkube kube-apiserver --help |grep admission-plugins
      --admission-control strings                               Admission is divided into two phases. In the first phase, only mutating admission plugins run. In the second phase, only validating admission plugins run. The names in the below list may represent a validating plugin, a mutating plugin, or both. The order of plugins in which they are passed to this flag does not matter. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DefaultStorageClass, DefaultTolerationSeconds, DenyEscalatingExec, DenyExecOnPrivileged, EventRateLimit, ExtendedResourceToleration, ImagePolicyWebhook, InitialResources, Initializers, LimitPodHardAntiAffinityTopology, LimitRanger, MutatingAdmissionWebhook, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, NodeRestriction, OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, PersistentVolumeLabel, PodNodeSelector, PodPreset, PodSecurityPolicy, PodTolerationRestriction, Priority, ResourceQuota, SecurityContextDeny, ServiceAccount, StorageObjectInUseProtection, ValidatingAdmissionWebhook. (DEPRECATED: Use --enableadmission-plugins or --disable-admission-plugins instead. Will be removed in a future version.)
      --disable-admission-plugins strings                       admission plugins that should be disabled although they are in the default enabled plugins list. Comma-delimited list of admission plugins: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, DefaultStorageClass, DefaultTolerationSeconds, DenyEscalatingExec, DenyExecOnPrivileged, EventRateLimit, ExtendedResourceToleration, ImagePolicyWebhook, InitialResources, Initializers, LimitPodHardAntiAffinityTopology, LimitRanger, MutatingAdmissionWebhook, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, NodeRestriction, OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, PersistentVolumeLabel, PodNodeSelector, PodPreset, PodSecurityPolicy, PodTolerationRestriction, Priority, ResourceQuota, SecurityContextDeny, ServiceAccount, StorageObjectInUseProtection, ValidatingAdmissionWebhook. The order of plugins in this flag does not matter.
      --enable-admission-plugins strings                        admission plugins that should be enabled in addition to default enabled ones. Comma-delimited list of admission plugins: 

AlwaysAdmit, 
AlwaysDeny,
AlwaysPullImages, 
DefaultStorageClass,
DefaultTolerationSeconds, 
DenyEscalatingExec, 
DenyExecOnPrivileged, 
EventRateLimit, 
ExtendedResourceToleration, 
ImagePolicyWebhook, 
InitialResources, 
Initializers, 
LimitPodHardAntiAffinityTopology, 
LimitRanger,
MutatingAdmissionWebhook,
NamespaceAutoProvision, 
NamespaceExists, 
NamespaceLifecycle, 
NodeRestriction, 
OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, 
PersistentVolumeLabel, 
PodNodeSelector, 
PodPreset, 
PodSecurityPolicy, 
PodTolerationRestriction, 
Priority, 
ResourceQuota, 
SecurityContextDeny, 
ServiceAccount, 
StorageObjectInUseProtection, 
ValidatingAdmissionWebhook. 


The order of plugins in this flag does not matter.

 

posted @ 2022-12-01 15:44  滴滴滴  阅读(64)  评论(0)    收藏  举报