Skip to content

Latest commit

 

History

History
83 lines (76 loc) · 3.06 KB

admission-plug-ins-default.adoc

File metadata and controls

83 lines (76 loc) · 3.06 KB

Default admission plugins

Default validating and admission plugins are enabled in {product-title} {product-version}. These default plugins contribute to fundamental control plane functionality, such as ingress policy, cluster resource limit override and quota policy.

The following lists contain the default admission plugins:

Validating admission plugins

  • LimitRanger

  • ServiceAccount

  • PodNodeSelector

  • Priority

  • PodTolerationRestriction

  • OwnerReferencesPermissionEnforcement

  • PersistentVolumeClaimResize

  • RuntimeClass

  • CertificateApproval

  • CertificateSigning

  • CertificateSubjectRestriction

  • autoscaling.openshift.io/ManagementCPUsOverride

  • authorization.openshift.io/RestrictSubjectBindings

  • scheduling.openshift.io/OriginPodNodeEnvironment

  • network.openshift.io/ExternalIPRanger

  • network.openshift.io/RestrictedEndpointsAdmission

  • image.openshift.io/ImagePolicy

  • security.openshift.io/SecurityContextConstraint

  • security.openshift.io/SCCExecRestrictions

  • route.openshift.io/IngressAdmission

  • config.openshift.io/ValidateAPIServer

  • config.openshift.io/ValidateAuthentication

  • config.openshift.io/ValidateFeatureGate

  • config.openshift.io/ValidateConsole

  • operator.openshift.io/ValidateDNS

  • config.openshift.io/ValidateImage

  • config.openshift.io/ValidateOAuth

  • config.openshift.io/ValidateProject

  • config.openshift.io/DenyDeleteClusterConfiguration

  • config.openshift.io/ValidateScheduler

  • quota.openshift.io/ValidateClusterResourceQuota

  • security.openshift.io/ValidateSecurityContextConstraints

  • authorization.openshift.io/ValidateRoleBindingRestriction

  • config.openshift.io/ValidateNetwork

  • operator.openshift.io/ValidateKubeControllerManager

  • ValidatingAdmissionWebhook

  • ResourceQuota

  • quota.openshift.io/ClusterResourceQuota

Mutating admission plugins

  • NamespaceLifecycle

  • LimitRanger

  • ServiceAccount

  • NodeRestriction

  • TaintNodesByCondition

  • PodNodeSelector

  • Priority

  • DefaultTolerationSeconds

  • PodTolerationRestriction

  • DefaultStorageClass

  • StorageObjectInUseProtection

  • RuntimeClass

  • DefaultIngressClass

  • autoscaling.openshift.io/ManagementCPUsOverride

  • scheduling.openshift.io/OriginPodNodeEnvironment

  • image.openshift.io/ImagePolicy

  • security.openshift.io/SecurityContextConstraint

  • security.openshift.io/DefaultSecurityContextConstraints

  • MutatingAdmissionWebhook