From 49f7ea6a67cb437ef97a42f8d7d9639219592efd Mon Sep 17 00:00:00 2001 From: Kathryn Alexander Date: Mon, 26 Jul 2021 12:17:04 -0400 Subject: [PATCH] BZ1867690: adding default admission plug-ins --- modules/admission-plug-ins-default.adoc | 71 ++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/modules/admission-plug-ins-default.adoc b/modules/admission-plug-ins-default.adoc index 3f7f836806..683705dfc9 100644 --- a/modules/admission-plug-ins-default.adoc +++ b/modules/admission-plug-ins-default.adoc @@ -6,4 +6,73 @@ = Default admission plug-ins //Future xref - A set of default admission plug-ins is enabled in {product-title} {product-version}. These default plug-ins contribute to fundamental control plane functionality, such as ingress policy, xref:../nodes/clusters/nodes-cluster-overcommit.adoc#nodes-cluster-resource-override_nodes-cluster-overcommit[cluster resource limit override] and quota policy. -A set of default admission plug-ins is enabled in {product-title} {product-version}. These default plug-ins contribute to fundamental control plane functionality, such as ingress policy, cluster resource limit override and quota policy. +Default validating and admission plug-ins are enabled in {product-title} {product-version}. These default plug-ins contribute to fundamental control plane functionality, such as ingress policy, cluster resource limit override and quota policy. The following lists contain the default admission plug-ins: + +.Validating admission plug-ins +[%collapsible] +==== +* `LimitRanger` +* `ServiceAccount` +* `PodNodeSelector` +* `Priority` +* `PodTolerationRestriction` +* `OwnerReferencesPermissionEnforcement` +* `PersistentVolumeClaimResize` +* `RuntimeClass` +* `CertificateApproval` +* `CertificateSigning` +* `CertificateSubjectRestriction` +* `autoscaling.openshift.io/ManagementCPUsOverride` +* `authorization.openshift.io/RestrictSubjectBindings` +* `scheduling.openshift.io/OriginPodNodeEnvironment` +* `network.openshift.io/ExternalIPRanger` +* `network.openshift.io/RestrictedEndpointsAdmission` +* `image.openshift.io/ImagePolicy` +* `security.openshift.io/SecurityContextConstraint` +* `security.openshift.io/SCCExecRestrictions` +* `route.openshift.io/IngressAdmission` +* `config.openshift.io/ValidateAPIServer` +* `config.openshift.io/ValidateAuthentication` +* `config.openshift.io/ValidateFeatureGate` +* `config.openshift.io/ValidateConsole` +* `operator.openshift.io/ValidateDNS` +* `config.openshift.io/ValidateImage` +* `config.openshift.io/ValidateOAuth` +* `config.openshift.io/ValidateProject` +* `config.openshift.io/DenyDeleteClusterConfiguration` +* `config.openshift.io/ValidateScheduler` +* `quota.openshift.io/ValidateClusterResourceQuota` +* `security.openshift.io/ValidateSecurityContextConstraints` +* `authorization.openshift.io/ValidateRoleBindingRestriction` +* `config.openshift.io/ValidateNetwork` +* `operator.openshift.io/ValidateKubeControllerManager` +* `ValidatingAdmissionWebhook` +* `ResourceQuota` +* `quota.openshift.io/ClusterResourceQuota` +==== + + +.Mutating admission plug-ins +[%collapsible] +==== +* `NamespaceLifecycle` +* `LimitRanger` +* `ServiceAccount` +* `NodeRestriction` +* `TaintNodesByCondition` +* `PodNodeSelector` +* `Priority` +* `DefaultTolerationSeconds` +* `PodTolerationRestriction` +* `PersistentVolumeLabel` +* `DefaultStorageClass` +* `StorageObjectInUseProtection` +* `RuntimeClass` +* `DefaultIngressClass` +* `autoscaling.openshift.io/ManagementCPUsOverride` +* `scheduling.openshift.io/OriginPodNodeEnvironment` +* `image.openshift.io/ImagePolicy` +* `security.openshift.io/SecurityContextConstraint` +* `security.openshift.io/DefaultSecurityContextConstraints` +* `MutatingAdmissionWebhook` +====