k8s/io/kubernetes/pkg/admission.NewForbidden 示例代码

2022-03-03

以下示例是关于golang中包含admission.NewForbidden用法的示例代码,想了解admission.NewForbidden的具体用法?admission.NewForbidden怎么用?admission.NewForbidden使用的例子?那么可以参考以下10个相关示例代码来学习它的具体使用方法。

示例1:
admission.go开发语言: Go项目名称: abhgupta代码行数: 342
100		// disallow requests we cannot match to a particular node
101		return admission.NewForbidden(a, fmt.Errorf("could not determine node from user %q", a.GetUserInfo().GetName()))
102	}
113		default:
114			return admission.NewForbidden(a, fmt.Errorf("unexpected pod subresource %q", a.GetSubresource()))
115		}
124		default:
125			return admission.NewForbidden(a, fmt.Errorf("may only update PVC status"))
126		}
138		if !ok {
139			return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject()))
140		}
143		if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; !isMirrorPod {
144			return admission.NewForbidden(a, fmt.Errorf("pod does not have %q annotation, node %q can only create mirror pods", api.MirrorPodAnnotationKey, nodeName))
145		}
示例2:
admission.go开发语言: Go项目名称: ddysher代码行数: 214
94		// disallow requests we cannot match to a particular node
95		return admission.NewForbidden(a, fmt.Errorf("could not determine node from user %q", a.GetUserInfo().GetName()))
96	}
105		default:
106			return admission.NewForbidden(a, fmt.Errorf("unexpected pod subresource %q", a.GetSubresource()))
107		}
122		if !ok {
123			return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject()))
124		}
127		if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; !isMirrorPod {
128			return admission.NewForbidden(a, fmt.Errorf("pod does not have %q annotation, node %q can only create mirror pods", api.MirrorPodAnnotationKey, nodeName))
129		}
132		if pod.Spec.NodeName != nodeName {
133			return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with spec.nodeName set to itself", nodeName))
134		}
示例3:
admission.go开发语言: Go项目名称: detiber代码行数: 214
94		// disallow requests we cannot match to a particular node
95		return admission.NewForbidden(a, fmt.Errorf("could not determine node from user %s", a.GetUserInfo().GetName()))
96	}
105		default:
106			return admission.NewForbidden(a, fmt.Errorf("unexpected pod subresource %s", a.GetSubresource()))
107		}
122		if !ok {
123			return admission.NewForbidden(a, fmt.Errorf("unexpected type %T", a.GetObject()))
124		}
127		if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; !isMirrorPod {
128			return admission.NewForbidden(a, fmt.Errorf("pod does not have %q annotation, node %s can only create mirror pods", api.MirrorPodAnnotationKey, nodeName))
129		}
132		if pod.Spec.NodeName != nodeName {
133			return admission.NewForbidden(a, fmt.Errorf("node %s can only create pods with spec.nodeName set to itself", nodeName))
134		}
示例4:
admission.go开发语言: Go项目名称: amygdala代码行数: 307
124	if err != nil {
125		return admission.NewForbidden(a, fmt.Errorf("Error resolving quota."))
126	}
137			if err != nil {
138				return admission.NewForbidden(a, err)
139			}
173		if err != nil {
174			return admission.NewForbidden(a, fmt.Errorf("Failed quota: %s: %v", resourceQuota.Name, err))
175		}
176		if !hasUsageStats(resourceQuota) {
177			return admission.NewForbidden(a, fmt.Errorf("Status unknown for quota: %s", resourceQuota.Name))
178		}
192		if err != nil {
193			return admission.NewForbidden(a, fmt.Errorf("Unable to get previous: %v", err))
194		}
示例5:
admission.go开发语言: Go项目名称: abhgupta代码行数: 492
164	if err != nil {
165		return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
166	}
171			}
172			return admission.NewForbidden(a, err)
173		}
200		if len(pod.Spec.ServiceAccountName) != 0 {
201			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference service accounts"))
202		}
208		if hasSecrets {
209			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference secrets"))
210		}
216	if err != nil {
217		return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
218	}
示例6:
admission.go开发语言: Go项目名称: ddysher代码行数: 449
150		if len(pod.Spec.ServiceAccountName) != 0 {
151			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference service accounts"))
152		}
158		if hasSecrets {
159			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference secrets"))
160		}
171	if err != nil {
172		return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
173	}
175		// TODO: convert to a ServerTimeout error (or other error that sends a Retry-After header)
176		return admission.NewForbidden(a, fmt.Errorf("service account %s/%s was not found, retry after the service account is created", a.GetNamespace(), pod.Spec.ServiceAccountName))
177	}
180		if err := s.limitSecretReferences(serviceAccount, pod); err != nil {
181			return admission.NewForbidden(a, err)
182		}
示例7:
admission.go开发语言: Go项目名称: detiber代码行数: 449
150		if len(pod.Spec.ServiceAccountName) != 0 {
151			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference service accounts"))
152		}
158		if hasSecrets {
159			return admission.NewForbidden(a, fmt.Errorf("a mirror pod may not reference secrets"))
160		}
171	if err != nil {
172		return admission.NewForbidden(a, fmt.Errorf("error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
173	}
175		// TODO: convert to a ServerTimeout error (or other error that sends a Retry-After header)
176		return admission.NewForbidden(a, fmt.Errorf("service account %s/%s was not found, retry after the service account is created", a.GetNamespace(), pod.Spec.ServiceAccountName))
177	}
180		if err := s.limitSecretReferences(serviceAccount, pod); err != nil {
181			return admission.NewForbidden(a, err)
182		}
示例8:
admission.go开发语言: Go项目名称: amygdala代码行数: 415
168		if len(pod.Spec.ServiceAccountName) != 0 {
169			return admission.NewForbidden(a, fmt.Errorf("A mirror pod may not reference service accounts"))
170		}
172			if volume.VolumeSource.Secret != nil {
173				return admission.NewForbidden(a, fmt.Errorf("A mirror pod may not reference secrets"))
174			}
186	if err != nil {
187		return admission.NewForbidden(a, fmt.Errorf("Error looking up service account %s/%s: %v", a.GetNamespace(), pod.Spec.ServiceAccountName, err))
188	}
190		// TODO: convert to a ServerTimeout error (or other error that sends a Retry-After header)
191		return admission.NewForbidden(a, fmt.Errorf("service account %s/%s was not found, retry after the service account is created", a.GetNamespace(), pod.Spec.ServiceAccountName))
192	}
195		if err := s.limitSecretReferences(serviceAccount, pod); err != nil {
196			return admission.NewForbidden(a, err)
197		}
示例9:
admission.go开发语言: Go项目名称: abhgupta代码行数: 156
98	if err != nil {
99		return admission.NewForbidden(a, err)
100	}
104		if d.hostNetwork && securityContext.HostNetwork {
105			return admission.NewForbidden(a, fmt.Errorf("cannot exec into or attach to a container using host network"))
106		}
108		if d.hostPID && securityContext.HostPID {
109			return admission.NewForbidden(a, fmt.Errorf("cannot exec into or attach to a container using host pid"))
110		}
112		if d.hostIPC && securityContext.HostIPC {
113			return admission.NewForbidden(a, fmt.Errorf("cannot exec into or attach to a container using host ipc"))
114		}
117	if d.privileged && isPrivileged(pod) {
118		return admission.NewForbidden(a, fmt.Errorf("cannot exec into or attach to a privileged container"))
119	}
示例10:
admission.go开发语言: Go项目名称: abhgupta代码行数: 262
163	if operation == admission.Create && pod.Spec.Priority != nil {
164		return admission.NewForbidden(a, fmt.Errorf("the integer value of priority must not be provided in pod spec. Priority admission controller populates the value from the given PriorityClass name"))
165	}
182					if errors.IsNotFound(err) {
183						return admission.NewForbidden(a, fmt.Errorf("no PriorityClass with name %v was found", pod.Spec.PriorityClassName))
184					}
204	if pc.Value > HighestUserDefinablePriority {
205		return admission.NewForbidden(a, fmt.Errorf("maximum allowed value of a user defined priority is %v", HighestUserDefinablePriority))
206	}
207	if _, ok := SystemPriorityClasses[pc.Name]; ok {
208		return admission.NewForbidden(a, fmt.Errorf("the name of the priority class is a reserved name for system use only: %v", pc.Name))
209	}
218			if operation == admission.Create || (operation == admission.Update && dpc.GetName() != pc.GetName()) {
219				return admission.NewForbidden(a, fmt.Errorf("PriorityClass %v is already marked as default. Only one default can exist", dpc.GetName()))
220			}

本文地址:https://www.itbaoku.cn/snippets/415565.html