Simplify the admission plugin code and add a post start hook

72d5089b · kaiyou · 8c501801 · 72d5089b
Commit 72d5089b authored 7 months ago by kaiyou
--- a/services/apiserver.go
+++ b/services/apiserver.go
@@ -340,14 +340,7 @@ func buildApiConfig(c *Cluster, config server.Config, clients *k8s.Clients) (*co
 	// of structs, so we just copy the relevant parts here
 	//
 	// Start, by registering admission plugins
-	// Some default plugins are not enabled here:
-	// - limitranger, since we do not support LimitRange
-	// - setdefault, since we do not support default storage class
-	// - defaulttolrationseconds, as we do not use this feature
-	// - storageobjectinuseprotection, as we do not use this feature
-	// - podpriority, as we do not use this feature
-	// - runtimeclass, as we do not use this feature
-	// - defaultingressclass, as we do not use this feature
+	// Full list of plugins is avaiable at: https://github.com/kubernetes/kubernetes/blob/v1.27.4/pkg/kubeapiserver/options/plugins.go
 	plugins := admission.NewPlugins()
 	lifecycle.Register(plugins)
 	mutating.Register(plugins)
@@ -358,21 +351,10 @@ func buildApiConfig(c *Cluster, config server.Config, clients *k8s.Clients) (*co
 	nodetaint.Register(plugins)
 	podsecurity.Register(plugins)
 	saplugin.Register(plugins)
-	pluginsNames := []string{
-		lifecycle.PluginName,
-		mutating.PluginName,
-		validatingadmissionpolicy.PluginName,
-		validating.PluginName,
-		resize.PluginName,
-		resourcequota.PluginName,
-		nodetaint.PluginName,
-		podsecurity.PluginName,
-		saplugin.PluginName,
-	}
 	// Prepare the plugins configuration
 	// The plugins config is an instance that just returns nil for every plugin,
 	// we ignore errors since it never fails to load config, since it does not parse.. any config at all
-	pluginsConfig, _ := admission.ReadAdmissionConfiguration(pluginsNames, "", nil)
+	pluginsConfig, _ := admission.ReadAdmissionConfiguration([]string{}, "", nil)
 	// Since we do not load configuration from files, the only plugin config we pass is from the plugin initialized chain
 	// It is a chain of functions that alter the plugin object to initialize it. We build the initialize chain from two sources,
 	// the admission initializer packager, which sets clients settings mostly, and helpers from kubeapiserver, which setup the
@@ -384,15 +366,19 @@ func buildApiConfig(c *Cluster, config server.Config, clients *k8s.Clients) (*co
 		LoopbackClientConfig: config.LoopbackClientConfig,
 	}
 	schemaResolver := resolver.NewDefinitionsSchemaResolver(scheme.Scheme, generic.OpenAPIConfig.GetDefinitions)
-	heperInitializers, _, err := admissionConfig.New(nil, nil, clients.ServiceResolver(), nil, schemaResolver) // TODO: handle post start hook
+	heperInitializers, pluginsPostStartHook, err := admissionConfig.New(nil, nil, clients.ServiceResolver(), nil, schemaResolver)
 	if err != nil {
 		return nil, fmt.Errorf("could not prepare the admission config: %w", err)
 	}
+	err = config.AddPostStartHook("initialize-plugins", pluginsPostStartHook)
+	if err != nil {
+		return nil, fmt.Errorf("could not initialize plugins: %w", err)
+	}
 	initializersChain = append(initializersChain, heperInitializers...)
 	// Actually build the admission chain
 	// The plugins config is an instance that just returns nil for every plugin, the decorators instance does nothing
 	// since it iterates over an empty list of decorators
-	admissionChain, err := plugins.NewFromPlugins(pluginsNames, pluginsConfig, initializersChain, admission.Decorators{})
+	admissionChain, err := plugins.NewFromPlugins(plugins.Registered(), pluginsConfig, initializersChain, admission.Decorators{})
 	generic.AdmissionControl = admissionChain

 	return &controlplane.Config{