kubernetes/plugin/pkg/admission/certificates/subjectrestriction/admission.go

const PluginName

// Register registers the plugin
func Register(plugins *admission.Plugins) {}

type Plugin

// ValidateInitialization always returns nil.
func (p *Plugin) ValidateInitialization() error {}

var _

// NewPlugin constructs a new instance of the CertificateSubjectRestrictions admission interface.
func NewPlugin() *Plugin {}

var csrGroupResource

// Validate ensures that if the signerName on a CSR is set to
// `kubernetes.io/kube-apiserver-client`, that its organization (group)
// attribute is not set to `system:masters`.
func (p *Plugin) Validate(_ context.Context, a admission.Attributes, _ admission.ObjectInterfaces) error {}