github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,562 Commits 22 Branches 103 Tags
main
Commit Graph

38 Commits

Author SHA1 Message Date
Oliver Bähler
0abc77b56a feat: diverse performance improvements (#1861) 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2026-02-03 22:05:00 +01:00
Oliver Bähler
a6b830b1af feat: add ruleset api(#1844) 
* fix(controller): decode old object for delete requests

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(config): remove usergroups default

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(config): remove usergroups default

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* sec(ghsa-2ww6-hf35-mfjm): intercept namespace subresource

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: conflicts

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(api): add rulestatus api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2026-01-27 14:28:48 +01:00
renovate[bot]
eb8d2b6076 chore(deps): update dependency golangci/golangci-lint to v2.8.0 (#1823) 
* chore(deps): update dependency golangci/golangci-lint to v2.8.0

* chore(deps): update dependency golangci/golangci-lint to v2.8.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

* chore(deps): update dependency golangci/golangci-lint to v2.8.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

* chore(deps): update dependency golangci/golangci-lint to v2.8.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

---------

Signed-off-by: Hristo Hristov <me@hhristov.info>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hristo Hristov <me@hhristov.info>
 2026-01-08 15:43:32 +02:00
Oliver Bähler
730151cb44 feat: add dynamic capsule user evaluation (#1811) 
* chore: improve dev targets

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(controller): implement deterministic rolebinding reflection

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(controller): capsule users are determined from configuration status

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(tenantowners): added agreggate option - tenantowners are always considered capsule users

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(tenantowner): add implicit aggregation for tenants

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: remove helm flags

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(config): remove usergroups default

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-31 11:37:30 +01:00
Oliver Bähler
a42d910ba1 fix(controller): template concurrency (#1802) 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-19 08:14:37 +01:00
Oliver Bähler
e19575bcbd fix(controller): allow no spaces in template references (#1789) 
* fix(controller): decode old object for delete requests

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(controller): allow no spaces in template references

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(controller): allow no spaces in template references

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-11 17:03:52 +01:00
Oliver Bähler
c06f54a3a3 fix(controller): decode old object for delete requests (#1787) 
* fix(controller): decode old object for delete requests

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: modernize golang

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-10 18:34:42 +01:00
Oliver Bähler
584d372521 feat(config): add combined users property as successor for usergroups (#1767) 
* feat(config): add combined users property as successor for usergroups and usernames configuration

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(crds): add proper deprecation notices on properties and via admission warnings

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: add local monitoring environment

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-04 12:18:07 +01:00
Oliver Bähler
d812a0c722 feat(tenant): add dedicated tenantowner crd (#1764) 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-12-02 15:21:46 +01:00
Oliver Bähler
6e8405d5f0 feat: refactor core webhooks (#1756) 
* feat(webhook): add watchdog webhook to core

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* fix(controller): ensure managed metadata for namespaces on update

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore(controller): refactor core webhooks to generics

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix helm plugin installation

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: rename webhook to tenant-label

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-11-26 15:27:41 +01:00
Oliver Bähler
581a8fe60e feat(controller): administration persona (#1739) 
* chore(refactor): project and api refactoring

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore(refactor): project and api refactoring

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-11-18 16:27:16 +01:00
Oliver Bähler
5ac0f83c5a feat(controller): refactor namespace core loop and state management (#1680) 
* feat(controller): allow owners to promote serviceaccounts within tenant as owners

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* feat(controller): refactor status handling for tenants and owned namespaces (including metrics)

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-10-06 08:19:26 +02:00
renovate[bot]
b8f7d5a227 chore(deps): update dependency golangci/golangci-lint to v2.5.0 (#1663) 
* chore(deps): update dependency golangci/golangci-lint to v2.5.0

* chore(deps): update dependency golangci/golangci-lint to v2.5.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

* chore(deps): update dependency golangci/golangci-lint to v2.5.0

Signed-off-by: Hristo Hristov <me@hhristov.info>

---------

Signed-off-by: Hristo Hristov <me@hhristov.info>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hristo Hristov <me@hhristov.info>
 2025-10-02 09:45:17 +02:00
Oliver Bähler
3682283352 chore: add license headers (#1504) 
* chore: add nwa

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: update helm-schema version

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: update helm-schema version

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-06-13 07:31:04 +02:00
Oliver Bähler
c7237f802b feat(api): add resourcepools and claims (#1333) 
* feat: functional appsets

* feat(api): add resourcepools api

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix gomod

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: correct webhooks

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix harpoon image

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: improve e2e

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: add labels to e2e test

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix status handling

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix racing conditions

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: make values compatible

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: fix custom resources test

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

* chore: correct metrics

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

---------

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-05-22 09:07:13 +02:00
Siarhei Rasiukevich
f85b61860e feat: namespace metadata sync on creation #1378 (#1379) 
* feat: namespace metadata sync on creation #1378

Signed-off-by: Siarhei Rasiukevich <s_rasiukevich@wargaming.net>

* fix(tenant): internal error is not returned in cordon webhook

Signed-off-by: Siarhei Rasiukevich <s_rasiukevich@wargaming.net>

* fix(utils): lint on pkg/utils/namespace_selector.go

Signed-off-by: Siarhei Rasiukevich <s_rasiukevich@wargaming.net>

---------

Signed-off-by: Siarhei Rasiukevich <s_rasiukevich@wargaming.net>
Co-authored-by: Siarhei Rasiukevich <s_rasiukevich@wargaming.net>
 2025-05-09 06:39:12 +02:00
Deofex
8e9b8adac9 feat: Add additionalMetadataList Support for Conditional Metadata Assignment (#1339) 
* feat: Add support for additionalMetadataList

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

* docs: change description

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

* fix: missing bracket

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

* fix: removed duplicated if statement

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

* chore: adjustments after review

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

* chore: Sync `syncNamespaceMetadata` method

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>

---------

Signed-off-by: Deofex <28751252+Deofex@users.noreply.github.com>
Signed-off-by: Deofex 28751252+Deofex@users.noreply.github.com
 2025-05-08 08:45:05 +02:00
Hristo Hristov
9d1f70229b feat(tenant): improve cordoning selection (#1424) 
feat(tenant): improve cordoning selection (#1424)

Signed-off-by: Hristo Hristov <me@hhristov.info>
Co-authored-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2025-05-05 23:04:52 +03:00
Oliver Bähler
4afcfbbb27 fix(controller): use ownerreferences without controller owner relation (#1095) 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2024-05-27 14:33:34 +02:00
Dario Tranchitella
0241603f2b feat!: deprecating v1alpha1 api 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2023-11-26 17:16:33 +01:00
Dario Tranchitella
364332c380 deps(controller-runtime): upgrading to v0.16.3 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2023-10-24 10:00:46 +02:00
Dario Tranchitella
0830b3629e chore(header): moving to new neutral organization 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2023-10-16 21:29:23 +02:00
Dario Tranchitella
d7a48d771f refactor: moving to new neutral organization 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2023-10-16 21:29:23 +02:00
Dario Tranchitella
272d6f61c5 feat: detecting group discovery error for indexers 2023-05-25 14:36:48 +02:00
Dario Tranchitella
89348c9499 chore(golangci-lint): updating to latest version and code alignement 2023-03-02 15:32:47 +01:00
Dario Tranchitella
43bd2491ae refactor(api): switching to v1beta2 as storage version 2022-12-27 17:53:17 +01:00
Dario Tranchitella
cf52924870 refactor: abstracting types used by several api versions 2022-12-26 14:27:26 +01:00
Dario Tranchitella
75525ac192 fix: preventing serviceaccount privilege escalation 2022-12-02 15:19:06 +01:00
Dario Tranchitella
49e76f7f93 style: linters refactoring 2022-05-05 13:33:39 +00:00
Maksim Fedotov
a6408f26b0 feat: support multiple tenant owners(add applications to act as tenant owners) 2021-07-12 11:27:13 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
7c1592e739 chore(license): switching over SPDX license header (#280) 2021-06-03 19:46:20 +02:00
Maksim Fedotov
3c9895e498 feat: use multiple groups as capsule-user-group 2021-05-25 14:46:05 +02:00
Dario Tranchitella
5ecabaad3e refactor: ignoring requests from kube-system ServiceAccount resources 2021-03-17 11:43:11 +01:00
Maxim Fedotov
4dc92451ea IsInCapsuleGroup binary search is case-sensitive broken (#181) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-01-05 13:10:27 +01:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
5d20d515a7 Migrating from OperatorSDK 0.18 to 0.19 (#23) 2020-08-04 16:30:28 +02:00