github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 18:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
339 Commits 22 Branches 103 Tags
01053d5debbaa54863cfb4db2aaddf0f2002c0d2
Commit Graph

57 Commits

Author SHA1 Message Date
Dario Tranchitella
01053d5deb refactor: renaming struct field names for allowed hostnames and classes 2021-08-12 19:30:27 +02:00
Dario Tranchitella
b749e34547 refactor: grouping Ingress options into defined struct 2021-08-12 19:30:27 +02:00
Dario Tranchitella
9182895811 refactor:EndpointSlice v1beta1 deprecated for v1 2021-08-10 15:39:43 +02:00
Maxim Fedotov
b3658b7bfc refactor AdditionalMetadataSpec struct. Remove Additional prefix from labels and annotations fields (#379) 
* refactor: remove 'Additional' prefix from Labels and Annotations fields in AdditionalMetadataSpec

* test(e2e): aligning tests to use updated AdditionalMetadataSpec structure

* build(kustomize): CRD update for updated v1beta1 AdditionalMetadataSpec

* build(helm): CRD update for updated v1beta1 AdditionalMetadataSpec

* build(installer): CRD update for updated v1beta1 AdditionalMetadataSpec

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-08-10 12:11:16 +03:00
Maksim Fedotov
737fb26e39 refactor: use NamespaceOptions struct to store namespace-related tenant configurations 2021-08-09 20:25:03 +02:00
Maxim Fedotov
ddb9ffd79e refactor: split tenant controller to separate files 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-08-07 21:37:48 +02:00
Maksim Fedotov
cae65c9f84 fix: capsuleconfiguration controller package name should be config instead of rbac 2021-08-07 20:40:08 +02:00
Dario Tranchitella
848c6d99c2 refactor: using goroutines per Namespace for each resource Kind reconciliation 2021-07-28 17:34:24 +02:00
Dario Tranchitella
bd12068397 fix: handling multiple resources for hard ResourceQuota resources 2021-07-24 14:36:57 +02:00
Dario Tranchitella
c52f7844db feat: Tenant or Namespace scope for resource quota budgets 2021-07-24 14:36:57 +02:00
Dario Tranchitella
0e55823a0c feat: toggling ExternalName service 2021-07-21 14:34:56 +02:00
Maksim Fedotov
a6408f26b0 feat: support multiple tenant owners(add applications to act as tenant owners) 2021-07-12 11:27:13 +02:00
Dario Tranchitella
6008373960 bug: ensuring to update the conversion webhook CA bundle 2021-07-05 17:58:49 +02:00
Dario Tranchitella
414c03a874 feat: reconciliation for Tenant state 2021-07-05 16:28:39 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
416609362d feat(v1beta1): tenant spec 
feat(v1beta1): remove unused structs and functions from v1beta1. Rename v1alpha1 structs to follow new naming. Move v1alpha1 structs to separate files
 2021-07-02 10:14:06 +02:00
Dario Tranchitella
b1a9603faa fix: ensuring single reconciliation for Capsule RoleBinding resources 2021-07-01 16:34:18 +02:00
Dario Tranchitella
46fc65a988 fix: avoiding concurrent map write 2021-06-16 08:49:50 +02:00
Dario Tranchitella
accd9ca038 feat: emitting events for policies violations 2021-06-15 21:42:39 +02:00
Dario Tranchitella
246c1a3c2c fix: misleading info message for additional RoleBindings sync 2021-06-07 14:56:03 +02:00
Dario Tranchitella
a06e68945c fix: avoiding Namespace's RoleBinding labels collision 2021-06-07 14:56:03 +02:00
Dario Tranchitella
61c9bc647c refactor: object labels must be set in the mutateFn 2021-06-06 22:18:51 +02:00
Dario Tranchitella
9c8b0377dc feat: emitting events for Tenant operations 2021-06-06 22:18:51 +02:00
Dario Tranchitella
7c1592e739 chore(license): switching over SPDX license header (#280) 2021-06-03 19:46:20 +02:00
Dario Tranchitella
a7fff597fa feat: providing log upon CapsuleConfiguration change 2021-05-31 16:15:44 +02:00
Dario Tranchitella
d532f1633c refactor: simplifying RBAC managed with multiple user groups 2021-05-31 16:15:44 +02:00
Dario Tranchitella
3570b02427 feat!: using CapsuleConfiguration CRD with reload at runtime 2021-05-31 16:15:44 +02:00
Maksim Fedotov
229b569b50 fix: the ClusterRoleBindings capsule-namespace-provisioner are not reconciled when --capsule-user-group changes 2021-05-28 09:32:38 +02:00
Maksim Fedotov
3c9895e498 feat: use multiple groups as capsule-user-group 2021-05-25 14:46:05 +02:00
Dario Tranchitella
6dc83b16da fix: generating TLS certificate matching the deployed Namespace 2021-05-23 18:46:25 +02:00
stg
12237ae106 feat: adding name label to each Namespace (#242) 
Co-authored-by: Santiago Sanchez Paz <sanchezpaz@gmail.com>
 2021-03-24 19:28:45 +01:00
Dario Tranchitella
51de469551 bug: syncing Namespace annotations in a single place 2021-03-06 17:41:18 +01:00
Dario Tranchitella
452bceff34 fix: additional metadata must be controlled just from Tenant manifest (#211) 2021-03-04 10:02:14 +01:00
Dario Tranchitella
d2700556dd Adding linters and aligning code (#169) 
* Adding linters and aligning code

* Aligning ingressHostnames to AllowedListSpec
 2021-01-13 23:49:11 +01:00
Geofrey Ernest
1ed5d703e6 Short circuit error returns (#175) 2020-12-23 15:08:15 +01:00
Dario Tranchitella
03eb6e633e No loop on ResourceQuota outer updates and error handling improvements (#168) 
* Avoiding loop on updating outer resource quota

* Using retryOnConflict on Tenant status update

* Using errgroup instead of bare go routines

* Testing Namespace Capsule default label presence
 2020-12-20 12:25:41 +01:00
Dario Tranchitella
007bdff512 Only owner Tenant specification key is mandatory (#153) 
* Only Tenant owner specification key is mandatory

* Increasing default timeout to avoid e2e flakiness on GH Actions

* Ensuring also empty Namespace annotations and labels
 2020-12-11 15:47:29 +01:00
Dario Tranchitella
3e38884a6c Annotating Tenant's Namespaces with allowed registries (#154) 
* Updating allowed registries docs w/ Namespace annotations
 2020-12-09 15:20:14 +01:00
Dario Tranchitella
40130696bb Annotating ResourceQuota with Hard quota (#158) 2020-12-09 15:19:16 +01:00
Dario Tranchitella
ea599ba6e6 Supporting additional Role Bindings per Tenant (#133) 
* Enabling Capsule to run on a cluster with PodSecurityPolicy enabled

* Supporting additional Role Binding per Tenant

* Documenting the additionalRoleBindings specification
 2020-11-16 13:51:44 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Dario Tranchitella
9d0a7a78c1 Making CR/CRB names conforming to Kubernetes naming requirements (#91) 2020-09-12 12:14:52 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
12b1338dad Making Namespace no more hard-coded (#83) 2020-09-09 13:33:03 +02:00
Dario Tranchitella
ee0261c069 Providing namespace metadata additional labels and annotations (#80) 2020-09-07 15:09:34 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
9969864141 Scaffolding e2e testing (#56) 
* Implementing generic e2e features

* Adding changes upon e2e benchmarking
 2020-08-21 14:55:48 +02:00