github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 18:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
76 Commits 22 Branches 103 Tags
49c8131eb5cd2363663fb3d8ea6bfd5475cc9cbe
Commit Graph

76 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dario Tranchitella
49c8131eb5 Adding k8s 1.20 to E2E testing matrix and updating 1.19 to latest stable release (#171) 2020-12-20 23:47:34 +01:00
Dario Tranchitella
82bbd238fb Making tests less flaky (#172) 2020-12-20 23:29:54 +01:00
Dario Tranchitella
03eb6e633e No loop on ResourceQuota outer updates and error handling improvements (#168) 
* Avoiding loop on updating outer resource quota

* Using retryOnConflict on Tenant status update

* Using errgroup instead of bare go routines

* Testing Namespace Capsule default label presence
 2020-12-20 12:25:41 +01:00
Adriano Pezzuto
6e24aad094 Improve documentation (#146) 
* move docs in a separate folder
* review of readme and add faq
* rewrite use cases
* more use cases
* add new project logo
* minor improvements
 2020-12-15 00:03:07 +01:00
bsctl
aa6881e32e delete conflicting doc files 2020-12-15 00:00:17 +01:00
Dario Tranchitella
98e441f1e9 Enforcing Service external IPs (#161) 2020-12-11 19:17:46 +01:00
Dario Tranchitella
007bdff512 Only owner Tenant specification key is mandatory (#153) 
* Only Tenant owner specification key is mandatory

* Increasing default timeout to avoid e2e flakiness on GH Actions

* Ensuring also empty Namespace annotations and labels
 2020-12-11 15:47:29 +01:00
Dario Tranchitella
a3c77b3531 Enhancing Helm Chart lifecycle (#156) 2020-12-10 14:21:41 +01:00
Dario Tranchitella
3e38884a6c Annotating Tenant's Namespaces with allowed registries (#154) 
* Updating allowed registries docs w/ Namespace annotations
 2020-12-09 15:20:14 +01:00
Dario Tranchitella
40130696bb Annotating ResourceQuota with Hard quota (#158) 2020-12-09 15:19:16 +01:00
Dario Tranchitella
12a8c469e8 Requiring Helm Chart version 2020-12-06 02:26:37 +01:00
Dario Tranchitella
27cdd84b3b Updating Helm instructions (#149) 2020-12-01 23:43:35 +01:00
Dario Tranchitella
f6fd0cfe3f Helm Charts are now inside of the repository (#147) 
* Adding Helm chart source

* Pointing to new Chart location

* Setting GitHub Action for remote Helm Chart release

* Updating Go dependencies

* Using Helm as default installation tool

* Separating diff and e2e jobs

* Aligning tests to Helm labels

* Checking fmt and vet, and fixing it

* We don't need limits on E2E
 2020-12-01 23:30:31 +01:00
Dario Tranchitella
0641350575 Releasing v0.0.3 (#144) v0.0.3 2020-11-25 17:15:20 +01:00
Dario Tranchitella
5aed7a01d5 Enforcing container registry via list or regex (#142) 
Adding also NamespaceSelector to specific webhooks in order to decrease
the chance ov breaking other critical Namespaces in case of Capsule
failures.
 2020-11-24 00:40:40 +01:00
Dario Tranchitella
8442eef72b Logging timestamp to ISO 8601 (#140) 2020-11-19 07:58:24 +01:00
Dario Tranchitella
d3bc9f4870 Provide a more meaningful error message when not admitted Storage/Ingress Classes are used (#141) 
* Providing further details on non allowed Storage Classes

* Providing further details on non allowed Ingress Classes
 2020-11-17 23:44:08 +01:00
Dario Tranchitella
6541f19b67 Automating version pick-up according to current git version and minor Kustomize hotfixes (#135) 2020-11-17 19:20:31 +01:00
Dario Tranchitella
45709f7bd3 Providing additional print column for the nodeSelector Tenant spec (#138) 2020-11-17 16:58:03 +01:00
Dario Tranchitella
2d628e1cd0 Upgrading GitHub actions (#136) 
* New KinD GitHub action

* Upgrading golangci-lint
 2020-11-17 09:27:53 +01:00
Dario Tranchitella
ea599ba6e6 Supporting additional Role Bindings per Tenant (#133) 
* Enabling Capsule to run on a cluster with PodSecurityPolicy enabled

* Supporting additional Role Binding per Tenant

* Documenting the additionalRoleBindings specification
 2020-11-16 13:51:44 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
v0.0.2 0.2.0-rc1 		2020-11-10 19:43:30 +03:00
Dario Tranchitella
2c54d91306 Enforcing back tenant selection using closest match (#129) 2020-11-05 11:20:48 +01:00
Dario Tranchitella
0ce901f8dd Using latest current version rather than latest tag (#127) 2020-11-02 16:35:21 +01:00
Adriano Pezzuto
ff67ab3dc1 update README with Helm installation method (#126) 
* update README with Helm installation method

* fix typo in README
 2020-11-02 14:41:09 +01:00
Dario Tranchitella
e764b976aa Allowing dash on Tenant namespace (#118) 
* Allowing dashes in the Tenant name as DNS RFC-1123

* Allowing force tenant prefix with Namespaces with dash
 2020-10-31 19:43:46 +01:00
Maxim Fedotov
7ae1c0ae32 issues/115. fix endpoint creation for services with selectors when servicesMetadata is specified for tenant (#116) 
apply review notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-10-31 15:10:08 +03:00
Dario Tranchitella
39d6638669 Duplicated code, can be easily removed (#119) 2020-10-31 12:50:51 +01:00
Dario Tranchitella
2af568f0ed Making e2e tests less flaky (#121) 2020-10-31 12:28:17 +01:00
Dario Tranchitella
ee6e3aa0df Using matrix strategy for e2e on multiple k8s versions (#111) 
* Using matrix strategy for e2e on multiple k8s versions

* EndpointSlice version support according to Kubernetes release

* Utility helper for testing various Kubernetes versions
 2020-10-29 09:39:22 +01:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Dario Tranchitella
b0310cd42f Handling all the events from Storage and Ingress classes (#108) 2020-10-17 14:40:07 +02:00
Dario Tranchitella
8f3fd8dfee Removing CR/B upon Capsule removal (#102) 2020-09-23 10:40:08 +02:00
Dario Tranchitella
feec653db4 No need to add a duplicated schema (#100) 2020-09-23 09:21:03 +02:00
Dario Tranchitella
aee6e72f1e Adding StorageClassesSpec and IngressClassesSpec to Tenant example (#97) v0.0.1 0.0.1 2020-09-16 20:50:15 +02:00
Dario Tranchitella
c75f773fc6 We're stable and production-ready 2020-09-15 15:48:31 +02:00
Dario Tranchitella
3cae5e9c8c Upgrading to latest Kubernetes libraries (#92) 2020-09-15 11:55:02 +02:00
Maxim Fedotov
d0028d483b Fix null pointer exception in Ingress validating webhook (#94) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:54:52 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Dario Tranchitella
9d0a7a78c1 Making CR/CRB names conforming to Kubernetes naming requirements (#91) 2020-09-12 12:14:52 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Dario Tranchitella
10dcfeab82 Typo on bug report template 2020-09-10 16:49:34 +02:00
Dario Tranchitella
f4c41985d8 Using pointers and internal handler for Namespace OwnerReferences (#86) 
* Using pointers and internal handler for Namespace OwnerReferences

* Missing go fmt
 2020-09-10 15:27:27 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Dario Tranchitella
12b1338dad Making Namespace no more hard-coded (#83) 2020-09-09 13:33:03 +02:00
Dario Tranchitella
ee0261c069 Providing namespace metadata additional labels and annotations (#80) 2020-09-07 15:09:34 +02:00
Maxim Fedotov
a99153cbe7 Add protected-namespace-regex (#73) 2020-09-02 12:43:02 +02:00
Dario Tranchitella
ea2d69088d Fixing CI (#75) 
* Version pinning Ubuntu

* Caching Docker images and other Go modules

* Removing kustomize
 2020-09-01 19:12:32 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00