github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-04 18:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
609 Commits 22 Branches 103 Tags
helm-v0.2.0
Commit Graph

122 Commits

Author SHA1 Message Date
Dario Tranchitella
6a380b00ad style: kubebuilder annotations start with empty space 2022-12-26 14:27:26 +01:00
Dario Tranchitella
503e3fc1d0 feat: globaltenantresource and tenantresource reconciliation 2022-12-26 14:27:26 +01:00
Dario Tranchitella
360a8d2b56 refactor: using interfaces for accessing tenant namespaces 2022-12-26 14:27:26 +01:00
Dario Tranchitella
4835b94839 style: conforming go files headers 2022-12-26 14:27:26 +01:00
Dario Tranchitella
cf52924870 refactor: abstracting types used by several api versions 2022-12-26 14:27:26 +01:00
Dario Tranchitella
1087ea853b fix: inverted logic in forbidden user namespace metadata 2022-12-23 15:34:28 +01:00
Dario Tranchitella
75525ac192 fix: preventing serviceaccount privilege escalation 2022-12-02 15:19:06 +01:00
Dario Tranchitella
098a74b565 refactor(capsuleconfiguration): allowing to skip tls reconciler 2022-07-26 17:48:58 +02:00
Dario Tranchitella
d84f0be76b fix: tenant owners cannot replace protected namesapce labels or annotations 2022-07-22 19:29:27 +00:00
Oliver Bähler
cac2920827 feat: grant global patch privileges and add patch handler 2022-06-09 18:32:39 +00:00
Maksim Fedotov
f1dc028649 feat: generate TLS certificates before starting controllers 2022-06-08 11:12:35 +00:00
Maksim Fedotov
82b58d7d53 feat: refactor capsule TLS certificates management 2022-06-08 11:12:35 +00:00
Maksim Fedotov
3c9228d1aa fix: protectedHandler OnDelete get tenant using client 2022-05-18 18:06:10 +02:00
Maksim Fedotov
23564f8e40 feat: protected tenant annotation 2022-05-18 18:06:10 +02:00
Dario Tranchitella
a8b84c8cb3 fix: using sentinel error for non limited custom resource 2022-05-16 15:51:07 +00:00
Dario Tranchitella
49e76f7f93 style: linters refactoring 2022-05-05 13:33:39 +00:00
Dario Tranchitella
345836630c refactor: avoiding using background context 2022-05-05 13:33:39 +00:00
Davide Imola
569d803e95 fix: using configuration for mutating and validating webhooks 2022-03-31 13:02:25 +00:00
Davide Imola
7b3b0d6504 fix: using configuration for tls and ca secret names 2022-03-31 13:02:25 +00:00
Pandry
d4a5f3beca fix: validate regex patterns in annotations #510 2022-02-22 06:11:49 +00:00
Dario Tranchitella
e53911942d feat: limiting amount of resources deployed in a tenant 2021-12-23 11:39:34 +00:00
Oliver Bähler
5c7804e1bf fix: add rolebinding validation against rfc-1123 dns for sa subjects 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Maxim Fedotov
14f9686bbb Forbidden node labels and annotations (#464) 
* feat: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations

* build(kustomize): forbidden node labels and annotations

* build(helm): forbidden node labels and annotations

* build(installer): forbidden node labels and annotations

* chore(make): forbidden node labels and annotations

* docs: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations. Use EventuallyCreation func

* feat: forbidden node labels and annotations. Check kubernetes version

* test(e2e): forbidden node labels and annotations. Check kubernetes version

* docs: forbidden node labels and annotations. Version restrictions

* feat: forbidden node labels and annotations. Do not update deepcopy functions

* docs: forbidden node labels and annotations. Use blockquotes for notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-11-02 20:01:53 +03:00
Dario Tranchitella
6ba9826c51 chore(linters): no more need of duplicate check 2021-11-02 17:13:23 +01:00
Dario Tranchitella
e2768dad83 fix!: forcing to use fqci and container registries with no repositories 2021-11-02 17:13:23 +01:00
Tom OBrien
e361e2d424 fix: allowing regex underscore for container registry enforcement 
While not best practice, underscore can be used and so should be allowed.
 2021-10-27 20:55:39 +02:00
Maksim Fedotov
b28b98a7bc feat: namespace labeling for tenant owners. fix linting issues 2021-09-23 14:10:24 +02:00
Maksim Fedotov
a14c7609df feat: namespace labeling for tenant owners 2021-09-23 14:10:24 +02:00
alegrey91
196e3c910d feat: add deny-wildcard annotation 2021-09-21 19:14:49 +02:00
Dario Tranchitella
26965a5ea2 fix: skipping indexer if error is a NoKindMatch 2021-09-17 15:43:42 +02:00
Maksim Fedotov
422b6598ba fix: check if user is a member of capsuleUserGroup instead of tenantOwner when cordoning a tenant 2021-09-15 11:14:39 +02:00
Dario Tranchitella
94c6a64fcb fix: validating Tenant owner name when is a ServiceAccount 2021-09-04 14:17:06 +02:00
Dario Tranchitella
60ab33337d feat: enforcement of LoadBalancer service kind 2021-08-17 17:21:59 +02:00
Dario Tranchitella
a2fda44110 fix: NewIngressHostnameCollision is returning pointer for error parsing 2021-08-12 19:30:27 +02:00
Dario Tranchitella
df08c9e63e refactor: hostname collision is now managed at Tenant level 2021-08-12 19:30:27 +02:00
Dario Tranchitella
09277e9f3d feat: Ingress hostname collision scope at Tenant level 2021-08-12 19:30:27 +02:00
Dario Tranchitella
e24394f329 refactor: avoiding init functions for direct registration 2021-08-12 19:30:27 +02:00
Dario Tranchitella
01053d5deb refactor: renaming struct field names for allowed hostnames and classes 2021-08-12 19:30:27 +02:00
Dario Tranchitella
b749e34547 refactor: grouping Ingress options into defined struct 2021-08-12 19:30:27 +02:00
Dario Tranchitella
57bf3d1c1b feat: skipping Ingress indexer setup for deprecated APIs 
Starting from Kubernetes v1.22+, networking.k8s.io/v1beta1 and
extensions/v1beta1 are no more supported and indexers must not be
started, otherwise the manager would panic.
 2021-08-10 15:39:43 +02:00
Dario Tranchitella
18912a002b feat: allowed external IPs is grouped in ServiceOptions 2021-07-23 08:28:20 +02:00
Dario Tranchitella
0e55823a0c feat: toggling ExternalName service 2021-07-21 14:34:56 +02:00
Maksim Fedotov
ba690480a7 refactor: use OwnerListSpec to store tenant owners information 2021-07-20 11:21:40 +02:00
Dario Tranchitella
d64dcb5a44 fix: preserving v1alpha1 enable node ports false value avoiding CRD default 2021-07-19 08:15:24 +02:00
Maksim Fedotov
a6408f26b0 feat: support multiple tenant owners(add applications to act as tenant owners) 2021-07-12 11:27:13 +02:00
Maksim Fedotov
b58ca3a7d7 chore: v1beta1 goimports and formatting 2021-07-02 10:14:06 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
3e0882dbc8 refactor: domains is now API utils 2021-07-02 10:14:06 +02:00
Dario Tranchitella
ba07f99c6e refactor!: using multiple handers per route 2021-06-27 22:36:55 +02:00
Dario Tranchitella
7574335a8a refactor: using separated webhooks for Namespace handling 2021-06-24 13:47:43 +02:00