github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 10:10:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
707 Commits 22 Branches 103 Tags
helm-v0.4.2
Commit Graph

105 Commits

Author SHA1 Message Date
Dario Tranchitella
65d5b24896 feat: blocking replicated resources write ops by tenant owners 2023-03-28 12:56:58 +02:00
Dario Tranchitella
89348c9499 chore(golangci-lint): updating to latest version and code alignement 2023-03-02 15:32:47 +01:00
Dario Tranchitella
8e7078ad4f feat: template support for rawitems 
Allowed template values:
- `{{ tenant.name }}` for the Tenant name managing the Namespace
- `{{ namespace }}` for the Namespace where the resource is replicated
 2023-02-16 09:20:42 +01:00
Dario Tranchitella
4e5c00fa65 refactor: optimizing processing of tenant resources per namespace 2023-02-16 09:20:42 +01:00
Dario Tranchitella
d63a9a0ca6 fix: creation of namespaced resources backed by cache 2023-02-16 09:20:42 +01:00
Dario Tranchitella
de587919f8 fix(tenantresources): using actual resourceversion during createorupdate 2023-01-31 16:57:07 +01:00
Dario Tranchitella
ea88b102e5 feat: pv labelling and preventing cross-tenant mount 2023-01-26 09:31:16 +01:00
Oliver Bähler
9f10923d21 fix: use v1beta2 for capsuleconfiguration kind 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2022-12-29 17:49:45 +01:00
Dario Tranchitella
43bd2491ae refactor(api): switching to v1beta2 as storage version 2022-12-27 17:53:17 +01:00
Max Fedotov
b1ec9fed50 feat: refactor resources controller 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2022-12-26 14:27:26 +01:00
Dario Tranchitella
503e3fc1d0 feat: globaltenantresource and tenantresource reconciliation 2022-12-26 14:27:26 +01:00
Dario Tranchitella
4835b94839 style: conforming go files headers 2022-12-26 14:27:26 +01:00
Dario Tranchitella
cf52924870 refactor: abstracting types used by several api versions 2022-12-26 14:27:26 +01:00
Dario Tranchitella
d20e466732 feat: support for ca update on crds objects 2022-12-26 14:27:26 +01:00
Dario Tranchitella
fb5c1a1fa6 feat: supporting k8s >= 1.25 2022-12-18 11:20:25 +01:00
Dario Tranchitella
75525ac192 fix: preventing serviceaccount privilege escalation 2022-12-02 15:19:06 +01:00
Alessio Pragliola
ede96f5cf4 fix: service controller not skipping sentinel errs 2022-10-14 20:21:32 +02:00
Dario Tranchitella
098a74b565 refactor(capsuleconfiguration): allowing to skip tls reconciler 2022-07-26 17:48:58 +02:00
Dario Tranchitella
ab750141c6 refactor: support for rfc 1123 for tenant owners cluster roles overrides 2022-06-29 10:53:35 +00:00
Dario Tranchitella
e15191c2a0 refactor: sentinel error for running in out of cluster mode 2022-06-29 08:31:21 +00:00
Oliver Bähler
cac2920827 feat: grant global patch privileges and add patch handler 2022-06-09 18:32:39 +00:00
Dario Tranchitella
4f55dd8db8 refactor: removing unrequired verb for clusterrole namespace deleter 2022-06-09 18:30:52 +00:00
Maksim Fedotov
f1dc028649 feat: generate TLS certificates before starting controllers 2022-06-08 11:12:35 +00:00
Maksim Fedotov
82b58d7d53 feat: refactor capsule TLS certificates management 2022-06-08 11:12:35 +00:00
song
b9fc50861b style: removing unused struct field 2022-05-24 15:31:24 +00:00
Dario Tranchitella
9f6883d309 fix: formatting error message for service-related objects 2022-05-05 13:33:39 +00:00
Dario Tranchitella
49e76f7f93 style: linters refactoring 2022-05-05 13:33:39 +00:00
Dario Tranchitella
9d69770888 style: fixing linters issues 2022-05-05 13:33:39 +00:00
Dario Tranchitella
f4ac85dfed refactor: using k8s client scheme 2022-05-05 13:33:39 +00:00
Dario Tranchitella
cb4289d45b refactor: using kubernetes tls secret key names 2022-05-05 13:33:39 +00:00
Dario Tranchitella
01197892a4 refactor: optimizing watchers predicates 2022-05-05 13:33:39 +00:00
Dario Tranchitella
345836630c refactor: avoiding using background context 2022-05-05 13:33:39 +00:00
Dario Tranchitella
9fd18db5a5 feat: dynamic cluster roles for tenant owners 2022-04-14 14:35:59 +00:00
Dario Tranchitella
cb3ce372b9 fix: ensuring ca bundle replication upon helm upgrade 2022-04-14 14:10:32 +00:00
Davide Imola
569d803e95 fix: using configuration for mutating and validating webhooks 2022-03-31 13:02:25 +00:00
Davide Imola
7b3b0d6504 fix: using configuration for tls and ca secret names 2022-03-31 13:02:25 +00:00
Max Fedotov
19aff8c882 fix: ignore NotFound error in ServiceLabelsReconciler (#494) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-12-29 18:26:45 +02:00
Dario Tranchitella
e53911942d feat: limiting amount of resources deployed in a tenant 2021-12-23 11:39:34 +00:00
Dario Tranchitella
778fb4bcc2 fix: starting all controllers only when certificates are generated 
This is going to solve the issue when upgrading Capsule <v0.1.0 to
>=v0.1.0: due to a resource reflector many warning were polluting the
reconciliation loop and causing unmarshaling errors.

Additionally, just the CA secret was checked before starting the
Operator, when also the TLS is requested for the webhooks, along with
the `/convert` one that is used for the CR version conversion.
 2021-12-21 06:45:16 +00:00
Oliver Bähler
5c7804e1bf fix: add rolebinding validation against rfc-1123 dns for sa subjects 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Oliver Bähler
c4481f26f7 docs: additions to dev-guide 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Maksim Fedotov
ec715d2e8f fix: do not register tenant controller\webhook\indexer until CA is created 2021-11-06 16:34:22 +01:00
Maxim Fedotov
14f9686bbb Forbidden node labels and annotations (#464) 
* feat: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations

* build(kustomize): forbidden node labels and annotations

* build(helm): forbidden node labels and annotations

* build(installer): forbidden node labels and annotations

* chore(make): forbidden node labels and annotations

* docs: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations. Use EventuallyCreation func

* feat: forbidden node labels and annotations. Check kubernetes version

* test(e2e): forbidden node labels and annotations. Check kubernetes version

* docs: forbidden node labels and annotations. Version restrictions

* feat: forbidden node labels and annotations. Do not update deepcopy functions

* docs: forbidden node labels and annotations. Use blockquotes for notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-11-02 20:01:53 +03:00
Dario Tranchitella
c2218912eb fix: pointer doesn't trigger resources pruning 2021-10-28 17:53:17 +02:00
Maksim Fedotov
b28b98a7bc feat: namespace labeling for tenant owners. fix linting issues 2021-09-23 14:10:24 +02:00
Maksim Fedotov
a14c7609df feat: namespace labeling for tenant owners 2021-09-23 14:10:24 +02:00
Dario Tranchitella
8f3b3eac29 fix: deleting Pods upon TLS update for HA installations 2021-09-01 18:18:07 +02:00
Dario Tranchitella
09277e9f3d feat: Ingress hostname collision scope at Tenant level 2021-08-12 19:30:27 +02:00
Dario Tranchitella
01053d5deb refactor: renaming struct field names for allowed hostnames and classes 2021-08-12 19:30:27 +02:00
Dario Tranchitella
b749e34547 refactor: grouping Ingress options into defined struct 2021-08-12 19:30:27 +02:00