github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 10:10:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
63 Commits 22 Branches 103 Tags
v0.0.3
Commit Graph

28 Commits

Author SHA1 Message Date
Dario Tranchitella
5aed7a01d5 Enforcing container registry via list or regex (#142) 
Adding also NamespaceSelector to specific webhooks in order to decrease
the chance ov breaking other critical Namespaces in case of Capsule
failures.
 2020-11-24 00:40:40 +01:00
Dario Tranchitella
d3bc9f4870 Provide a more meaningful error message when not admitted Storage/Ingress Classes are used (#141) 
* Providing further details on non allowed Storage Classes

* Providing further details on non allowed Ingress Classes
 2020-11-17 23:44:08 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
2c54d91306 Enforcing back tenant selection using closest match (#129) 2020-11-05 11:20:48 +01:00
Dario Tranchitella
e764b976aa Allowing dash on Tenant namespace (#118) 
* Allowing dashes in the Tenant name as DNS RFC-1123

* Allowing force tenant prefix with Namespaces with dash
 2020-10-31 19:43:46 +01:00
Maxim Fedotov
7ae1c0ae32 issues/115. fix endpoint creation for services with selectors when servicesMetadata is specified for tenant (#116) 
apply review notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-10-31 15:10:08 +03:00
Dario Tranchitella
39d6638669 Duplicated code, can be easily removed (#119) 2020-10-31 12:50:51 +01:00
Dario Tranchitella
ee6e3aa0df Using matrix strategy for e2e on multiple k8s versions (#111) 
* Using matrix strategy for e2e on multiple k8s versions

* EndpointSlice version support according to Kubernetes release

* Utility helper for testing various Kubernetes versions
 2020-10-29 09:39:22 +01:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Dario Tranchitella
b0310cd42f Handling all the events from Storage and Ingress classes (#108) 2020-10-17 14:40:07 +02:00
Maxim Fedotov
d0028d483b Fix null pointer exception in Ingress validating webhook (#94) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:54:52 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Dario Tranchitella
f4c41985d8 Using pointers and internal handler for Namespace OwnerReferences (#86) 
* Using pointers and internal handler for Namespace OwnerReferences

* Missing go fmt
 2020-09-10 15:27:27 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Maxim Fedotov
a99153cbe7 Add protected-namespace-regex (#73) 2020-09-02 12:43:02 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
0f935d53b7 Giving priority to IngressClassName rather than annotation (#64) 
* IngressclassName has priority over Annotation

* Covering further cases for the Ingress Class

* Forcing to use 1.18 during e2e tests
 2020-08-22 12:34:53 +02:00
Dario Tranchitella
9969864141 Scaffolding e2e testing (#56) 
* Implementing generic e2e features

* Adding changes upon e2e benchmarking
 2020-08-21 14:55:48 +02:00
Dario Tranchitella
1767bcee12 Implementing Capsule certificate validation (#44) 2020-08-07 16:19:23 +02:00
Dario Tranchitella
38cd3be71a Programmatic Tenant prefix for the Capsule namespaces (#41) 2020-08-07 10:25:05 +02:00
Dario Tranchitella
e8307e773b NetworkPolicy validating webhook logic was the opposite (#35) 2020-08-05 12:00:36 +02:00
Dario Tranchitella
5d20d515a7 Migrating from OperatorSDK 0.18 to 0.19 (#23) 2020-08-04 16:30:28 +02:00
Dario Tranchitella
9db30c6e81 Fixing the ResourceQuota update (#15) 
* Fixing the ResourceQuota update

* Using goroutines to parallelize and speed up ResourceQuotas processing
 2020-07-30 15:22:43 +02:00
Dario Tranchitella
fef3607ecf Implementing Capsule Tenant ownership predicate for Namespace Controller (#13) 
* Implementing Capsule OwnerRef predicate

* Sorting imports
 2020-07-28 11:45:39 +02:00
Dario Tranchitella
bd7218ba44 Avoiding TLS/CA race condition on Capsule installation (#7) 
* Avoiding race condition on Capsule installation

The TLS Secret controller needs to wait for the CA one in order to
retrieve the updated one, otherwise it could use a non-stored CA.

* Linting

Minor linting fixes

* Makefile for Docker Image

Providing `make docker-image` to speed-up generation of Docker image
 2020-07-25 17:21:36 +02:00
Dario Tranchitella
812b16fcff Initial commit 2020-07-24 10:57:51 +02:00