github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-05 19:21:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
218 Commits 22 Branches 103 Tags
v0.1.0-rc2
Commit Graph

45 Commits

Author SHA1 Message Date
Dario Tranchitella
e1160b8862 test(e2e): Tenant cordoning webhook 2021-06-24 13:47:43 +02:00
Dario Tranchitella
b2b640dc96 test(e2e): refactoring to avoid flakiness 2021-06-15 21:42:39 +02:00
Dario Tranchitella
5b35e0b0d5 refactor(e2e): using non absolute version import name 2021-06-15 21:42:39 +02:00
Dario Tranchitella
08fbd26ec8 test(e2e): bug on PodPriorityClass case 2021-06-14 10:53:55 +02:00
Dario Tranchitella
006b0c80cf test(e2e): ImagePullPolicy for v1alpha using annotations 2021-06-14 10:53:55 +02:00
Dario Tranchitella
e5a1861cac test: aligning to new additional RoleBinding name pattern 2021-06-07 14:56:03 +02:00
Dario Tranchitella
7c1592e739 chore(license): switching over SPDX license header (#280) 2021-06-03 19:46:20 +02:00
Dario Tranchitella
40bdf0cd25 test(e2e): typo on feature documentation By group 2021-05-31 16:15:44 +02:00
Dario Tranchitella
61034947fd test(e2e): modifying CapsuleConfiguration at runtime 2021-05-31 16:15:44 +02:00
Dario Tranchitella
dfb0a536b7 test: testing enforced Pod Priority Class using Tenant annotations 2021-05-29 00:31:17 +02:00
Maksim Fedotov
3c9895e498 feat: use multiple groups as capsule-user-group 2021-05-25 14:46:05 +02:00
Maksim Fedotov
e6da507d10 feat: block use of NodePort Services 2021-05-19 16:44:08 +02:00
Dario Tranchitella
d5af190c51 test: checking runtime count for pods 2021-05-14 13:55:51 +02:00
Dario Tranchitella
0dedd48789 test: new flag --allow-tenant-ingress-hostnames-collision 2021-03-06 16:58:44 +01:00
Dario Tranchitella
d78bcd8b00 test(e2e): using default timeout and interval periods 2021-03-06 15:57:25 +01:00
Dario Tranchitella
3fa78ea3df test: testing Ingress hostname collision 2021-03-05 22:50:35 +01:00
Dario Tranchitella
51f5bec5a6 Fixing the IngressClass return logic breaking Hostnames check (#185) 2021-01-15 09:45:09 +01:00
Dario Tranchitella
d2700556dd Adding linters and aligning code (#169) 
* Adding linters and aligning code

* Aligning ingressHostnames to AllowedListSpec
 2021-01-13 23:49:11 +01:00
Paolo Carta
89c66de7c6 Implementing allowed Ingress hostnames (#162) 
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2021-01-13 22:18:09 +01:00
Dario Tranchitella
cb986384db Letting tests to accept eventually value, rather than strict expectation (#176) 2020-12-23 10:49:14 +01:00
Dario Tranchitella
82bbd238fb Making tests less flaky (#172) 2020-12-20 23:29:54 +01:00
Dario Tranchitella
03eb6e633e No loop on ResourceQuota outer updates and error handling improvements (#168) 
* Avoiding loop on updating outer resource quota

* Using retryOnConflict on Tenant status update

* Using errgroup instead of bare go routines

* Testing Namespace Capsule default label presence
 2020-12-20 12:25:41 +01:00
Dario Tranchitella
98e441f1e9 Enforcing Service external IPs (#161) 2020-12-11 19:17:46 +01:00
Dario Tranchitella
007bdff512 Only owner Tenant specification key is mandatory (#153) 
* Only Tenant owner specification key is mandatory

* Increasing default timeout to avoid e2e flakiness on GH Actions

* Ensuring also empty Namespace annotations and labels
 2020-12-11 15:47:29 +01:00
Dario Tranchitella
3e38884a6c Annotating Tenant's Namespaces with allowed registries (#154) 
* Updating allowed registries docs w/ Namespace annotations
 2020-12-09 15:20:14 +01:00
Dario Tranchitella
f6fd0cfe3f Helm Charts are now inside of the repository (#147) 
* Adding Helm chart source

* Pointing to new Chart location

* Setting GitHub Action for remote Helm Chart release

* Updating Go dependencies

* Using Helm as default installation tool

* Separating diff and e2e jobs

* Aligning tests to Helm labels

* Checking fmt and vet, and fixing it

* We don't need limits on E2E
 2020-12-01 23:30:31 +01:00
Dario Tranchitella
ea599ba6e6 Supporting additional Role Bindings per Tenant (#133) 
* Enabling Capsule to run on a cluster with PodSecurityPolicy enabled

* Supporting additional Role Binding per Tenant

* Documenting the additionalRoleBindings specification
 2020-11-16 13:51:44 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
2c54d91306 Enforcing back tenant selection using closest match (#129) 2020-11-05 11:20:48 +01:00
Dario Tranchitella
e764b976aa Allowing dash on Tenant namespace (#118) 
* Allowing dashes in the Tenant name as DNS RFC-1123

* Allowing force tenant prefix with Namespaces with dash
 2020-10-31 19:43:46 +01:00
Dario Tranchitella
2af568f0ed Making e2e tests less flaky (#121) 2020-10-31 12:28:17 +01:00
Dario Tranchitella
ee6e3aa0df Using matrix strategy for e2e on multiple k8s versions (#111) 
* Using matrix strategy for e2e on multiple k8s versions

* EndpointSlice version support according to Kubernetes release

* Utility helper for testing various Kubernetes versions
 2020-10-29 09:39:22 +01:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Dario Tranchitella
b0310cd42f Handling all the events from Storage and Ingress classes (#108) 2020-10-17 14:40:07 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Dario Tranchitella
9d0a7a78c1 Making CR/CRB names conforming to Kubernetes naming requirements (#91) 2020-09-12 12:14:52 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Dario Tranchitella
ee0261c069 Providing namespace metadata additional labels and annotations (#80) 2020-09-07 15:09:34 +02:00
Maxim Fedotov
a99153cbe7 Add protected-namespace-regex (#73) 2020-09-02 12:43:02 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
0f935d53b7 Giving priority to IngressClassName rather than annotation (#64) 
* IngressclassName has priority over Annotation

* Covering further cases for the Ingress Class

* Forcing to use 1.18 during e2e tests
 2020-08-22 12:34:53 +02:00
Dario Tranchitella
e481a4ff5f Implementing e2e during CI (#62) 2020-08-21 22:45:19 +02:00
Dario Tranchitella
9969864141 Scaffolding e2e testing (#56) 
* Implementing generic e2e features

* Adding changes upon e2e benchmarking
 2020-08-21 14:55:48 +02:00