github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-03 18:20:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
455 Commits 22 Branches 103 Tags
v0.1.1
Commit Graph

69 Commits

Author SHA1 Message Date
Max Fedotov
19aff8c882 fix: ignore NotFound error in ServiceLabelsReconciler (#494) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-12-29 18:26:45 +02:00
Dario Tranchitella
e53911942d feat: limiting amount of resources deployed in a tenant 2021-12-23 11:39:34 +00:00
Dario Tranchitella
778fb4bcc2 fix: starting all controllers only when certificates are generated 
This is going to solve the issue when upgrading Capsule <v0.1.0 to
>=v0.1.0: due to a resource reflector many warning were polluting the
reconciliation loop and causing unmarshaling errors.

Additionally, just the CA secret was checked before starting the
Operator, when also the TLS is requested for the webhooks, along with
the `/convert` one that is used for the CR version conversion.
 2021-12-21 06:45:16 +00:00
Oliver Bähler
5c7804e1bf fix: add rolebinding validation against rfc-1123 dns for sa subjects 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Oliver Bähler
c4481f26f7 docs: additions to dev-guide 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Maksim Fedotov
ec715d2e8f fix: do not register tenant controller\webhook\indexer until CA is created 2021-11-06 16:34:22 +01:00
Maxim Fedotov
14f9686bbb Forbidden node labels and annotations (#464) 
* feat: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations

* build(kustomize): forbidden node labels and annotations

* build(helm): forbidden node labels and annotations

* build(installer): forbidden node labels and annotations

* chore(make): forbidden node labels and annotations

* docs: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations. Use EventuallyCreation func

* feat: forbidden node labels and annotations. Check kubernetes version

* test(e2e): forbidden node labels and annotations. Check kubernetes version

* docs: forbidden node labels and annotations. Version restrictions

* feat: forbidden node labels and annotations. Do not update deepcopy functions

* docs: forbidden node labels and annotations. Use blockquotes for notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-11-02 20:01:53 +03:00
Dario Tranchitella
c2218912eb fix: pointer doesn't trigger resources pruning 2021-10-28 17:53:17 +02:00
Maksim Fedotov
b28b98a7bc feat: namespace labeling for tenant owners. fix linting issues 2021-09-23 14:10:24 +02:00
Maksim Fedotov
a14c7609df feat: namespace labeling for tenant owners 2021-09-23 14:10:24 +02:00
Dario Tranchitella
8f3b3eac29 fix: deleting Pods upon TLS update for HA installations 2021-09-01 18:18:07 +02:00
Dario Tranchitella
09277e9f3d feat: Ingress hostname collision scope at Tenant level 2021-08-12 19:30:27 +02:00
Dario Tranchitella
01053d5deb refactor: renaming struct field names for allowed hostnames and classes 2021-08-12 19:30:27 +02:00
Dario Tranchitella
b749e34547 refactor: grouping Ingress options into defined struct 2021-08-12 19:30:27 +02:00
Dario Tranchitella
9182895811 refactor:EndpointSlice v1beta1 deprecated for v1 2021-08-10 15:39:43 +02:00
Maxim Fedotov
b3658b7bfc refactor AdditionalMetadataSpec struct. Remove Additional prefix from labels and annotations fields (#379) 
* refactor: remove 'Additional' prefix from Labels and Annotations fields in AdditionalMetadataSpec

* test(e2e): aligning tests to use updated AdditionalMetadataSpec structure

* build(kustomize): CRD update for updated v1beta1 AdditionalMetadataSpec

* build(helm): CRD update for updated v1beta1 AdditionalMetadataSpec

* build(installer): CRD update for updated v1beta1 AdditionalMetadataSpec

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-08-10 12:11:16 +03:00
Maksim Fedotov
737fb26e39 refactor: use NamespaceOptions struct to store namespace-related tenant configurations 2021-08-09 20:25:03 +02:00
Maxim Fedotov
ddb9ffd79e refactor: split tenant controller to separate files 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-08-07 21:37:48 +02:00
Maksim Fedotov
cae65c9f84 fix: capsuleconfiguration controller package name should be config instead of rbac 2021-08-07 20:40:08 +02:00
Dario Tranchitella
848c6d99c2 refactor: using goroutines per Namespace for each resource Kind reconciliation 2021-07-28 17:34:24 +02:00
Dario Tranchitella
bd12068397 fix: handling multiple resources for hard ResourceQuota resources 2021-07-24 14:36:57 +02:00
Dario Tranchitella
c52f7844db feat: Tenant or Namespace scope for resource quota budgets 2021-07-24 14:36:57 +02:00
Dario Tranchitella
0e55823a0c feat: toggling ExternalName service 2021-07-21 14:34:56 +02:00
Maksim Fedotov
a6408f26b0 feat: support multiple tenant owners(add applications to act as tenant owners) 2021-07-12 11:27:13 +02:00
Dario Tranchitella
6008373960 bug: ensuring to update the conversion webhook CA bundle 2021-07-05 17:58:49 +02:00
Dario Tranchitella
414c03a874 feat: reconciliation for Tenant state 2021-07-05 16:28:39 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
416609362d feat(v1beta1): tenant spec 
feat(v1beta1): remove unused structs and functions from v1beta1. Rename v1alpha1 structs to follow new naming. Move v1alpha1 structs to separate files
 2021-07-02 10:14:06 +02:00
Dario Tranchitella
b1a9603faa fix: ensuring single reconciliation for Capsule RoleBinding resources 2021-07-01 16:34:18 +02:00
Dario Tranchitella
46fc65a988 fix: avoiding concurrent map write 2021-06-16 08:49:50 +02:00
Dario Tranchitella
accd9ca038 feat: emitting events for policies violations 2021-06-15 21:42:39 +02:00
Dario Tranchitella
246c1a3c2c fix: misleading info message for additional RoleBindings sync 2021-06-07 14:56:03 +02:00
Dario Tranchitella
a06e68945c fix: avoiding Namespace's RoleBinding labels collision 2021-06-07 14:56:03 +02:00
Dario Tranchitella
61c9bc647c refactor: object labels must be set in the mutateFn 2021-06-06 22:18:51 +02:00
Dario Tranchitella
9c8b0377dc feat: emitting events for Tenant operations 2021-06-06 22:18:51 +02:00
Dario Tranchitella
7c1592e739 chore(license): switching over SPDX license header (#280) 2021-06-03 19:46:20 +02:00
Dario Tranchitella
a7fff597fa feat: providing log upon CapsuleConfiguration change 2021-05-31 16:15:44 +02:00
Dario Tranchitella
d532f1633c refactor: simplifying RBAC managed with multiple user groups 2021-05-31 16:15:44 +02:00
Dario Tranchitella
3570b02427 feat!: using CapsuleConfiguration CRD with reload at runtime 2021-05-31 16:15:44 +02:00
Maksim Fedotov
229b569b50 fix: the ClusterRoleBindings capsule-namespace-provisioner are not reconciled when --capsule-user-group changes 2021-05-28 09:32:38 +02:00
Maksim Fedotov
3c9895e498 feat: use multiple groups as capsule-user-group 2021-05-25 14:46:05 +02:00
Dario Tranchitella
6dc83b16da fix: generating TLS certificate matching the deployed Namespace 2021-05-23 18:46:25 +02:00
stg
12237ae106 feat: adding name label to each Namespace (#242) 
Co-authored-by: Santiago Sanchez Paz <sanchezpaz@gmail.com>
 2021-03-24 19:28:45 +01:00
Dario Tranchitella
51de469551 bug: syncing Namespace annotations in a single place 2021-03-06 17:41:18 +01:00
Dario Tranchitella
452bceff34 fix: additional metadata must be controlled just from Tenant manifest (#211) 2021-03-04 10:02:14 +01:00
Dario Tranchitella
d2700556dd Adding linters and aligning code (#169) 
* Adding linters and aligning code

* Aligning ingressHostnames to AllowedListSpec
 2021-01-13 23:49:11 +01:00
Geofrey Ernest
1ed5d703e6 Short circuit error returns (#175) 2020-12-23 15:08:15 +01:00
Dario Tranchitella
03eb6e633e No loop on ResourceQuota outer updates and error handling improvements (#168) 
* Avoiding loop on updating outer resource quota

* Using retryOnConflict on Tenant status update

* Using errgroup instead of bare go routines

* Testing Namespace Capsule default label presence
 2020-12-20 12:25:41 +01:00
Dario Tranchitella
007bdff512 Only owner Tenant specification key is mandatory (#153) 
* Only Tenant owner specification key is mandatory

* Increasing default timeout to avoid e2e flakiness on GH Actions

* Ensuring also empty Namespace annotations and labels
 2020-12-11 15:47:29 +01:00
Dario Tranchitella
3e38884a6c Annotating Tenant's Namespaces with allowed registries (#154) 
* Updating allowed registries docs w/ Namespace annotations
 2020-12-09 15:20:14 +01:00