github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-06 11:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
455 Commits 22 Branches 103 Tags
v0.1.1
Commit Graph

50 Commits

Author SHA1 Message Date
Dario Tranchitella
e53911942d feat: limiting amount of resources deployed in a tenant 2021-12-23 11:39:34 +00:00
Dario Tranchitella
778fb4bcc2 fix: starting all controllers only when certificates are generated 
This is going to solve the issue when upgrading Capsule <v0.1.0 to
>=v0.1.0: due to a resource reflector many warning were polluting the
reconciliation loop and causing unmarshaling errors.

Additionally, just the CA secret was checked before starting the
Operator, when also the TLS is requested for the webhooks, along with
the `/convert` one that is used for the CR version conversion.
 2021-12-21 06:45:16 +00:00
Oliver Bähler
5c7804e1bf fix: add rolebinding validation against rfc-1123 dns for sa subjects 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2021-11-12 11:22:26 +01:00
Maksim Fedotov
ec715d2e8f fix: do not register tenant controller\webhook\indexer until CA is created 2021-11-06 16:34:22 +01:00
Maxim Fedotov
14f9686bbb Forbidden node labels and annotations (#464) 
* feat: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations

* build(kustomize): forbidden node labels and annotations

* build(helm): forbidden node labels and annotations

* build(installer): forbidden node labels and annotations

* chore(make): forbidden node labels and annotations

* docs: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations. Use EventuallyCreation func

* feat: forbidden node labels and annotations. Check kubernetes version

* test(e2e): forbidden node labels and annotations. Check kubernetes version

* docs: forbidden node labels and annotations. Version restrictions

* feat: forbidden node labels and annotations. Do not update deepcopy functions

* docs: forbidden node labels and annotations. Use blockquotes for notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-11-02 20:01:53 +03:00
Maksim Fedotov
a14c7609df feat: namespace labeling for tenant owners 2021-09-23 14:10:24 +02:00
alegrey91
196e3c910d feat: add deny-wildcard annotation 2021-09-21 19:14:49 +02:00
Dario Tranchitella
26965a5ea2 fix: skipping indexer if error is a NoKindMatch 2021-09-17 15:43:42 +02:00
Dario Tranchitella
94c6a64fcb fix: validating Tenant owner name when is a ServiceAccount 2021-09-04 14:17:06 +02:00
Dario Tranchitella
df08c9e63e refactor: hostname collision is now managed at Tenant level 2021-08-12 19:30:27 +02:00
Dario Tranchitella
09277e9f3d feat: Ingress hostname collision scope at Tenant level 2021-08-12 19:30:27 +02:00
Maxim Fedotov
ddb9ffd79e refactor: split tenant controller to separate files 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-08-07 21:37:48 +02:00
Maksim Fedotov
cae65c9f84 fix: capsuleconfiguration controller package name should be config instead of rbac 2021-08-07 20:40:08 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
ac6af13b07 feat(v1beta1): registering conversion webhook 2021-07-02 10:14:06 +02:00
Dario Tranchitella
8fb4b7d4a1 feat: scaffolding v1beta1 Tenant version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
ba07f99c6e refactor!: using multiple handers per route 2021-06-27 22:36:55 +02:00
Dario Tranchitella
7574335a8a refactor: using separated webhooks for Namespace handling 2021-06-24 13:47:43 +02:00
Dario Tranchitella
5de0a6d712 # This is a combination of 2 commits. 
# This is the 1st commit message:

feat: cordoning Tenant webhook

# The commit message #2 will be skipped:

# 5cc
 2021-06-24 13:47:43 +02:00
Dario Tranchitella
531cc4cf14 refactor: renaming Tenant webhook handler 2021-06-24 13:47:43 +02:00
Dario Tranchitella
accd9ca038 feat: emitting events for policies violations 2021-06-15 21:42:39 +02:00
Dario Tranchitella
630e802708 feat: image PullPolicy webhook enforcer 2021-06-14 10:53:55 +02:00
Dario Tranchitella
9c8b0377dc feat: emitting events for Tenant operations 2021-06-06 22:18:51 +02:00
Dario Tranchitella
7c1592e739 chore(license): switching over SPDX license header (#280) 2021-06-03 19:46:20 +02:00
Dario Tranchitella
3570b02427 feat!: using CapsuleConfiguration CRD with reload at runtime 2021-05-31 16:15:44 +02:00
Dario Tranchitella
0481822555 feat: enforcing Pod Priority Class 2021-05-29 00:31:17 +02:00
Maksim Fedotov
3c9895e498 feat: use multiple groups as capsule-user-group 2021-05-25 14:46:05 +02:00
Ludovico Russo
7994ae1da1 refactor: better name variables in main.go 2021-05-04 17:49:13 +02:00
Dario Tranchitella
dfb7a5e227 feat: allowing Tenants with collided Ingress hostnames 
A new flag (`--allow-tenant-ingress-hostnames-collision`) is added,
defaulted to false: when toggled, Capsule will not check if each
declared hostname in `.spec.IngressHostnames.allowed` is already in use
on any other Tenant.
 2021-03-06 16:58:44 +01:00
Dario Tranchitella
4fbede0989 feat: Ingress hostnames collision check 
Disabled by default to avoid breaking changes for upcoming release,
although minor will be enabled by default.

Using the new `--allow-ingress-hostname-collision` flag Capsule can
ignore the Ingress hostnames collision allowing the Cluster
Administrator to put in place a non-opinionated hostnames allocation.
 2021-03-05 22:50:35 +01:00
Dario Tranchitella
d2700556dd Adding linters and aligning code (#169) 
* Adding linters and aligning code

* Aligning ingressHostnames to AllowedListSpec
 2021-01-13 23:49:11 +01:00
Dario Tranchitella
98e441f1e9 Enforcing Service external IPs (#161) 2020-12-11 19:17:46 +01:00
Dario Tranchitella
5aed7a01d5 Enforcing container registry via list or regex (#142) 
Adding also NamespaceSelector to specific webhooks in order to decrease
the chance ov breaking other critical Namespaces in case of Capsule
failures.
 2020-11-24 00:40:40 +01:00
Dario Tranchitella
8442eef72b Logging timestamp to ISO 8601 (#140) 2020-11-19 07:58:24 +01:00
Dario Tranchitella
6541f19b67 Automating version pick-up according to current git version and minor Kustomize hotfixes (#135) 2020-11-17 19:20:31 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
b0310cd42f Handling all the events from Storage and Ingress classes (#108) 2020-10-17 14:40:07 +02:00
Dario Tranchitella
feec653db4 No need to add a duplicated schema (#100) 2020-09-23 09:21:03 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Dario Tranchitella
12b1338dad Making Namespace no more hard-coded (#83) 2020-09-09 13:33:03 +02:00
Maxim Fedotov
a99153cbe7 Add protected-namespace-regex (#73) 2020-09-02 12:43:02 +02:00
Maxim Fedotov
164431959c Add capsule-user-group CLI flag (#67) 
* add capsule-user-group param

* Implementing RBAC controller

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
 2020-09-01 12:15:48 +02:00
Dario Tranchitella
9969864141 Scaffolding e2e testing (#56) 
* Implementing generic e2e features

* Adding changes upon e2e benchmarking
 2020-08-21 14:55:48 +02:00
Dario Tranchitella
3f5e23bf00 Adding probes (#60) 2020-08-20 15:47:23 +02:00
Dario Tranchitella
ef51e6dee0 Adding zap controlled by CLI flags (#47) 
* Adding zap controlled by CLI flags

* Updating contributing for further logs
 2020-08-07 15:42:07 +02:00
Dario Tranchitella
38cd3be71a Programmatic Tenant prefix for the Capsule namespaces (#41) 2020-08-07 10:25:05 +02:00
Dario Tranchitella
5d20d515a7 Migrating from OperatorSDK 0.18 to 0.19 (#23) 2020-08-04 16:30:28 +02:00