github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-03-04 10:40:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
703 Commits 22 Branches 103 Tags
v0.3.1
Commit Graph

28 Commits

Author SHA1 Message Date
Dario Tranchitella
79abb1f0ab chore(kustomize): blocking replicated resources write ops by tenant owners 2023-03-28 12:56:58 +02:00
Oliver Bähler
a1b624f239 chore(kustomize): add defaults handler 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2023-01-14 15:51:01 +01:00
Oliver Bähler
f5cd194c05 chore(kustomize): validate pods on update 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
 2022-12-29 17:49:45 +01:00
Dario Tranchitella
77a8c9ab62 chore(kustomize): switching to v1beta2 as storage version 2022-12-27 17:53:17 +01:00
Dario Tranchitella
a3391d68af chore(kustomize): introducing v1beta2 api group 2022-12-26 14:27:26 +01:00
Dario Tranchitella
4a6fd49554 fix: yaml installer should use namespace selector for pods webhook (#484) 2021-12-19 00:01:16 +01:00
Maxim Fedotov
14f9686bbb Forbidden node labels and annotations (#464) 
* feat: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations

* build(kustomize): forbidden node labels and annotations

* build(helm): forbidden node labels and annotations

* build(installer): forbidden node labels and annotations

* chore(make): forbidden node labels and annotations

* docs: forbidden node labels and annotations

* test(e2e): forbidden node labels and annotations. Use EventuallyCreation func

* feat: forbidden node labels and annotations. Check kubernetes version

* test(e2e): forbidden node labels and annotations. Check kubernetes version

* docs: forbidden node labels and annotations. Version restrictions

* feat: forbidden node labels and annotations. Do not update deepcopy functions

* docs: forbidden node labels and annotations. Use blockquotes for notes

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2021-11-02 20:01:53 +03:00
Maksim Fedotov
4e8faaf845 build(kustomize): namespace labeling for tenant owners 2021-09-23 14:10:24 +02:00
Maksim Fedotov
92655f1872 build(helm): update crds to use v1beta1 version 2021-07-02 10:14:06 +02:00
Maksim Fedotov
e6b433dcd7 feat(v1beta1): update code to use v1beta1 version 2021-07-02 10:14:06 +02:00
Dario Tranchitella
7cc2c3f4e9 build(kustomize)!: using multiple handlers per webhook 2021-06-27 22:36:55 +02:00
Dario Tranchitella
a19045419d build(kustomize): webhook for Namespace handling when tenant is freezed 2021-06-24 13:47:43 +02:00
Dario Tranchitella
a2e5bbf26d build(kustomize): Tenant cordoning webhook 2021-06-24 13:47:43 +02:00
Dario Tranchitella
bf79c25a8a build(kustomize): webhook for image PullPolicy 2021-06-14 10:53:55 +02:00
Dario Tranchitella
5649283058 build(kustomize): installing Pod Priority Class webhook 2021-05-29 00:31:17 +02:00
Dario Tranchitella
3afee659ff chore(kustomize): new CRD and webhooks for admission/v1 2021-05-14 13:55:51 +02:00
Dario Tranchitella
16906db309 Validating Tenant also on UPDATE (#191) 2021-01-21 07:11:59 +01:00
Dario Tranchitella
98e441f1e9 Enforcing Service external IPs (#161) 2020-12-11 19:17:46 +01:00
Dario Tranchitella
5aed7a01d5 Enforcing container registry via list or regex (#142) 
Adding also NamespaceSelector to specific webhooks in order to decrease
the chance ov breaking other critical Namespaces in case of Capsule
failures.
 2020-11-24 00:40:40 +01:00
Dario Tranchitella
ea599ba6e6 Supporting additional Role Bindings per Tenant (#133) 
* Enabling Capsule to run on a cluster with PodSecurityPolicy enabled

* Supporting additional Role Binding per Tenant

* Documenting the additionalRoleBindings specification
 2020-11-16 13:51:44 +01:00
Maxim Fedotov
078588acb5 migrating service webhook to controller p1 (#130) 
migrating service webhook to controller p2

migrating service webhook to controller p3. add tests

Using an abstract reconciler to avoid copy/paste code

update tests. remove service_labels webhook. fix bug in sync labels\endpoint func

apply review notes

disable EndpointSlicesLabelsReconciler for kubernetes versions <=1.16

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-11-10 19:43:30 +03:00
Dario Tranchitella
a7f7c00558 Supporting ingresses.networking.k8s.io/v1 (#110) 
* Updating to controller-runtime v0.7.0-alpha.4 and k8s 0.19.3

* Implementing ingresses.networking.k8s.io/v1

* Aligning to latest zap signatures
 2020-10-23 21:19:14 +02:00
Maxim Fedotov
875650f185 Regexp support for Ingress and Storage classes (#89) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-15 11:08:14 +02:00
Maxim Fedotov
303fc4d69c Support Groups as Subject Kind for Tenant Namespace RoleBindings created by Capsule (#71) 
Modified CRD to support Owner struct.

Added Tenant name validation webhook.

Rewrote owner_reference hook logic.

Updated and added new e2e tests.

Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 17:02:22 +02:00
Maxim Fedotov
e8362f739f Add Service labelling and annotating webhook (#84) 
Co-authored-by: Maksim Fedotov <m_fedotov@wargaming.net>
 2020-09-10 11:56:51 +02:00
Dario Tranchitella
a4b0c0fe27 Using HTTP handlers as closures (#82) 
* Using HTTP handlers as closures

* Avoiding variable shadowing

* Optimizing Ingress webhook

* Missing license header
 2020-09-09 13:33:25 +02:00
Dario Tranchitella
38cd3be71a Programmatic Tenant prefix for the Capsule namespaces (#41) 2020-08-07 10:25:05 +02:00
Dario Tranchitella
5d20d515a7 Migrating from OperatorSDK 0.18 to 0.19 (#23) 2020-08-04 16:30:28 +02:00