github/kamaji
1
0
Fork 0
mirror of https://github.com/clastix/kamaji.git synced 2026-04-15 06:56:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
946 Commits 2 Branches 118 Tags
be33e55c11db5dbebb0f6a414354dc70f8f0f97e
Commit Graph

38 Commits

Author SHA1 Message Date
Dario Tranchitella
de459fb5da feat!: write permissions (#937) 
* fix: decoding object only if requested

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(api): limiting write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: write permissions handlers, routes, and controller

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: write permissions

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-10-03 14:30:58 +02:00
Dario Tranchitella
cb2152d5a7 feat: kubeconfig generator (#933) 
* feat(api): kubeconfig generator

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* refactor: abstracting enqueue to channel function

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* fix: avoiding multiple context registration

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: kubeconfig generator

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: kubeconfig generator

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(helm): deployment for kubeconfig generator

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-09-22 15:32:50 +02:00
Dario Tranchitella
5e68fd8fe0 fix: honouring certificate expiratin threshold (#886) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-28 09:40:16 +02:00
Dario Tranchitella
0ab8843418 feat(chore): support for customising container repository via ldflags (#873) 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-07-14 13:38:09 +02:00
Dario Tranchitella
f750073af6 refactor!: k8s api server validation for kubelet preferred address type uniqueness (#812) 
* feat(api): relying on k8s list set for unique items

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(crd)!: relying on k8s list set for unique items

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(webhook): removing unused webhook for kubelet preferred address type

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs(crd): kubelet preferred address type uniqueness

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-05-07 12:13:00 +02:00
Dario Tranchitella
b027e23b99 feat: enhancing concurrent reconciliations (#790) 
* feat: buffered channels for generic events

Channels used for GenericEvent feeding for cross controllers triggers
are now buffered according to the --max-concurrent-tcp-reconciles: this
is required to avoid channel full errors when dealing with large
management clusters serving a sizeable amount of Tenant Control Planes.

Increasing this value will put more pressure on memory (mostly for GC)
and CPU (provisioning multiple certificates at the same time).

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* refactor: retrying datastore status update

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(performance): reducing memory consumption for channel triggers

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(datastore): reconcile events only for root object changes

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat: waiting soot manager exit before termination

This change introduces a grace period of 10 seconds before abruptly
terminating the Tenant Control Plane deployment, allowing the soot
manager to complete its exit procedure and avoid false positive errors
due to API Server being unresponsive due to user deletion.

Aim of this change is reducing the amount of false positive errors upon
mass deletion of Tenant COntrol Plane objects.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* refactor: unbuffered channel with timeout

WatchesRawSource is non blocking, no need to check if channel is full.
To prevent deadlocks a WithTimeout check has been introduced.

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-04-23 21:00:29 +02:00
Dario Tranchitella
3de661b4e6 feat: validating api server cert sans (#701) 
* feat(webhook): validating api server cert sans

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(controller): validating api server cert sans

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2025-02-20 15:43:22 +01:00
Dario Tranchitella
2b17282b0e chore(go): bumping up to go1.23 (#643) 
* chore(go): bumping up to go1.23

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* chore(golangci-lint): bumping up to v1.62.2

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-12-01 16:09:26 +01:00
Dario Tranchitella
0c0111094e feat: making default datastore optional (#597) 
* feat: making default datastore optional

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* feat(helm): making default datastore optional

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: making default datastore optional

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-10-30 20:23:34 +01:00
Dario Tranchitella
12248dea3d feat: dynamic certificate expiration deadline (#615) 
* feat: dynamic certificate expiration deadline

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

* docs: dynamic certificate expiration deadline

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>

---------

Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-10-25 19:49:21 +02:00
daseul cho
4e8c2b66c0 feat: loadbalancer source range (#611) 
* feat(crd): add LoadBalancerSourceRanges field and integrate with service resource

* test(crd): add tests for CEL validation logic

* feat(webhook): implement LoadBalancerSourceRanges validation logic for CIDRs

* test(webhook): add tests for webhook validation logic

* test: modify Makefile for envtest setup

* docs: add LoadBalancerSourceRanges field to API reference
 2024-10-25 19:12:55 +02:00
Dario Tranchitella
52c1ee8aba chore(kine): upgrading to v0.11.10 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-07-11 14:16:31 +02:00
Dario Tranchitella
91cbf0c507 feat: telemetry 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-06-27 11:38:41 +02:00
Dario Tranchitella
24714d7168 chore(lease): changing lease holder name 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-06-27 11:38:41 +02:00
Dario Tranchitella
45d0869b91 feat(webhook): validating DNS service IPs on Service CIDR 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-05-31 12:05:09 +02:00
Dario Tranchitella
d1910cd389 fix(nats): blocking reconciliation for missing multi-tenancy 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-05-09 16:55:01 +02:00
Dario Tranchitella
6ffd6bbdfd feat(nats): webhook for missing multi-tenancy support 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2024-05-06 17:32:29 +02:00
Hamza BOUDOUCHE
37616865b4 feat: support for custom service account 2024-04-23 11:03:33 +02:00
Dario Tranchitella
ddb700f4f0 refactor: upgrading to new dependencies 
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
 2023-12-15 13:02:49 +01:00
Dario Tranchitella
c5e12cc401 fix(migrate): stripping unrequired v prefix 2023-09-01 13:38:36 +01:00
Dario Tranchitella
f768f93fe9 feat: cache resync period 2023-08-03 18:04:07 +02:00
Dario Tranchitella
7e94ecdbab feat: kubeconfig and certificates rotation 2023-08-03 18:03:54 +02:00
Dario Tranchitella
f831f385c4 feat(cli): controller reconcile timeout flag with 30s default value 2023-08-01 13:51:09 +02:00
Dario Tranchitella
792119d2d3 fix: validating tcp name 2023-07-04 21:55:19 +02:00
Dario Tranchitella
ed00b934ec feat: webhook validation for additional resources 2023-06-05 17:03:35 +02:00
Dario Tranchitella
eca04893a8 refactor: abstracting webhook management 2023-06-05 17:03:35 +02:00
Dario Tranchitella
4110b688c9 feat: configurable max concurrent tcp reconciles 2023-02-06 22:12:50 +01:00
Dario Tranchitella
7ed3c44401 refactor(datastore): using webhooks for secrets instead of finalizers 2022-12-20 20:54:41 +01:00
Dario Tranchitella
c6abe03fd1 fix(soot): typo on params for service name and namespace 2022-12-19 10:44:39 +01:00
Dario Tranchitella
3f7fa08871 refactor: removing unused scheme 2022-12-15 15:50:30 +01:00
Dario Tranchitella
8311f1fe1a fix: ensure default datastore exists before starting manager 2022-12-15 15:50:30 +01:00
Dario Tranchitella
4c51eafc90 feat(konnectivity): reconciliation performed by soot manager 2022-12-12 16:22:36 +01:00
Dario Tranchitella
28c47d9d13 refactor: moving migrate webhook handling from tcp to soot manager 2022-12-12 16:22:36 +01:00
Dario Tranchitella
1ec257a729 feat: introducing soot controllers manager 2022-12-12 16:22:36 +01:00
Dario Tranchitella
e25f95d7eb feat(migrate): making image configurable 2022-12-08 14:33:20 +01:00
Dario Tranchitella
723fef5336 feat(migrate): injecting webhook into tcp 2022-12-08 14:13:45 +01:00
Dario Tranchitella
9e899379f4 feat: support to datastore migration w/ the same driver 2022-12-03 12:04:04 +01:00
Dario Tranchitella
15d0d57790 feat: refactoring for commands 2022-12-03 12:04:04 +01:00