github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ClusterTrustBundles: Define types

Browse Source 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
This commit is contained in:
Taahir Ahmed
2022-11-04 12:20:25 -07:00
parent 742316ee21
commit 6a75e7c40c
30 changed files with 1979 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vendor/modules.txt vendored
View File

@@ -1234,6 +1234,7 @@ k8s.io/api/autoscaling/v2beta2
k8s.io/api/batch/v1
k8s.io/api/batch/v1beta1
k8s.io/api/certificates/v1
k8s.io/api/certificates/v1alpha1
k8s.io/api/certificates/v1beta1
k8s.io/api/coordination/v1
k8s.io/api/coordination/v1beta1
@@ -1576,6 +1577,7 @@ k8s.io/client-go/applyconfigurations/autoscaling/v2beta2
k8s.io/client-go/applyconfigurations/batch/v1
k8s.io/client-go/applyconfigurations/batch/v1beta1
k8s.io/client-go/applyconfigurations/certificates/v1
k8s.io/client-go/applyconfigurations/certificates/v1alpha1
k8s.io/client-go/applyconfigurations/certificates/v1beta1
k8s.io/client-go/applyconfigurations/coordination/v1
k8s.io/client-go/applyconfigurations/coordination/v1beta1
@@ -1640,6 +1642,7 @@ k8s.io/client-go/informers/batch/v1
k8s.io/client-go/informers/batch/v1beta1
k8s.io/client-go/informers/certificates
k8s.io/client-go/informers/certificates/v1
k8s.io/client-go/informers/certificates/v1alpha1
k8s.io/client-go/informers/certificates/v1beta1
k8s.io/client-go/informers/coordination
k8s.io/client-go/informers/coordination/v1
@@ -1726,6 +1729,8 @@ k8s.io/client-go/kubernetes/typed/batch/v1beta1
k8s.io/client-go/kubernetes/typed/batch/v1beta1/fake
k8s.io/client-go/kubernetes/typed/certificates/v1
k8s.io/client-go/kubernetes/typed/certificates/v1/fake
k8s.io/client-go/kubernetes/typed/certificates/v1alpha1
k8s.io/client-go/kubernetes/typed/certificates/v1alpha1/fake
k8s.io/client-go/kubernetes/typed/certificates/v1beta1
k8s.io/client-go/kubernetes/typed/certificates/v1beta1/fake
k8s.io/client-go/kubernetes/typed/coordination/v1
@@ -1802,6 +1807,7 @@ k8s.io/client-go/listers/autoscaling/v2beta2
k8s.io/client-go/listers/batch/v1
k8s.io/client-go/listers/batch/v1beta1
k8s.io/client-go/listers/certificates/v1
k8s.io/client-go/listers/certificates/v1alpha1
k8s.io/client-go/listers/certificates/v1beta1
k8s.io/client-go/listers/coordination/v1
k8s.io/client-go/listers/coordination/v1beta1