Patrick Ohly
fb4b380fe2
PSP: validation errors for generic volume type
...
It's not enough to silently drop the volume type if the feature is
disabled. Instead, the policy should fail validation, just as it would
have if the API server didn't know about the feature at all.
2021-03-07 10:58:45 +01:00
Morten Torkildsen
1e2a7f381f
Add conditions to PDB status
2021-03-04 18:52:02 -08:00
Benjamin Elder
56e092e382
hack/update-bazel.sh
2021-02-28 15:17:29 -08:00
Andrew Sy Kim
2e56866c97
move apparmor annotation constants to k8s.io/api/core/v1
...
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
2020-04-06 10:22:04 -04:00
Nan Yu
1fb0dd4ec5
Rename PodDisruptionsAllowed to DisruptionsAllowed in type PodDisruptionBudgetStatus
2019-12-03 14:26:35 -08:00
Roy Hvaara
10c8508acd
Fix golint issues in pkg/apis/policy
2019-11-09 21:15:35 +01:00
Vladimir Vivien
8e0cf65310
Enforce pod security policy for CSI inline
2019-05-29 15:38:21 -04:00
David McCormick
3537eed826
Remove the generation altering code - validate an update for a PDB by running ValidatePodDisruptionBudget only.
2019-05-14 12:25:23 +01:00
David McCormick
5b9e4f1e88
Rebase allow updates to pdbs to latest upstream master
2019-05-14 12:25:22 +01:00
Tim Allclair
952c45f654
RuntimeClass PSP API validation
2019-05-01 13:43:41 -07:00
Vladimir Vivien
4ec7d2305d
CSI Inline Volume - API changes
2019-03-08 12:35:07 -05:00
mourya007
3eada575b3
Adding Selinux test in validation
2019-02-20 11:33:59 +05:30
mourya007
90b9808681
Add missing testcases
2019-02-07 11:14:53 +05:30
Rajath Agasthya
5de2d7694d
Remove Sysctls feature gate from validation
2019-01-09 18:56:11 -08:00
Jordan Liggitt
cb76da9fd7
Validate PSP allowedProcMountTypes
2018-12-29 00:18:01 -05:00
Jordan Liggitt
572dfe6cb7
generated files
2018-10-25 21:12:57 -04:00
Jordan Liggitt
d0577ace6b
fixup extensions->apps references
2018-10-25 21:12:57 -04:00
Mayank Kumar
bc3e3afc46
api changes for psp runasgroup policy
2018-10-09 17:32:09 -07:00
Stanislav Laznicka
a577b50012
Add "MayRunAs" value among other GroupStrategies
...
Adds "MayRunAs" value among other group strategies. This strategy
allows to define a certain range of GIDs for FSGroupStrategy and
SupplementalGroupStrategy in a PSP.
This new strategy works similarly to the "MustRunAs" one, except that
when no GID is specified in a pod/container security context then no
GID is generated for the respective containers.
Resolves #56173
2018-09-27 12:47:21 +02:00
Di Xu
3157ff0230
use NameIsDNSSubdomain validation from staging
2018-08-14 10:38:23 +08:00
Jeff Grafton
23ceebac22
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
Seth Jennings
6729add11c
sysctls: create feature gate to track promotion
2018-06-06 00:23:11 +02:00
Jan Chaloupka
ab616a88b9
Promote sysctl annotations to API fields
2018-06-05 23:17:00 +02:00
Slava Semushin
f49a0fbd5f
Replace UserIDRange/GroupIDRange by IDRange in internal type to reduce difference with external type.
...
We had IDRange in both types prior 9440a68744c91a12d205
2018-05-04 18:31:42 +02:00
Zhen Wang
e102633ae8
Change docker/default to runtime/default
2018-04-19 10:39:53 -07:00
Slava Semushin
6767e233ed
Update generated files.
...
In order to make it compilable I had to remove these files manually:
pkg/client/listers/extensions/internalversion/podsecuritypolicy.go
pkg/client/informers/informers_generated/internalversion/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/podsecuritypolicy.go
pkg/client/clientset_generated/internalclientset/typed/extensions/internalversion/fake/fake_podsecuritypolicy.go
2018-04-11 18:35:24 +02:00
Slava Semushin
8a7d5707d5
PSP: move internal types from extensions to policy.
2018-04-11 18:35:09 +02:00
Jeff Grafton
ef56a8d6bb
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
Jeff Grafton
efee0704c6
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
Dr. Stefan Schimanski
bec617f3cc
Update generated files
2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8
pkg/apis/core: mechanical import fixes in dependencies
2017-11-09 12:14:08 +01:00
Jeff Grafton
aee5f457db
update BUILD files
2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d
Use buildozer to delete licenses() rules except under third_party/
2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be
Use buildozer to remove deprecated automanaged tags
2017-08-11 09:31:50 -07:00
Di Xu
edeea36a43
fix pdb validation bug on spec
2017-07-12 16:44:28 +08:00
Anirudh
2b0de599a7
PDB MaxUnavailable: API changes
2017-05-23 07:18:43 -07:00
Mike Danese
a05c3c0efd
autogenerated
2017-04-14 10:40:57 -07:00
deads2k
c9a008dff3
move util/intstr to apimachinery
2017-01-30 12:46:59 -05:00
deads2k
dd7cd951ce
move meta/v1/validation to apimachinery
2017-01-16 13:40:13 -05:00
deads2k
6a4d5cd7cc
start the apimachinery repo
2017-01-11 09:09:48 -05:00
Jeff Grafton
20d221f75c
Enable auto-generating sources rules
2017-01-05 14:14:13 -08:00
Mike Danese
161c391f44
autogenerated
2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347
autoupdate BUILD files
2016-12-12 13:30:07 -08:00
Clayton Coleman
3454a8d52c
refactor: update bazel, codec, and gofmt
2016-12-03 19:10:53 -05:00
Clayton Coleman
5df8cc39c9
refactor: generated
2016-12-03 19:10:46 -05:00
Marcin
3872a47074
Autogenerated code and docs
2016-11-03 18:36:32 +01:00
Marcin
26acced6d8
Add policy api version v1beta1 and disable v1alpha1
2016-11-03 13:26:27 +01:00
Mike Danese
3b6a067afc
autogenerated
2016-10-21 17:32:32 -07:00
David McMahon
ef0c9f0c5b
Remove "All rights reserved" from all the headers.
2016-06-29 17:47:36 -07:00
Matt Liggett
f5e8d41431
Finish implementing policy API.
...
Registry implementation and addition to the master.
2016-05-13 17:27:58 -07:00
