Mike Danese
3aa59f7f30
generated: run refactor
2020-02-07 18:16:47 -08:00
Jordan Liggitt
61774cd717
Plumb context to admission Admit/Validate
2019-08-20 11:11:00 -04:00
Lee Verberne
a0b57ad3db
Update BUILD files for container helper
2019-06-21 08:32:04 +00:00
Lee Verberne
ee821e2a04
Create helpers for iterating containers in a pod
2019-06-21 08:32:04 +00:00
Joe Betz
900d652a9a
Update tests for: Pass {Operation}Option to Webhooks
2019-05-14 10:49:43 -07:00
Mehdy Bohlool
d08bc3774d
Mechanical changes due to signature change for Admit and Validate functions
2019-02-16 13:28:47 -08:00
Jordan Liggitt
61be3683f3
Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins
2019-01-10 11:57:12 -05:00
Marko Mudrinić
b622acf8ec
admission/exec: externalize exec admission controller
2018-08-27 11:37:15 +02:00
Chao Xu
d89c8dd8c0
generated
2018-08-06 18:59:53 -07:00
Chao Xu
355691d310
Remove rest.ConnectRequest.
...
Make apiserver pass connectRequest.Options directly to the admission layer. All
the information in rest.ConnectRequest is present in admission attributes.
2018-08-06 18:59:52 -07:00
jennybuckley
adafb1365e
Support dry run in admission plugins
2018-08-06 10:37:44 -07:00
Jeff Grafton
23ceebac22
Run hack/update-bazel.sh
2018-06-22 16:22:57 -07:00
Jeff Grafton
ef56a8d6bb
Autogenerated: hack/update-bazel.sh
2018-02-16 13:43:01 -08:00
hzxuzhonghu
7c5f9e0bba
refactor admission flag: add two admission flags and make plugins auto in recommended order
2018-01-19 13:16:36 +08:00
Kubernetes Submit Queue
45a069a241
Merge pull request #56839 from hzxuzhonghu/exec-admission
...
Automatic merge from submit-queue (batch tested with PRs 57746, 57621, 56839, 57464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
check pod securityContext hostNetwork in exec admission controller
**What this PR does / why we need it**:
currently only hostIPC hostPID are checked in DenyEscalatingExec admission controller,
hostNetwork should also be checked to deny exec /attach
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #56838
**Special notes for your reviewer**:
**Release note**:
```release-note
check psp HostNetwork in DenyEscalatingExec admission controller.
```
2018-01-02 15:26:44 -08:00
Jeff Grafton
efee0704c6
Autogenerate BUILD files
2017-12-23 13:12:11 -08:00
hzxuzhonghu
e31ed07a9c
also check pod securityContextt hostNetwork in exec admission controller
2017-12-05 15:15:46 +08:00
Dr. Stefan Schimanski
bec617f3cc
Update generated files
2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8
pkg/apis/core: mechanical import fixes in dependencies
2017-11-09 12:14:08 +01:00
David Eads
75c448dbc7
make easy validation admission plugins into validators
2017-11-03 07:54:39 -04:00
Dr. Stefan Schimanski
aedcf681b3
admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e}
2017-11-02 09:29:55 +01:00
Dr. Stefan Schimanski
131905cdb8
admission: unify plugin constructors
2017-10-30 16:56:38 +01:00
Jeff Grafton
aee5f457db
update BUILD files
2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d
Use buildozer to delete licenses() rules except under third_party/
2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be
Use buildozer to remove deprecated automanaged tags
2017-08-11 09:31:50 -07:00
p0lyn0mial
c5019bf696
remove init blocks from all admission plugins
2017-05-23 22:00:32 +02:00
p0lyn0mial
3f8d6e9210
Change all the existing admission init blocks to call a Register function
...
this is a two stage refactor when done there will be no init block in admission plugins.
Instead all plugins expose Register function which accept admission.Plugins instance.
The registration to global plugin registry happens inside Register func.
2017-05-18 22:25:01 +02:00
Mike Danese
a05c3c0efd
autogenerated
2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski
63f547e1b1
pkg/admission: make plugin registry non-global
2017-04-12 11:37:25 +02:00
Klaus Ma
9aad72f6c8
Improved the code coverage of plugin/pkg/admission/exec.
2017-03-19 09:35:19 +08:00
deads2k
d89862beca
update names for kube plugin initializer to avoid conflicts
2017-03-06 10:18:21 -05:00
Dr. Stefan Schimanski
6af3210d6f
Update generated files
2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski
536460e1d9
Mechanical fixup imports: pkg/genericapiserver
2017-02-03 08:15:45 +01:00
Seth Jennings
071c66a011
fix nil deref in exec admission
2017-01-30 13:51:00 -06:00
deads2k
9488e2ba30
move testing/core to client-go
2017-01-26 13:54:40 -05:00
Dr. Stefan Schimanski
3d9449a353
genericapiserver: fix imports
2017-01-19 13:06:47 +01:00
deads2k
01b3b2b461
move admission to genericapiserver
2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types
2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski
8fe0958ba0
Update bazel
2017-01-17 09:30:48 +01:00
Dr. Stefan Schimanski
5c88b7d05a
Fix imports
2017-01-17 09:30:30 +01:00
deads2k
77b4d55982
mechanical
2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc
start the apimachinery repo
2017-01-11 09:09:48 -05:00
Jeff Grafton
20d221f75c
Enable auto-generating sources rules
2017-01-05 14:14:13 -08:00
deads2k
2861509b6d
refactored admission to avoid internal client references
2017-01-03 15:50:12 -05:00
Mike Danese
161c391f44
autogenerated
2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347
autoupdate BUILD files
2016-12-12 13:30:07 -08:00
Wojciech Tyczynski
aa7da5231f
Update bazel files
2016-12-09 09:42:02 +01:00
Wojciech Tyczynski
e8d1cba875
GetOptions in client calls
2016-12-09 09:42:01 +01:00
Mike Danese
3b6a067afc
autogenerated
2016-10-21 17:32:32 -07:00
derekwaynecarr
a672a986e3
Admission control errors should have consistent lower casing
2016-08-08 10:31:23 -04:00