Commit Graph

72 Commits

Author SHA1 Message Date
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Lee Verberne
a0b57ad3db Update BUILD files for container helper 2019-06-21 08:32:04 +00:00
Lee Verberne
ee821e2a04 Create helpers for iterating containers in a pod 2019-06-21 08:32:04 +00:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
Jordan Liggitt
61be3683f3 Deprecate DenyEscalatingExec and DenyExecOnPrivileged admission plugins 2019-01-10 11:57:12 -05:00
Marko Mudrinić
b622acf8ec
admission/exec: externalize exec admission controller 2018-08-27 11:37:15 +02:00
Chao Xu
d89c8dd8c0 generated 2018-08-06 18:59:53 -07:00
Chao Xu
355691d310 Remove rest.ConnectRequest.
Make apiserver pass connectRequest.Options directly to the admission layer. All
the information in rest.ConnectRequest is present in admission attributes.
2018-08-06 18:59:52 -07:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
hzxuzhonghu
7c5f9e0bba refactor admission flag: add two admission flags and make plugins auto in recommended order 2018-01-19 13:16:36 +08:00
Kubernetes Submit Queue
45a069a241
Merge pull request #56839 from hzxuzhonghu/exec-admission
Automatic merge from submit-queue (batch tested with PRs 57746, 57621, 56839, 57464). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

 check pod securityContext hostNetwork in exec admission controller

**What this PR does / why we need it**:
currently only hostIPC hostPID are checked in DenyEscalatingExec admission controller,
hostNetwork should also be checked to deny exec /attach
**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #56838

**Special notes for your reviewer**:

**Release note**:

```release-note
check psp HostNetwork in DenyEscalatingExec admission controller.
```
2018-01-02 15:26:44 -08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
hzxuzhonghu
e31ed07a9c also check pod securityContextt hostNetwork in exec admission controller 2017-12-05 15:15:46 +08:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
David Eads
75c448dbc7 make easy validation admission plugins into validators 2017-11-03 07:54:39 -04:00
Dr. Stefan Schimanski
aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Dr. Stefan Schimanski
131905cdb8 admission: unify plugin constructors 2017-10-30 16:56:38 +01:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
p0lyn0mial
c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
p0lyn0mial
3f8d6e9210 Change all the existing admission init blocks to call a Register function
this is a two stage refactor when done there will be no init block in admission plugins.
Instead all plugins expose Register function which accept admission.Plugins instance.
The registration to global plugin registry happens inside Register func.
2017-05-18 22:25:01 +02:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Dr. Stefan Schimanski
63f547e1b1 pkg/admission: make plugin registry non-global 2017-04-12 11:37:25 +02:00
Klaus Ma
9aad72f6c8 Improved the code coverage of plugin/pkg/admission/exec. 2017-03-19 09:35:19 +08:00
deads2k
d89862beca update names for kube plugin initializer to avoid conflicts 2017-03-06 10:18:21 -05:00
Dr. Stefan Schimanski
6af3210d6f Update generated files 2017-02-03 08:15:46 +01:00
Dr. Stefan Schimanski
536460e1d9 Mechanical fixup imports: pkg/genericapiserver 2017-02-03 08:15:45 +01:00
Seth Jennings
071c66a011 fix nil deref in exec admission 2017-01-30 13:51:00 -06:00
deads2k
9488e2ba30 move testing/core to client-go 2017-01-26 13:54:40 -05:00
Dr. Stefan Schimanski
3d9449a353 genericapiserver: fix imports 2017-01-19 13:06:47 +01:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
Dr. Stefan Schimanski
8fe0958ba0 Update bazel 2017-01-17 09:30:48 +01:00
Dr. Stefan Schimanski
5c88b7d05a Fix imports 2017-01-17 09:30:30 +01:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
Jeff Grafton
20d221f75c Enable auto-generating sources rules 2017-01-05 14:14:13 -08:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Mike Danese
161c391f44 autogenerated 2016-12-29 13:04:10 -08:00
Mike Danese
c87de85347 autoupdate BUILD files 2016-12-12 13:30:07 -08:00
Wojciech Tyczynski
aa7da5231f Update bazel files 2016-12-09 09:42:02 +01:00
Wojciech Tyczynski
e8d1cba875 GetOptions in client calls 2016-12-09 09:42:01 +01:00
Mike Danese
3b6a067afc autogenerated 2016-10-21 17:32:32 -07:00
derekwaynecarr
a672a986e3 Admission control errors should have consistent lower casing 2016-08-08 10:31:23 -04:00