kubernetes

Author	SHA1	Message	Date
Alexander Zielenski	8b14116509	refactor: move vap into parent `policy` folder also renames to remove stutter comment	2024-02-12 10:58:24 -08:00
Qiming Teng	f17468ff06	Fixs a validation error in teh admission registration API	2023-10-03 18:19:34 +08:00
Alexander Zielenski	c8dbf4712c	add namespaceParamRef to v1alpha1 and internal add required field to validation test test multiple combinartions of paramRefs in binding tests add validation test cases for new ParamRef fields	2023-07-20 09:30:09 -07:00
Jiahui Feng	b635f2a401	ValidatingAdmissionPolicy: Variable Composition (#118642 ) * [API REVIEW] Variable Composition * lazy map. * variable composition implementation. * check variables during VAP validation. * generated: ./hack/update-vendor.sh * generated: UPDATE_COMPATIBILITY_FIXTURE_DATA (cd staging/src/k8s.io/api/ && env UPDATE_COMPATIBILITY_FIXTURE_DATA=true go test) * cost calucation. * tests for cost calculations. * e2e test for variables. * fix doc for Validation.Expression. * generated: ./hack/update-codegen.sh * fix missing utilruntime import. * generated: ./hack/update-openapi-spec.sh	2023-07-13 17:13:28 -07:00
Joe Betz	e740f8340e	Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables	2023-05-08 11:52:31 -04:00
Jiahui Feng	33c3fe3f74	differentiate kinds of expressions.	2023-03-20 12:13:21 -07:00
Max Smythe	e5fd204c33	Custom match criteria (#116350 ) * Add custom match conditions for CEL admission This PR is based off of, and dependent on the following PR: https://github.com/kubernetes/kubernetes/pull/116261 Signed-off-by: Max Smythe <smythe@google.com> * run `make update` Signed-off-by: Max Smythe <smythe@google.com> * Fix unit tests Signed-off-by: Max Smythe <smythe@google.com> * Fix unit tests Signed-off-by: Max Smythe <smythe@google.com> * Update compatibility test data Signed-off-by: Max Smythe <smythe@google.com> * Revert "Update compatibility test data" This reverts commit 312ba7f9e74e0ec4a7ac1f07bf575479c608af28. * Allow params during validation; make match conditions optional Signed-off-by: Max Smythe <smythe@google.com> * Add conditional ignoring of matcher CEL expression validation on update Signed-off-by: Max Smythe <smythe@google.com> * Run codegen Signed-off-by: Max Smythe <smythe@google.com> * Add more validation tests Signed-off-by: Max Smythe <smythe@google.com> * Short-circuit CEL matcher when no matchers specified Signed-off-by: Max Smythe <smythe@google.com> * Run codegen Signed-off-by: Max Smythe <smythe@google.com> * Address review comments Signed-off-by: Max Smythe <smythe@google.com> --------- Signed-off-by: Max Smythe <smythe@google.com>	2023-03-15 17:23:15 -07:00
Igor Velichkovich	5e5b3029f3	Matchconditions admission webhooks alpha implementation for kep-3716 (#116261 ) * api changes adding match conditions * feature gate and registry strategy to drop fields * matchConditions logic for admission webhooks * feedback * update test * import order * bears.com * update fail policy ignore behavior * update docs and matcher to hold fail policy as non-pointer * update matcher error aggregation, fix early fail failpolicy ignore, update docs * final cleanup * openapi gen	2023-03-14 20:28:26 -07:00
Jiahui Feng	68ac7acbce	[API REVIEW] ValidatingAdmissionPolicyStatus	2023-03-07 15:43:34 -08:00
Jiahui Feng	d8be7aa9ca	implement message expression.	2023-03-08 17:36:11 -08:00
Joe Betz	d221ddb89a	Implement validationActions and auditAnnotations	2023-03-06 21:51:27 -05:00
Cici Huang	244c63a2e6	Apply resource constraints to ValidatingAdmissionPolicy.	2023-03-06 20:43:59 +00:00
Joe Betz	7bbda746fe	Implement secondary authz	2023-03-06 12:08:14 -05:00
Igor Velichkovich	e96ef31187	refactor admission cel validator and compiler to be reusable	2023-03-01 18:46:45 -06:00
Cici Huang	40c21dafcd	Rename admission cel package to validatingadmissionpolicy	2022-11-10 03:37:30 +00:00
Jordan Liggitt	fc69084bf1	Update workload selector validation	2022-11-07 20:52:02 -05:00
Manjusaka	0843c4dfca	Add extra value validation for matchExpression field in LabelSelector	2022-11-07 20:48:21 -05:00
Cici Huang	0486e06261	Adding new api version of admissionregistration.k8s.io v1alpha1 for CEL in Admission Control	2022-11-07 20:51:51 +00:00
Kubernetes Prow Robot	cfb2219ded	Merge pull request #107175 from roycaihw/doc/webhook-rule-validation Fix examples of admission registration rules that contain wildcards	2022-02-09 15:35:44 -08:00
guoyao	d9f99489ee	fix duplicate webhook insert operation Signed-off-by: guoyao <1015105054@qq.com>	2022-01-05 08:59:13 +08:00
Haowei Cai	8ddd030cd9	Fix examples of rules with wildcard	2021-12-21 16:46:54 -08:00
Jordan Liggitt	befffd1565	Drop legacy validation logic for admission registration	2021-08-09 12:37:18 -04:00
Jeremy Shih	4ee5cdc838	fixed golint error in pkg/apis/admissionregistration	2020-08-31 09:43:51 +08:00
Jordan Liggitt	eedf063599	Allow v1 review versions in 1.17+	2019-09-13 13:52:28 -04:00
Jordan Liggitt	190c926d1f	Limit v1 webhooks to None and NoneOnDryRun side effects classes	2019-08-06 20:54:06 -04:00
Jordan Liggitt	649ee4f2d0	Clarify accepted versions skew requirements, update field documentation	2019-08-01 17:17:42 -04:00
Jordan Liggitt	08b15d32f7	Require webhook names to be unique in v1	2019-07-10 17:38:09 -04:00
Jordan Liggitt	6c3891a25f	Remove default admissionReviewVersions in v1, make required in validation	2019-07-10 17:38:09 -04:00
Jordan Liggitt	9dcc722d2e	Remove default sideEffects in v1, make required in validation	2019-07-10 17:38:08 -04:00
Chao Xu	70f1b052e3	api	2019-05-30 16:46:00 -07:00
Joe Betz	95fa928ecb	Add mutating admission webhook reinvocation	2019-05-30 14:31:09 -07:00
Joe Betz	55ecc45455	split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook	2019-05-30 14:31:09 -07:00
Jordan Liggitt	b6fa0f5b0f	AdmissionRegistration API changes: MatchPolicy	2019-05-28 14:26:06 -04:00
Daniel (Shijun) Qian	5268f69405	fix duplicated imports of k8s code (#77484 ) * fix duplicated imports of api/core/v1 * fix duplicated imports of client-go/kubernetes * fix duplicated imports of rest code * change import name to more reasonable	2019-05-08 10:12:47 -07:00
Mehdy Bohlool	404e2f7a30	Add port to ServiceReference of Admission Webhooks, ConversionWebhooks and AuditSync with defaulter and validator	2019-04-08 00:18:36 -07:00
Mehdy Bohlool	f7dff4725f	Add AdmissionReviewVersions to admissionregistration and default it	2019-03-07 15:02:16 -08:00
Jordan Liggitt	0797d81222	Add scope restrictions to webhook admission rules	2019-03-05 00:30:12 +00:00
Haowei Cai	1cd9162c15	default and validation	2019-02-26 14:41:43 -08:00
Nguyen Hai Truong	34961dc16c	trivial fix typo: resouce -> resource Although it is spelling mistakes, it might make an affects while reading. Signed-off-by: Nguyen Hai Truong <truongnh@vn.fujitsu.com>	2019-02-15 02:05:28 -08:00
Jordan Liggitt	dc1fa870bf	Remove alpha InitializerConfiguration types, Initializers admission plugin	2019-01-23 11:37:39 -05:00
Mehdy Bohlool	1587d189cb	Refactor webhookclientConfig validation of admission and audit registration	2018-10-31 11:14:47 -07:00
Patrick Barker	381d0a5d14	adds dynamic audit api	2018-10-16 06:46:34 -06:00
jennybuckley	2d0ec48f9b	Support dry run in admission webhooks	2018-08-22 16:26:47 -07:00
Daniel Smith	e73fd87844	fix docs and validation	2017-11-11 18:42:48 -08:00
Daniel Smith	a0cb2ce697	Add URL beside service	2017-11-11 16:09:34 -08:00
Chao Xu	7006d224be	add NamespaceSelector to the api business logic in webhook plugin and unit test add a e2e test for namespace selector	2017-11-10 13:40:16 -08:00
mbohlool	fc5a613c17	Add MutatingWebhookConfiguration type	2017-11-09 14:00:14 -08:00
mbohlool	9ddea83a2c	Rename ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration	2017-11-09 11:39:50 -08:00
David Eads	730d42011a	generated	2017-10-19 08:06:38 -04:00
David Eads	33deaedaf6	add url path for admission webhooks	2017-10-19 08:06:38 -04:00

1 2

57 Commits