6a75e7c40c
This commit is the main API piece of KEP-3257 (ClusterTrustBundles). This commit: * Adds the certificates.k8s.io/v1alpha1 API group * Adds the ClusterTrustBundle type. * Registers the new type in kube-apiserver. * Implements the type-specfic validation specified for ClusterTrustBundles: - spec.pemTrustAnchors must always be non-empty. - spec.signerName must be either empty or a valid signer name. - Changing spec.signerName is disallowed. * Implements the "attest" admission check to restrict actions on ClusterTrustBundles that include a signer name. Because it wasn't specified in the KEP, I chose to make attempts to update the signer name be validation errors, rather than silently ignored. I have tested this out by launching these changes in kind and manipulating ClusterTrustBundle objects in the resulting cluster using kubectl. |
||
|---|---|---|
| .. | ||
| testdata | ||
| admission_test.go | ||
| admission.go | ||
| authentication_test.go | ||
| authentication.go | ||
| authorization_test.go | ||
| authorization.go | ||
| cloudprovider.go | ||
| options.go | ||
| plugins_test.go | ||
| plugins.go | ||
| serving.go | ||