github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2e4b637bf8
kubernetes/pkg/registry
History
Taahir Ahmed 6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
2023-03-15 20:10:18 -07:00
..
admissionregistration Matchconditions admission webhooks alpha implementation for kep-3716 (#116261) 2023-03-14 20:28:26 -07:00
apiserverinternal Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
apps managedfields: Move most of fieldmanager package to managefields 2023-03-08 13:44:00 -08:00
authentication KEP-3325: Promote SelfSubjectReview to Beta (#116274) 2023-03-08 15:42:33 -08:00
authorization Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
autoscaling Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
batch Add batch.kubernetes.io to labels created in the Job controller. 2023-03-11 12:27:38 +00:00
certificates ClusterTrustBundles: Define types 2023-03-15 20:10:18 -07:00
coordination Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
core add repair loop 2023-03-14 22:58:11 +00:00
discovery Merge pull request #114677 from kl52752/epd-warning-address-type 2023-01-10 13:47:27 -08:00
events reduce API surface area of whether a resource is enabled 2022-02-23 13:36:33 -05:00
flowcontrol Remove GetSingularName for subresources 2022-11-18 12:21:19 +03:00
networking Merge pull request #115447 from kidddddddddddddddddddddd/ingress 2023-03-15 02:02:16 -07:00
node Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
policy registry/storage: remove psp support 2023-01-06 17:07:02 +08:00
rbac minor integration test fixes and more singular resource 2022-11-18 13:11:16 +03:00
registrytest ClusterTrustBundles: Define types 2023-03-15 20:10:18 -07:00
resource api: resource.k8s.io PodScheduling -> PodSchedulingContext 2023-03-14 10:18:08 +01:00
scheduling Add singular name for the rest of types 2022-11-18 12:21:13 +03:00
storage Add validation of CSIDriver.SELinuxMount 2023-03-14 16:49:55 +01:00
doc.go
OWNERS Add mwielgus back 2022-01-10 09:02:53 -05:00