github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7afcfe1826
kubernetes/hack
History
Taahir Ahmed 6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
2023-03-15 20:10:18 -07:00
..
boilerplate Make boilerplate.py smarter about generated 2023-01-21 11:16:13 -08:00
conformance e2e: accept context from Ginkgo 2022-12-10 19:50:18 +01:00
e2e-internal hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
gen-swagger-doc
jenkins Defer builds to test-cmd and test-integration targets 2023-02-01 15:35:14 -05:00
lib ClusterTrustBundles: Define types 2023-03-15 20:10:18 -07:00
make-rules Add a script to verify that URLs in API documentation are valid 2023-03-13 11:37:59 -07:00
testdata Updating pause image refernces to 3.9 2022-11-14 10:24:54 -08:00
tools hack/tools: bump golangci-lint to v1.51.2 2023-02-22 07:54:20 +01:00
verify-flags kubelet: create top-level traces for pod sync and GC 2023-03-11 10:42:14 +01:00
.descriptions_failures Add missing comments in APF API types 2021-06-25 00:27:40 -04:00
.import-aliases hack import aliases 2023-03-14 22:58:11 +00:00
.spelling_failures Add gimme 2023-02-01 16:34:23 -05:00
benchmark-go.sh
build-cross.sh
build-go.sh
cherry_pick_pull.sh Update cherry_pick_pull.sh 2022-06-26 09:21:05 +05:30
dev-build-and-push.sh
dev-build-and-up.sh
dev-push-conformance.sh Build Ginkgo binary 2022-07-08 10:46:11 +08:00
e2e-node-test.sh
generate-docs.sh
get-build.sh cluster,hack: Use community infra GCS bucket for retrieving CI builds 2021-07-03 17:04:54 -04:00
ginkgo-e2e.sh e2e: revise complete report creation 2023-02-10 10:20:20 +01:00
golangci-strict.yaml golangci-lint: synchronize configs and add verification for that 2023-03-08 15:23:27 +01:00
golangci.yaml golangci-lint: synchronize configs and add verification for that 2023-03-08 15:23:27 +01:00
grab-profiles.sh Fix exit code check in hack/grab-profiles.sh 2021-05-17 14:47:05 +08:00
install-etcd.sh
install-protoc.sh Add helper script to install protoc 2023-01-26 18:00:08 -05:00
lint-dependencies.sh Guard against merging non-canonical replace directives 2022-11-17 13:00:12 -05:00
list-feature-tests.sh
local-up-cluster.sh Merge pull request #108838 from nckturner/webhook-framework 2023-03-14 20:28:14 -07:00
logcheck.conf hack/logcheck.conf: enforce contextual logging in kube-controller-manager 2023-03-14 19:17:31 +01:00
module-graph.sh
OWNERS Move root approvers to subdirs 2022-10-10 13:43:03 -04:00
pin-dependency.sh Stop adding explicit replace directives for all requires 2022-10-28 15:15:18 -04:00
print-workspace-status.sh Remove invalid comments in hack/lib/version.sh 2022-07-06 19:19:29 +08:00
README.md
run-in-gopath.sh
run-prometheus-on-etcd-scrapes.sh Add serving of scrapes as Prometheus metrics 2021-11-08 15:28:05 -05:00
serve-prom-scrapes.sh Fixed typo in hack/serve-prom-scrapes.sh 2022-02-04 01:33:06 -05:00
test-go.sh
test-integration.sh
unwanted-dependencies.json Update kubectl kustomize to kyaml/v0.14.1, cmd/config/v0.11.1, api/v0.13.2, kustomize/v5.0.1 2023-03-14 11:40:28 -05:00
update-all.sh refactor(hack): use ${BASH_SOURCE[0]} to get script name 2022-04-16 23:58:13 +08:00
update-codegen.sh Merge pull request #116141 from thockin/codegen_script_wide_vars 2023-02-28 14:54:23 -08:00
update-conformance-yaml.sh port conformance yaml generation to hack 2021-02-28 00:54:54 -08:00
update-generated-api-compatibility-data.sh Add CRD compatibility objects 2023-02-27 14:12:59 -05:00
update-generated-docs.sh
update-generated-proto-bindings-dockerized.sh Check protoc version strictly 2023-01-26 18:00:06 -05:00
update-generated-protobuf-dockerized.sh Check protoc version strictly 2023-01-26 18:00:06 -05:00
update-generated-stable-metrics.sh remove the rest of the bazel test wiring for metrics stability 2021-02-05 10:48:48 -08:00
update-gofmt.sh Make update-gofmt use ls-files 2023-01-22 15:16:23 -08:00
update-import-aliases.sh
update-internal-modules.sh Add k8s.io/kms/internal/plugins/mock to internal modules 2023-03-14 16:31:54 -04:00
update-kustomize.sh Update kubectl kustomize to kyaml/v0.14.1, cmd/config/v0.11.1, api/v0.13.2, kustomize/v5.0.1 2023-03-14 11:40:28 -05:00
update-mocks.sh Fix update-mocks to use better globs 2023-01-23 09:20:12 -08:00
update-netparse-cve.sh Make update-netparse-cve use ls-files 2023-01-22 15:21:37 -08:00
update-openapi-spec.sh Remove openapi files before regen 2023-01-21 17:46:22 -08:00
update-translations.sh fix translations location in update-translations.sh 2021-07-07 20:01:25 +02:00
update-vendor-licenses.sh Licensing: skip modules with fewer subdirs than mods 2023-01-03 16:48:35 +01:00
update-vendor.sh Stop adding requires for everything in the graph 2022-10-28 15:15:18 -04:00
update-yamlfmt.sh Make verify-yamlfmt.sh use git worktree 2022-12-26 17:14:58 -08:00
verify-all.sh refactor(hack): use ${BASH_SOURCE[0]} to get script name 2022-04-16 23:58:13 +08:00
verify-api-groups.sh Add discovery types 2022-10-19 17:27:25 +00:00
verify-boilerplate.sh
verify-cli-conventions.sh
verify-codegen.sh Simplify verify-codegen to use worktrees 2023-01-21 11:16:15 -08:00
verify-conformance-requirements.sh fix make verify (#115871) 2023-02-22 07:17:56 -08:00
verify-conformance-yaml.sh port conformance yaml generation to hack 2021-02-28 00:54:54 -08:00
verify-description.sh hack/verify-description.sh: correctly look for versioned API types 2021-03-02 21:50:40 +05:30
verify-e2e-test-ownership.sh declare and assign seperately in hack/verify-e2e-test-ownership.sh 2022-10-19 23:46:18 -07:00
verify-external-dependencies-version.sh use sed to drop escape codes from zeitgeist output 2021-03-04 14:59:52 -08:00
verify-fieldname-docs.sh Fix the name violation in apiextensions.k8s.io/v1,CustomResourceConversion, remove the failures file 2023-01-19 22:08:29 +08:00
verify-flags-underscore.py use python3 in hack 2023-01-12 11:20:41 +08:00
verify-generated-docs.sh
verify-generated-stable-metrics.sh remove the rest of the bazel test wiring for metrics stability 2021-02-05 10:48:48 -08:00
verify-gofmt.sh cleanup verify-gofmt.sh 2021-03-07 12:51:33 -08:00
verify-golangci-lint-config.sh golangci-lint: synchronize configs and add verification for that 2023-03-08 15:23:27 +01:00
verify-golangci-lint-pr.sh hack: prepare for strict golangci-lint in pull-verify-kubernetes 2023-03-07 19:38:32 +01:00
verify-golangci-lint.sh hack: prepare for strict golangci-lint in pull-verify-kubernetes 2023-03-07 19:38:32 +01:00
verify-govet-levee.sh verify-govet-levee.sh: optimize "go list" 2023-03-03 07:51:04 +01:00
verify-import-aliases.sh
verify-import-boss.sh drop vendor from go install paths 2022-05-05 08:47:33 -04:00
verify-imports.sh
verify-internal-modules.sh Rename *-hack-tools.sh -> *-internal-modules.sh 2021-01-25 10:15:59 -08:00
verify-licenses.sh Merge pull request #114858 from acpana/acpana/fix-verify-licenses 2023-01-05 23:15:58 -08:00
verify-mocks.sh Make verify-mocks.sh use git worktree 2022-12-26 17:14:14 -08:00
verify-netparse-cve.sh update and verify netparse 2021-08-20 10:42:09 +02:00
verify-no-vendor-cycles.sh Update go.mod files to go1.18, update license vendor script 2022-05-04 10:22:27 -04:00
verify-non-mutating-validation.sh add verify script to catch most validation mutations 2021-10-08 14:37:55 -04:00
verify-openapi-docs-urls.sh Add a script to verify that URLs in API documentation are valid 2023-03-13 11:37:59 -07:00
verify-openapi-spec.sh Generate openapi v3 static files 2021-11-16 17:38:54 -08:00
verify-pkg-names.sh
verify-prerelease-lifecycle-tags.sh Fix error path in file /verify-prerelease-lifecycle-tags.sh. 2021-03-06 15:32:07 +08:00
verify-prometheus-imports.sh kubelet: Force deleted pods can fail to move out of terminating 2023-03-08 22:03:51 -06:00
verify-publishing-bot.py use python3 in hack 2023-01-12 11:20:41 +08:00
verify-readonly-packages.sh remove clearly unnecessary lingering BUILD file references 2022-10-04 16:47:25 -07:00
verify-shellcheck.sh Update shellcheck version (0.7.2 -> 0.8.0) and fix findings 2022-11-08 11:53:57 +01:00
verify-spelling.sh
verify-staging-meta-files.sh
verify-test-code.sh e2e framework: deprecate gomega wrappers 2023-02-23 09:51:42 +01:00
verify-test-featuregates.sh Handle AllAlpha and AllBeta in SetFeatureGateDuringTest 2023-03-02 22:24:19 -05:00
verify-test-images.sh
verify-typecheck-providerless.sh providerless tag for client-go auth plugins 2021-03-28 20:07:59 -04:00
verify-typecheck.sh Remove generated file rules in make 2022-10-04 08:50:30 -07:00
verify-vendor-licenses.sh Remove docker remote/docker-machine from build scripts 2020-12-30 12:37:51 -05:00
verify-vendor.sh Improve vendor verification works for each staging repo 2023-01-10 09:30:47 -05:00
verify-yamlfmt.sh Make verify-yamlfmt.sh use git worktree 2022-12-26 17:14:58 -08:00

README.md

Kubernetes hack GuideLines

This document describes how you can use the scripts from hack directory and gives a brief introduction and explanation of these scripts.

Overview

The hack directory contains many scripts that ensure continuous development of kubernetes, enhance the robustness of the code, improve development efficiency, etc. The explanations and descriptions of these scripts are helpful for contributors. For details, refer to the following guidelines.

Key scripts

  • verify-all.sh: This script is a vestigial redirection, Please do not add "real" logic. It is equivalent to make verify.
  • update-all.sh: This script is a vestigial redirection, Please do not add "real" logic. The true target of this makerule is hack/make-rules/update.sh.It is equivalent to make update.

Attention

Note that all scripts must be run from the Kubernetes root directory. We should run hack/verify-all.sh before submitting a PR and if anything fails run hack/update-all.sh.