github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
eb60dce33b00c048d46f15b3a29b4b237b49f5f3
kubernetes/hack
History
Taahir Ahmed 6a75e7c40c ClusterTrustBundles: Define types 
This commit is the main API piece of KEP-3257 (ClusterTrustBundles).

This commit:

* Adds the certificates.k8s.io/v1alpha1 API group
* Adds the ClusterTrustBundle type.
* Registers the new type in kube-apiserver.
* Implements the type-specfic validation specified for
  ClusterTrustBundles:
  - spec.pemTrustAnchors must always be non-empty.
  - spec.signerName must be either empty or a valid signer name.
  - Changing spec.signerName is disallowed.
* Implements the "attest" admission check to restrict actions on
  ClusterTrustBundles that include a signer name.

Because it wasn't specified in the KEP, I chose to make attempts to
update the signer name be validation errors, rather than silently
ignored.

I have tested this out by launching these changes in kind and
manipulating ClusterTrustBundle objects in the resulting cluster using
kubectl.
2023-03-15 20:10:18 -07:00
..
boilerplate
Make boilerplate.py smarter about generated
2023-01-21 11:16:13 -08:00
conformance
e2e: accept context from Ginkgo
2022-12-10 19:50:18 +01:00
e2e-internal
hack/update-bazel.sh
2021-02-28 15:17:29 -08:00
gen-swagger-doc
jenkins
Defer builds to test-cmd and test-integration targets
2023-02-01 15:35:14 -05:00
lib
ClusterTrustBundles: Define types
2023-03-15 20:10:18 -07:00
make-rules
Add a script to verify that URLs in API documentation are valid
2023-03-13 11:37:59 -07:00
testdata
Updating pause image refernces to 3.9
2022-11-14 10:24:54 -08:00
tools
hack/tools: bump golangci-lint to v1.51.2
2023-02-22 07:54:20 +01:00
verify-flags
kubelet: create top-level traces for pod sync and GC
2023-03-11 10:42:14 +01:00
.descriptions_failures
Add missing comments in APF API types
2021-06-25 00:27:40 -04:00
.import-aliases
hack import aliases
2023-03-14 22:58:11 +00:00
.spelling_failures
Add gimme
2023-02-01 16:34:23 -05:00
benchmark-go.sh
build-cross.sh
build-go.sh
cherry_pick_pull.sh
Update cherry_pick_pull.sh
2022-06-26 09:21:05 +05:30
dev-build-and-push.sh
dev-build-and-up.sh
dev-push-conformance.sh
Build Ginkgo binary
2022-07-08 10:46:11 +08:00
e2e-node-test.sh
generate-docs.sh
get-build.sh
cluster,hack: Use community infra GCS bucket for retrieving CI builds
2021-07-03 17:04:54 -04:00
ginkgo-e2e.sh
e2e: revise complete report creation
2023-02-10 10:20:20 +01:00
golangci-strict.yaml
golangci-lint: synchronize configs and add verification for that
2023-03-08 15:23:27 +01:00
golangci.yaml
golangci-lint: synchronize configs and add verification for that
2023-03-08 15:23:27 +01:00
grab-profiles.sh
Fix exit code check in hack/grab-profiles.sh
2021-05-17 14:47:05 +08:00
install-etcd.sh
install-protoc.sh
Add helper script to install protoc
2023-01-26 18:00:08 -05:00
lint-dependencies.sh
Guard against merging non-canonical replace directives
2022-11-17 13:00:12 -05:00
list-feature-tests.sh
local-up-cluster.sh
Merge pull request #108838 from nckturner/webhook-framework
2023-03-14 20:28:14 -07:00
logcheck.conf
hack/logcheck.conf: enforce contextual logging in kube-controller-manager
2023-03-14 19:17:31 +01:00
module-graph.sh
Make sure the _output folder exists before using it from module-graph.sh
2020-07-07 01:19:59 -07:00
OWNERS
Move root approvers to subdirs
2022-10-10 13:43:03 -04:00
pin-dependency.sh
Stop adding explicit replace directives for all requires
2022-10-28 15:15:18 -04:00
print-workspace-status.sh
Remove invalid comments in hack/lib/version.sh
2022-07-06 19:19:29 +08:00
README.md
run-in-gopath.sh
run-prometheus-on-etcd-scrapes.sh
Add serving of scrapes as Prometheus metrics
2021-11-08 15:28:05 -05:00
serve-prom-scrapes.sh
Fixed typo in hack/serve-prom-scrapes.sh
2022-02-04 01:33:06 -05:00
test-go.sh
test-integration.sh
unwanted-dependencies.json
Update kubectl kustomize to kyaml/v0.14.1, cmd/config/v0.11.1, api/v0.13.2, kustomize/v5.0.1
2023-03-14 11:40:28 -05:00
update-all.sh
refactor(hack): use ${BASH_SOURCE[0]} to get script name
2022-04-16 23:58:13 +08:00
update-codegen.sh
Merge pull request #116141 from thockin/codegen_script_wide_vars
2023-02-28 14:54:23 -08:00
update-conformance-yaml.sh
port conformance yaml generation to hack
2021-02-28 00:54:54 -08:00
update-generated-api-compatibility-data.sh
Add CRD compatibility objects
2023-02-27 14:12:59 -05:00
update-generated-docs.sh
update-generated-proto-bindings-dockerized.sh
Check protoc version strictly
2023-01-26 18:00:06 -05:00
update-generated-protobuf-dockerized.sh
Check protoc version strictly
2023-01-26 18:00:06 -05:00
update-generated-stable-metrics.sh
remove the rest of the bazel test wiring for metrics stability
2021-02-05 10:48:48 -08:00
update-gofmt.sh
Make update-gofmt use ls-files
2023-01-22 15:16:23 -08:00
update-import-aliases.sh
*.sh: cleanup all white noise
2020-05-29 09:56:00 +08:00
update-internal-modules.sh
Add k8s.io/kms/internal/plugins/mock to internal modules
2023-03-14 16:31:54 -04:00
update-kustomize.sh
Update kubectl kustomize to kyaml/v0.14.1, cmd/config/v0.11.1, api/v0.13.2, kustomize/v5.0.1
2023-03-14 11:40:28 -05:00
update-mocks.sh
Fix update-mocks to use better globs
2023-01-23 09:20:12 -08:00
update-netparse-cve.sh
Make update-netparse-cve use ls-files
2023-01-22 15:21:37 -08:00
update-openapi-spec.sh
Remove openapi files before regen
2023-01-21 17:46:22 -08:00
update-translations.sh
fix translations location in update-translations.sh
2021-07-07 20:01:25 +02:00
update-vendor-licenses.sh
Licensing: skip modules with fewer subdirs than mods
2023-01-03 16:48:35 +01:00
update-vendor.sh
Stop adding requires for everything in the graph
2022-10-28 15:15:18 -04:00
update-yamlfmt.sh
Make verify-yamlfmt.sh use git worktree
2022-12-26 17:14:58 -08:00
verify-all.sh
refactor(hack): use ${BASH_SOURCE[0]} to get script name
2022-04-16 23:58:13 +08:00
verify-api-groups.sh
Add discovery types
2022-10-19 17:27:25 +00:00
verify-boilerplate.sh
verify-cli-conventions.sh
verify-codegen.sh
Simplify verify-codegen to use worktrees
2023-01-21 11:16:15 -08:00
verify-conformance-requirements.sh
fix make verify (#115871)
2023-02-22 07:17:56 -08:00
verify-conformance-yaml.sh
port conformance yaml generation to hack
2021-02-28 00:54:54 -08:00
verify-description.sh
hack/verify-description.sh: correctly look for versioned API types
2021-03-02 21:50:40 +05:30
verify-e2e-test-ownership.sh
declare and assign seperately in hack/verify-e2e-test-ownership.sh
2022-10-19 23:46:18 -07:00
verify-external-dependencies-version.sh
use sed to drop escape codes from zeitgeist output
2021-03-04 14:59:52 -08:00
verify-fieldname-docs.sh
Fix the name violation in apiextensions.k8s.io/v1,CustomResourceConversion, remove the failures file
2023-01-19 22:08:29 +08:00
verify-flags-underscore.py
use python3 in hack
2023-01-12 11:20:41 +08:00
verify-generated-docs.sh
verify-generated-stable-metrics.sh
remove the rest of the bazel test wiring for metrics stability
2021-02-05 10:48:48 -08:00
verify-gofmt.sh
cleanup verify-gofmt.sh
2021-03-07 12:51:33 -08:00
verify-golangci-lint-config.sh
golangci-lint: synchronize configs and add verification for that
2023-03-08 15:23:27 +01:00
verify-golangci-lint-pr.sh
hack: prepare for strict golangci-lint in pull-verify-kubernetes
2023-03-07 19:38:32 +01:00
verify-golangci-lint.sh
hack: prepare for strict golangci-lint in pull-verify-kubernetes
2023-03-07 19:38:32 +01:00
verify-govet-levee.sh
verify-govet-levee.sh: optimize "go list"
2023-03-03 07:51:04 +01:00
verify-import-aliases.sh
verify-import-boss.sh
drop vendor from go install paths
2022-05-05 08:47:33 -04:00
verify-imports.sh
verify-internal-modules.sh
Rename *-hack-tools.sh -> *-internal-modules.sh
2021-01-25 10:15:59 -08:00
verify-licenses.sh
Merge pull request #114858 from acpana/acpana/fix-verify-licenses
2023-01-05 23:15:58 -08:00
verify-mocks.sh
Make verify-mocks.sh use git worktree
2022-12-26 17:14:14 -08:00
verify-netparse-cve.sh
update and verify netparse
2021-08-20 10:42:09 +02:00
verify-no-vendor-cycles.sh
Update go.mod files to go1.18, update license vendor script
2022-05-04 10:22:27 -04:00
verify-non-mutating-validation.sh
add verify script to catch most validation mutations
2021-10-08 14:37:55 -04:00
verify-openapi-docs-urls.sh
Add a script to verify that URLs in API documentation are valid
2023-03-13 11:37:59 -07:00
verify-openapi-spec.sh
Generate openapi v3 static files
2021-11-16 17:38:54 -08:00
verify-pkg-names.sh
verify-prerelease-lifecycle-tags.sh
Fix error path in file /verify-prerelease-lifecycle-tags.sh.
2021-03-06 15:32:07 +08:00
verify-prometheus-imports.sh
kubelet: Force deleted pods can fail to move out of terminating
2023-03-08 22:03:51 -06:00
verify-publishing-bot.py
use python3 in hack
2023-01-12 11:20:41 +08:00
verify-readonly-packages.sh
remove clearly unnecessary lingering BUILD file references
2022-10-04 16:47:25 -07:00
verify-shellcheck.sh
Update shellcheck version (0.7.2 -> 0.8.0) and fix findings
2022-11-08 11:53:57 +01:00
verify-spelling.sh
verify-staging-meta-files.sh
verify-test-code.sh
e2e framework: deprecate gomega wrappers
2023-02-23 09:51:42 +01:00
verify-test-featuregates.sh
Handle AllAlpha and AllBeta in SetFeatureGateDuringTest
2023-03-02 22:24:19 -05:00
verify-test-images.sh
verify-typecheck-providerless.sh
providerless tag for client-go auth plugins
2021-03-28 20:07:59 -04:00
verify-typecheck.sh
Remove generated file rules in make
2022-10-04 08:50:30 -07:00
verify-vendor-licenses.sh
Remove docker remote/docker-machine from build scripts
2020-12-30 12:37:51 -05:00
verify-vendor.sh
Improve vendor verification works for each staging repo
2023-01-10 09:30:47 -05:00
verify-yamlfmt.sh
Make verify-yamlfmt.sh use git worktree
2022-12-26 17:14:58 -08:00

README.md

Kubernetes hack GuideLines

This document describes how you can use the scripts from hack directory and gives a brief introduction and explanation of these scripts.

Overview

The hack directory contains many scripts that ensure continuous development of kubernetes, enhance the robustness of the code, improve development efficiency, etc. The explanations and descriptions of these scripts are helpful for contributors. For details, refer to the following guidelines.

Key scripts

  • verify-all.sh: This script is a vestigial redirection, Please do not add "real" logic. It is equivalent to make verify.
  • update-all.sh: This script is a vestigial redirection, Please do not add "real" logic. The true target of this makerule is hack/make-rules/update.sh.It is equivalent to make update.

Attention

Note that all scripts must be run from the Kubernetes root directory. We should run hack/verify-all.sh before submitting a PR and if anything fails run hack/update-all.sh.