djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
350 Commits 30 Branches 34 Tags 22 MiB
7207041c37
Commit Graph

350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Moyer
7207041c37
Merge pull request #91 from mattmoyer/prefactor-api-resource-test 
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes.
 2020-09-09 10:46:13 -05:00
Matt Moyer
7f9cb43ffa
Refactor GetAPIResourceList test a bit to prep for IDP CRD changes. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-09 10:24:41 -05:00
Matt Moyer
3d09afbfb3
Merge pull request #88 from mattmoyer/add-replica-count-param 
Add a ytt template value for replica count.
 2020-09-08 11:54:11 -05:00
Matt Moyer
b0315e5e9f Add a ytt template value for replica count. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-09-08 11:36:32 -05:00
Andrew Keesler
f8f16fadb9
Merge pull request #69 from ankeesler/pod-anti-affinity 
Add pod anti-affinity to make our HA deployment more HA
 2020-09-08 11:01:55 -04:00
Matt Moyer
ba53218711
Merge pull request #84 from suzerain-io/dependabot/docker/golang-1.15.1 
Bump golang from 1.15.0 to 1.15.1
 2020-09-08 09:33:03 -05:00
Andrew Keesler
1415fcc6dc
Add pod anti-affinity to make our HA deployment more HA 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-09-08 10:08:34 -04:00
Matt Moyer
ab82b2ea64
Merge pull request #86 from suzerain-io/dependabot/go_modules/github.com/golangci/golangci-lint-1.31.0 
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0
 2020-09-08 08:40:52 -05:00
Matt Moyer
1dcba155a2
Merge pull request #85 from suzerain-io/dependabot/go_modules/github.com/go-logr/logr-0.2.1 
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1
 2020-09-08 08:37:17 -05:00
dependabot[bot]
9c8d30fa86
Bump github.com/golangci/golangci-lint from 1.30.0 to 1.31.0 
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.30.0 to 1.31.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.30.0...v1.31.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-08 06:07:24 +00:00
dependabot[bot]
1d004a7326
Bump github.com/go-logr/logr from 0.2.0 to 0.2.1 
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Commits](https://github.com/go-logr/logr/compare/v0.2.0...v0.2.1)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-07 05:49:14 +00:00
dependabot[bot]
a2e8b2aa0c
Bump golang from 1.15.0 to 1.15.1 
Bumps golang from 1.15.0 to 1.15.1.

Signed-off-by: dependabot[bot] <support@github.com>
 2020-09-02 06:03:19 +00:00
Matt Moyer
3e4816c811
Merge pull request #82 from mattmoyer/add-crd-generation 
Generate CRD YAML using controller-tools, update doc strings.
 2020-08-31 17:18:28 -05:00
Matt Moyer
8e5912e4c2 Update precommit hook config to ignore generated files and fix whitespace. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-31 16:41:22 -05:00
Matt Moyer
2959b54e7b Generate CRD YAML using controller-tools, update doc strings. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-31 16:38:48 -05:00
Matt Moyer
f49317d7e4
Add some generated API documentation. (#81) 
Add some generated API documentation using https://github.com/elastic/crd-ref-docs which is now packaged in the codegen image.
 2020-08-31 11:27:39 -05:00
Matt Moyer
2546d3f823
Merge pull request #79 from suzerain-io/dependabot/go_modules/github.com/golang/mock-1.4.4 
Bump github.com/golang/mock from 1.4.3 to 1.4.4
 2020-08-28 17:33:18 -05:00
dependabot[bot]
0c5d38090e
Bump github.com/golang/mock from 1.4.3 to 1.4.4 
Bumps [github.com/golang/mock](https://github.com/golang/mock) from 1.4.3 to 1.4.4.
- [Release notes](https://github.com/golang/mock/releases)
- [Changelog](https://github.com/golang/mock/blob/master/.goreleaser.yml)
- [Commits](https://github.com/golang/mock/compare/v1.4.3...v1.4.4)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:21:11 +00:00
Matt Moyer
cd00aad610
Merge pull request #78 from suzerain-io/dependabot/go_modules/github.com/google/go-cmp-0.5.2 
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2
 2020-08-28 17:18:03 -05:00
Matt Moyer
eb4b2b1ecd
Merge pull request #80 from suzerain-io/dependabot/go_modules/k8s.io/klog/v2-2.3.0 
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0
 2020-08-28 17:17:42 -05:00
dependabot[bot]
b5f7ff2e33
Bump k8s.io/klog/v2 from 2.2.0 to 2.3.0 
Bumps [k8s.io/klog/v2](https://github.com/kubernetes/klog) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/kubernetes/klog/releases)
- [Changelog](https://github.com/kubernetes/klog/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes/klog/compare/v2.2.0...v2.3.0)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:03:22 +00:00
dependabot[bot]
21fd807037
Bump github.com/google/go-cmp from 0.5.0 to 0.5.2 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.0 to 0.5.2.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.0...v0.5.2)

Signed-off-by: dependabot[bot] <support@github.com>
 2020-08-28 22:03:10 +00:00
Matt Moyer
b0d99abf22
Merge pull request #77 from mattmoyer/monorepo-part-three 
Pull controller-go back into this repository as `internal/controllerlib`.

Co-authored-by: Monis Khan <mok@vmware.com>
 2020-08-28 16:30:18 -05:00
Matt Moyer
0135d8b6c3 Fix a flake in kubecertauthority_test.go. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 16:13:43 -05:00
Matt Moyer
ecf67862e2 Empty commit to trigger CI. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 14:55:07 -05:00
Matt Moyer
aeee2cf05e Fix some linter complaints in controllerlib. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 14:54:50 -05:00
Ryan Richard
f0c400235a
Add memory request to pinniped deployment 
- We are not setting an upper limit because Kubernetes might randomly
  decide to unschedule our pod in ways that we can't anticipate in
  advance, causing very hard to reproduce production bugs.
- We noticed that our app currently uses ~30 MB of memory when idle,
  and ~35 MB of memory under some load. So a memory request of 128
  MB should be reasonable.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-08-28 15:19:16 -04:00
Matt Moyer
7848332d47 Remove .netrc trick from Dockerfile. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 13:07:47 -05:00
Matt Moyer
1fcf95af01 Convert the controllerlib tests to use the same structure as our other integration tests. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 13:07:47 -05:00
Matt Moyer
a503fa8673 Pull controller-go back into this repository as internal/controllerlib. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-28 13:07:47 -05:00
Ryan Richard
371b172616 Add code of conduct 2020-08-28 09:28:27 -07:00
Andrew Keesler
ddb7a20c53
Use EC crypto (instead of RSA) to workaround weird test timeout 
When we use RSA private keys to sign our test certificates, we run
into strange test timeouts. The internal/controller/apicerts package
was timing out on my machine more than once every 3 runs. When I
changed the RSA crypto to EC crypto, this timeout goes away. I'm not
gonna try to figure out what the deal is here because I think it would
take longer than it would be worth (although I am sure it is some fun
story involving prime numbers; the goroutine traces for timed out
tests would always include some big.Int operations involving prime
numbers...).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-08-28 11:19:52 -04:00
Andrew Keesler
a4fe76f6a9
test/integration: increase confidence that a cert has rotated 
It looks like requests to our aggregated API service on GKE vacillate
between success and failure until they reach a converged successful
state. I think this has to do with our pods updating the API serving
cert at different times. If only one pod updates its serving cert to
the correct value, then it should respond with success. However, the
other pod would respond with failure. Depending on the load balancing
algorithm that GKE uses to send traffic to pods in a service, we could
end up with a success that we interpret as "all pods have rotated
their certs" when it really just means "at least one pod has rotated
its certs."

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-08-28 10:20:05 -04:00
Ryan Richard
9d7e073a9d Fix an assertion about an error message in an integration test 2020-08-27 17:50:46 -07:00
Ryan Richard
118ee7f9aa Merge branch 'self_test' into main 2020-08-27 17:26:29 -07:00
Ryan Richard
e0b5c3a146 Fix an assumption about GKE in an integration test 2020-08-27 17:18:48 -07:00
Ryan Richard
cbc80d5bc4 RetryOnConflict when updating CredentialIssuerConfig from outside any controller 
- Controllers will automatically run again when there's an error,
  but when we want to update CredentialIssuerConfig from server.go
  we should be careful to retry on conflicts
- Add unit tests for `issuerconfig.CreateOrUpdateCredentialIssuerConfig()`
  which was covered by integration tests in previous commits, but not
  covered by units tests yet.
 2020-08-27 17:11:10 -07:00
Ryan Richard
20a3208564 Add more subtitles to README.md 2020-08-27 15:11:38 -07:00
Ryan Richard
91ba39bd3b Merge branch 'main' into self_test 2020-08-27 15:02:49 -07:00
Ryan Richard
f6ea93e273 First draft of instructions to report security vulnerabilities 2020-08-27 15:02:11 -07:00
Ryan Richard
d728c926c1 Merge pull request #75 from suzerain-io/readme_edits 
README doc updates
 2020-08-27 14:53:41 -07:00
Ryan Richard
9ecc88a898
Merge pull request #75 from suzerain-io/readme_edits 
README doc updates
 2020-08-27 14:44:08 -07:00
Ryan Richard
18b000e324 Small readme changes 2020-08-27 14:43:16 -07:00
Ryan Richard
e6dd22ffb5 Merge branch 'main' into readme_edits 2020-08-27 14:29:11 -07:00
Andrew Keesler
92a6b7f4a4
Use same lifetime for serving cert and CA cert 
So that operators won't look at the lifetime of the CA cert and be
like, "wtf, why does the serving cert have the lifetime that I
specified, but its CA cert is valid for 100 years".

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-08-27 15:59:47 -04:00
Matt Moyer
e39a38ecf2
Merge pull request #76 from mattmoyer/adjust-kube-versions 
Update Kubernetes versions and adjust Dependabot config.
 2020-08-27 14:12:43 -05:00
Matt Moyer
9d9b56073c Update Kubernetes versions. 
- Upgrade from `1.19.0-rc.0` to the newly-release `1.19.0`.

- Downgrade from `1.18.6` to `1.18.2` to match some downstream consumers.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-27 13:06:05 -05:00
Matt Moyer
07bb2bb956 Simplify dependabot config now that we have fewer modules. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-08-27 12:16:09 -05:00
Matt Moyer
abe3f1ba4b
Merge pull request #73 from mattmoyer/native-client 
Simplify modules and switch from low level client to a client using generated code.
 2020-08-27 12:15:35 -05:00
Ryan Richard
1375df185d Doc updates 2020-08-27 10:14:03 -07:00