djpbessems
/
ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
572 Commits 30 Branches 34 Tags 22 MiB
Commit Graph

572 Commits

Author SHA1 Message Date
Matt Moyer e5902533eb Add "--cluster-signing-*-file" flags pointing at a host volume mount. 
This is a somewhat more basic way to get access to the certificate and private key we need to issue short lived certificates.

The host path, tolerations, and node selector here should work on any kubeadm-derived cluster including TKG-S and Kind.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-24 15:45:49 -05:00
Andrew Keesler 0d667466e8
Merge pull request #26 from ankeesler/proposed-integration-test-cleanup 
Condense discovery integration tests
 2020-07-24 14:59:05 -04:00
Ryan Richard 9bfec08d90 More tests and more validations for create LoginRequest endpoint 
- Mostly testing the way that the validation webhooks are called
- Also error when the auth webhook does not return user info, since we wouldn't know who you are in that case
 2020-07-24 11:00:29 -07:00
Andrew Keesler 6cc8a2f8dd WIP: initial integration test for cert issuing 2020-07-24 13:01:58 -04:00
Matt Moyer 6fe7a4c9dc Add a test for when a validation function is passed. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-24 11:53:06 -05:00
Matt Moyer 924eb1abaa
Merge pull request #25 from cfryanr/finishing_webhook_invocation 
Finishing touches on webhook invocation
 2020-07-24 11:30:11 -05:00
Matt Moyer a7748a360e Extend integration tests to check new LoginRequest API semantics. 
Signed-off-by: Ryan Richard <richardry@vmware.com>
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-24 11:15:41 -05:00
Matt Moyer 84bb0a9a21 Start returning user info in LoginRequest response. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-07-24 11:15:41 -05:00
Andrew Keesler e1f44e2654
Condense discovery integration tests 
I think these tests do roughly the same thing...

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-07-24 11:17:32 -04:00
Ryan Richard 9af3637403 Bump version of `-api` dependency 
Signed-off-by: Aram Price <pricear@vmware.com>
 2020-07-23 17:12:25 -07:00
Ryan Richard 6a93de3931 More validations and error handling for create LoginRequest endpoint 2020-07-23 16:01:55 -07:00
Ryan Richard 6c87c793db Extract test helper for asserting API errors in rest_test.go 
Signed-off-by: Aram Price <pricear@vmware.com>
 2020-07-23 09:50:23 -07:00
Mo Khan 5fdc20886d
Initial aggregated API server (#15) 
Add initial aggregated API server (squashed from a bunch of commits).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Signed-off-by: Aram Price <pricear@vmware.com>
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-07-23 10:05:21 -05:00
Mo Khan 23c1b32a02
Merge pull request #24 from enj/enj/f/controller_lib 
Add controller library code
 2020-07-22 22:40:33 -04:00
Monis Khan d4eeb74641
Add initial controller boilerplate and example controller 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-22 22:27:55 -04:00
Matt Moyer 31c4e6560d Drop GitHub Actions (we now have Concourse for PRs). 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-20 09:40:07 -05:00
Mo Khan 4b1a7436a9
Merge pull request #22 from enj/enj/i/user_agent 
Encode git version info into binary and user agent
 2020-07-20 00:41:41 -04:00
Monis Khan 549da37805
Encode git version info into binary and user agent 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-20 00:32:11 -04:00
Mo Khan 240f9f86b1
Merge pull request #21 from enj/enj/i/cleanup_apimachinery 
Various clean ups
 2020-07-19 01:39:05 -04:00
Monis Khan b638bd7eeb
Describe why/how we recover type meta using scheme 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-19 01:28:25 -04:00
Monis Khan 5fa5b9a9a9
Do not hard code API version 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-19 01:28:24 -04:00
Monis Khan 9118869d04
Use protobuf with built-in Kube REST APIs 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-19 01:28:24 -04:00
Mo Khan e92bdbea64
Merge pull request #20 from enj/enj/i/fix_gvk 
Restore GVK info that apimachinery decoder unsets
 2020-07-18 01:28:27 -04:00
Monis Khan d71a620a18
Restore GVK info that apimachinery decoder unsets 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-18 01:05:11 -04:00
Ryan Richard 7cac20fc89
Merge pull request #18 from cfryanr/fix_deploy_errors 
Fix deploy errors
 2020-07-17 14:56:18 -07:00
Ryan Richard 260a271859 Add RBAC for autoregistration 
- Also fix mistakes in the deployment.yaml
- Also hardcode the ownerRef kind and version because otherwise we get an error

Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-17 14:42:02 -07:00
Monis Khan 611859f04a Update dockerfile to use netrc 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-17 13:26:30 -07:00
Matt Moyer fd4c6f6a71
Merge pull request #17 from suzerain-io/feature/autoregistration 
Add automatic registration of an APIService.
 2020-07-17 12:16:23 -05:00
Matt Moyer 092cc26789 Refactor app.go and wire in autoregistration. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-17 12:10:33 -05:00
Matt Moyer a3bce5f42e Add autoregistration package to manage APIService. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-17 10:53:13 -05:00
Matt Moyer a01970602a Add a package for loading Downward API metadata. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-16 14:25:23 -05:00
Mo Khan da4f036622
Merge pull request #16 from enj/enj/i/bump_1.19 
Bump kube deps to v0.19.0-rc.0
 2020-07-15 16:58:24 -04:00
Monis Khan ffa417f745
Bump kube deps to v0.19.0-rc.0 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-15 16:47:02 -04:00
Matt Moyer 61a4eec144
Merge pull request #10 from ankeesler/ankeesler/initial-tmc-auth 
Add webhook and config handling for TMC-integrated token validation
 2020-07-14 12:49:48 -05:00
Andrew Keesler 9edae03812
deployment.yaml: update config file format 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-07-14 12:38:43 -04:00
Andrew Keesler 63f5416b21
Define initial config file format 
- Users may want to consume pkg/config to generate configuration files.
- This also involved putting config-related utilities in the config
  package for ease of consumption.
- We did not add in versioning into the Config type for now...this is
  something we will likely do in the future, but it is not deemed
  necessary this early in the project.
- The config file format tries to follow the patterns of Kube. One such
  example of this is requiring the use of base64-encoded CA bundle PEM
  bytes instead of a file path. This also slightly simplifies the config
  file handling because we don't have to 1) read in a file or 2) deal
  with the error case of the file not being there.

- The webhook code from k8s.io/apiserver is really exactly what we want
  here. If this dependency gets too burdensome, we can always drop it,
  but the pros outweigh the cons at the moment.
- Writing out a kubeconfig to disk to configure the webhook is a little
  janky, but hopefully this won't hurt performance too much in the year
  2020.

- Also bonus: call the right *Serve*() function when starting our
  servers.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-07-14 11:50:28 -04:00
Matt Moyer 5a66b56b93
Merge pull request #13 from suzerain-io/add-ca-code 
Add initial CA code.
 2020-07-13 16:25:44 -05:00
Matt Moyer 2596ddfa25 Add initial CA code. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-07-13 16:23:54 -05:00
Andrew Keesler 89c8d1183b
Use 'main' branch instead of 'master' 
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
 2020-07-10 08:09:06 -04:00
Monis Khan 7da347866b Avoid hard-coding namespace and deployment names in integration tests 
Signed-off-by: Ryan Richard <richardry@vmware.com>
 2020-07-09 13:57:59 -07:00
Ryan Richard d3d9cc6fac Change the name of the env var that turns on integration tests 
- Trying to use "placeholder-name" or "placeholder_name" everywhere
  that should later be changed to the actual name of the product,
  so we can just do a simple search and replace when we have a name.
 2020-07-09 13:43:30 -07:00
Ryan Richard 81e91accfa
Merge pull request #9 from enj/enj/t/integration_check_deployment 
Add integration test to check app is running
 2020-07-09 13:30:16 -07:00
Monis Khan a544f7d7bf
Add integration test to check app is running 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-09 15:30:59 -04:00
Ryan Richard 3fd7e7835a Allow optionally using a tag instead of a digest in deployment.yaml 2020-07-09 10:16:46 -07:00
Matt Moyer a9cf376000 Fix string templating in YAML config. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-09 11:58:28 -05:00
Matt Moyer fe81958d2c Add an example config to ./deploy resources. 
Signed-off-by: Matt Moyer <moyerm@vmware.com>
 2020-07-09 11:42:31 -05:00
Mo Khan 12255109bd
Merge pull request #8 from enj/enj/i/kind_ci_pull 
Set imagePullPolicy to prevent defaulting
 2020-07-09 00:40:45 -04:00
Monis Khan e9145bbe2e
Set imagePullPolicy to prevent defaulting 
Signed-off-by: Monis Khan <mok@vmware.com>
 2020-07-09 00:39:56 -04:00
Ryan Richard c307a263ec TestGetNodes prints more output for debugging failures 2020-07-08 16:37:25 -07:00
Matt Moyer 1c7109d5aa
Merge pull request #6 from suzerain-io/add-golangci-lint-action 
Add golangci-lint as a GitHub Action.
 2020-07-08 13:16:17 -05:00