kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,514 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Cici Huang d44012e895 Adding the feature gates to fix cost for VAP and webhook matchConditions. 
Kubernetes-commit: d6e4115ead6b93d2accf688876471231b365ceae
 2024-05-01 16:26:41 -07:00
Cici Huang 04b26c4697 ValidatingAdmissionPolicy: support namespace access (#118267) 
* Support namespace access from cel expression in validatingadmissionpolicy.

* Whitelist the exposed fields in namespace object and add test

* better handling of cluster-scoped resources.

* [API REVIEW] namespaceObject in Expression doc.

* compatibility with composition.

* generated: ./hack/update-codegen.sh && ./hack/update-openapi-spec.sh

* workaround namespace of namespace is unexpectedly set.

* basic test coverage for namespaceObject.

---------

Co-authored-by: Jiahui Feng <jhf@google.com>

Kubernetes-commit: 13172cba5c0e1c6a076dbda4aeebbccaf658c7f1
 2023-07-15 01:33:59 +00:00
Joe Betz f32e391a45 Introduce CEL EnvSets for managing safe rollout of new CEL features, libraries and expression variables 
Kubernetes-commit: e740f8340eedc89baccd120329b454a860385e2d
 2023-04-28 14:16:56 -04:00
Joe Betz 265820879d Implement validationActions and auditAnnotations 
Kubernetes-commit: d221ddb89a5dde5a6f55674dc38aa71cc842d481
 2023-03-06 17:29:28 -05:00
Cici Huang c4a92f1b65 Apply resource constraints to ValidatingAdmissionPolicy. 
Kubernetes-commit: 244c63a2e6c8d859be8f4c6c23fbe1263dbfab0a
 2023-02-14 06:37:57 +00:00
Joe Betz f094db0dd5 Implement secondary authz 
Kubernetes-commit: 7bbda746fee7ae4e50647099b72c02327525ef7a
 2023-03-06 12:08:14 -05:00
Igor Velichkovich 0b1f199d07 refactor admission cel validator and compiler to be reusable 
Kubernetes-commit: e96ef311872ee6429a54e4580528717238a6816b
 2023-02-15 16:08:59 -06:00