A helpful micro-framework for writing Kubernetes Admission Controllers ππ
APACHE-2.0 License
Bot releases are visible (Hide)
This is a minor maintenance release that updates the Kubernetes API libraries to v0.19.1.
Published by release-drafter[bot] about 4 years ago
Update k8s API dependencies to v0.19.1.
Published by release-drafter[bot] about 4 years ago
A minor, maintenance release that updates k8s APIs to v0.18.8. Tests for Go 1.14 and Go 1.15 have been added, and Go 1.12 has been removed from support.
Published by release-drafter[bot] over 4 years ago
v0.6.4 is a minor maintenance release that updates the Kubernetes libraries (to v0.18.2) & other upstream dependencies.
β οΈ Note: Go 1.12 is no longer supported, as Kubernetes libraries as of v0.18.2 use the errors API introduced in Go 1.13.
Published by release-drafter[bot] over 4 years ago
v0.6.3 is a minor maintenance release that updates the Kubernetes libraries & other upstream dependencies.
Published by release-drafter[bot] about 5 years ago
This release brings a new EnforcePodAnnotations
AdmitFunc for enforcing a set of annotations (and validating their values) on admitted Pods.
The AdmitFunc takes a map[string]func(string) bool
of required annotations, which allows you to dynamically validate annotation values (e.g. DNS names, JSON schemas, etc.) during admission - where string
is the current value and the returned bool
determines whether the value is acceptable or not.
EnforcePodAnnotations can inspect Pods, Deployments, StatefulSets, DaemonSets & Jobs, as these all create Pods.
Published by release-drafter[bot] over 5 years ago
This is a minor bugfix release that addresses DenyIngresses
not respecting the provided list of ignoredNamespaces
- i.e. the admission controller would apply to all namespaces.
Published by release-drafter[bot] over 5 years ago
DenyPublicServices
handler has been broken into distinct DenyPublicLoadBalancers
and DenyIngresses
handlers, to allow better composability and finer-grained admission control.β Note: Users should expect a few breaking changes on the road to v1.0, and pin at a specific version. Versioning will follow SemVer, in that the v0.X.y series can "break" an API by incrementing "X". API changes won't be made lightly, and will be documented in release notes.
*AdmissionServer.Run
method will listen on a non-TLS (e.g. plaintext HTTP) port if a *tls.Config
is not provided, to support running in reverse proxy and/or serverless environments where TLS is terminated downstream from the application./samples
, as per conventionadmissiond
, now lives at examples/cmd/admissiond
, to better clarify that it is an example only.