From 5ca175416f6b6c49377e27b582df6779947669b7 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Thu, 1 Jun 2023 18:13:53 +0200 Subject: [PATCH 001/103] chore(kustomize): releasing v0.3.2 --- config/install.yaml | 2 +- config/manager/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/install.yaml b/config/install.yaml index 2470c90a7..837c91ee9 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -2769,7 +2769,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: clastix/capsule:v0.3.1 + image: clastix/capsule:v0.3.2 imagePullPolicy: IfNotPresent name: manager ports: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 1f8911a39..5f5ea6700 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -7,4 +7,4 @@ kind: Kustomization images: - name: controller newName: clastix/capsule - newTag: v0.3.1 + newTag: v0.3.2 From 4be0cdc659833579e7575df865773d20db03f803 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Thu, 1 Jun 2023 18:14:02 +0200 Subject: [PATCH 002/103] chore(helm): releasing v0.3.2 --- charts/capsule/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index e57f6fbbb..820911765 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -21,8 +21,8 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.4.2 +version: 0.4.3 # This is the version number of the application being deployed. # This version number should be incremented each time you make changes to the application. -appVersion: 0.3.1 +appVersion: 0.3.2 From 6cd62d9e91793bd001cbd762dda849fc60edf53f Mon Sep 17 00:00:00 2001 From: Max Fedotov Date: Mon, 26 Jun 2023 15:30:15 +0300 Subject: [PATCH 003/103] fix(helm): remove hardcoded capsule-system namespace for tenantresource-objects webhook --- charts/capsule/Chart.yaml | 2 +- charts/capsule/templates/validatingwebhookconfiguration.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index 820911765..817d8d673 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -21,7 +21,7 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.4.3 +version: 0.4.4 # This is the version number of the application being deployed. # This version number should be incremented each time you make changes to the application. diff --git a/charts/capsule/templates/validatingwebhookconfiguration.yaml b/charts/capsule/templates/validatingwebhookconfiguration.yaml index 58518ac0b..aa4101a98 100644 --- a/charts/capsule/templates/validatingwebhookconfiguration.yaml +++ b/charts/capsule/templates/validatingwebhookconfiguration.yaml @@ -265,7 +265,7 @@ webhooks: {{- end }} service: name: capsule-webhook-service - namespace: capsule-system + namespace: {{ .Release.Namespace }} path: /tenantresource-objects failurePolicy: {{ .Values.webhooks.tenantResourceObjects.failurePolicy }} name: resource-objects.tenant.capsule.clastix.io From 45ad56c586cab5e8409208dec8f93278d38a5a31 Mon Sep 17 00:00:00 2001 From: Max Fedotov Date: Tue, 27 Jun 2023 16:08:36 +0300 Subject: [PATCH 004/103] fix: remove ownerReferences from tenantResource namespacedItems before applying them --- controllers/resources/processor.go | 1 + 1 file changed, 1 insertion(+) diff --git a/controllers/resources/processor.go b/controllers/resources/processor.go index 0ebd5b71a..20075bb9a 100644 --- a/controllers/resources/processor.go +++ b/controllers/resources/processor.go @@ -172,6 +172,7 @@ func (r *Processor) HandleSection(ctx context.Context, tnt capsulev1beta2.Tenant for _, o := range objs.Items { obj := o obj.SetNamespace(ns.Name) + obj.SetOwnerReferences(nil) multiErr.Go(func() error { kv := keysAndValues From 51b23d16dcefa1efa9039961dc82760e77ffc0d7 Mon Sep 17 00:00:00 2001 From: Max Fedotov Date: Tue, 27 Jun 2023 17:21:54 +0300 Subject: [PATCH 005/103] fix: incorrect capsule label comparison in PVC webhook --- pkg/webhook/pvc/pv.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/webhook/pvc/pv.go b/pkg/webhook/pvc/pv.go index 06d65791c..6f004d259 100644 --- a/pkg/webhook/pvc/pv.go +++ b/pkg/webhook/pvc/pv.go @@ -77,7 +77,7 @@ func (p PV) OnCreate(client client.Client, decoder *admission.Decoder, recorder return utils.ErroredResponse(NewMissingTenantPVLabelsError(pv.GetName())) } - if value != p.capsuleLabel { + if value != tnt.Name { return utils.ErroredResponse(NewCrossTenantPVMountError(pv.GetName())) } From e6074a86c0b5db125c5931a7a6b465524d182644 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 23 Jun 2023 22:00:10 +0200 Subject: [PATCH 006/103] build(go): upgrading to 1.19.10 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index f08a6738d..9a47d3d08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.19 as builder +FROM golang:1.19.10 as builder WORKDIR /workspace # Copy the Go Modules manifests From d2dd055818677161e1752b34586a1ec609fdfa4d Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Tue, 27 Jun 2023 19:12:15 +0200 Subject: [PATCH 007/103] chore(kustomize): releasing v0.3.3 --- config/install.yaml | 2 +- config/manager/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/install.yaml b/config/install.yaml index 837c91ee9..dc3feea3c 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -2769,7 +2769,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: clastix/capsule:v0.3.2 + image: clastix/capsule:v0.3.3 imagePullPolicy: IfNotPresent name: manager ports: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5f5ea6700..5274894d4 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -7,4 +7,4 @@ kind: Kustomization images: - name: controller newName: clastix/capsule - newTag: v0.3.2 + newTag: v0.3.3 From 64513b8dee332d119b1a5a3a4c267f84ff2c7ecb Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Tue, 27 Jun 2023 19:12:25 +0200 Subject: [PATCH 008/103] chore(helm): releasing v0.3.3 --- charts/capsule/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index 817d8d673..27e1c9cb8 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -21,8 +21,8 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.4.4 +version: 0.4.5 # This is the version number of the application being deployed. # This version number should be incremented each time you make changes to the application. -appVersion: 0.3.2 +appVersion: 0.3.3 From ebc249591e8bb6ab36fc93f329a139b8479f209a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jul 2023 01:26:05 +0000 Subject: [PATCH 009/103] build(deps): bump semver from 5.7.1 to 5.7.2 in /docs Bumps [semver](https://github.com/npm/node-semver) from 5.7.1 to 5.7.2. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](https://github.com/npm/node-semver/compare/v5.7.1...v5.7.2) --- updated-dependencies: - dependency-name: semver dependency-type: indirect ... Signed-off-by: dependabot[bot] --- docs/package-lock.json | 80 +++++++++++++++++++++--------------------- docs/yarn.lock | 18 +++++----- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index b99a761d4..617eb2c85 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -2591,9 +2591,9 @@ }, "dependencies": { "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -3827,9 +3827,9 @@ }, "dependencies": { "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -5611,9 +5611,9 @@ } }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -6352,9 +6352,9 @@ } }, "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -7799,9 +7799,9 @@ "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==" }, "lilconfig": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.0.6.tgz", - "integrity": "sha512-9JROoBW7pobfsx+Sq2JsASvCo6Pfo6WWoUW79HuB1BCoBXD4PLWJPqDF6fNj67pqBYTbAHkE57M1kS/+L1neOg==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==", "dev": true }, "lines-and-columns": { @@ -8443,9 +8443,9 @@ }, "dependencies": { "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -8532,9 +8532,9 @@ }, "dependencies": { "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -10918,9 +10918,9 @@ "dev": true }, "nanoid": { - "version": "3.3.4", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", - "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", "dev": true }, "picocolors": { @@ -10930,12 +10930,12 @@ "dev": true }, "postcss": { - "version": "8.4.19", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.19.tgz", - "integrity": "sha512-h+pbPsyhlYj6N2ozBmHhHrs9DzGmbaarbLvWipMRO7RLS+v4onj26MPFXA5OBYFxyqYhUJK456SwDcY9H2/zsA==", + "version": "8.4.25", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.25.tgz", + "integrity": "sha512-7taJ/8t2av0Z+sQEvNzCkpDynl0tX3uJMCODi6nT3PfASC7dYCWV9aQ+uiCf+KBD4SEFcu+GvJdGdwzQ6OSjCw==", "dev": true, "requires": { - "nanoid": "^3.3.4", + "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" } @@ -11839,9 +11839,9 @@ } }, "semver": { - "version": "7.3.5", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", - "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "requires": { "lru-cache": "^6.0.0" @@ -11898,9 +11898,9 @@ } }, "semver": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", - "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==" }, "semver-diff": { "version": "3.1.1", @@ -11924,9 +11924,9 @@ }, "dependencies": { "semver": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", - "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==" + "version": "5.7.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", + "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==" } } }, @@ -12003,9 +12003,9 @@ } }, "semver": { - "version": "7.3.5", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.5.tgz", - "integrity": "sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "requires": { "lru-cache": "^6.0.0" } diff --git a/docs/yarn.lock b/docs/yarn.lock index cdf3b549b..c7fc18604 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -8764,9 +8764,9 @@ semver-truncate@^1.1.2: semver "^5.3.0" "semver@2 || 3 || 4 || 5", semver@^5.3.0, semver@^5.4.1, semver@^5.5.0, semver@^5.6.0: - version "5.7.1" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" - integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== + version "5.7.2" + resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" + integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== semver@7.0.0: version "7.0.0" @@ -8774,14 +8774,14 @@ semver@7.0.0: integrity sha512-+GB6zVA9LWh6zovYQLALHwv5rb2PHGlJi3lfiqIHxR0uuwCgefcOJc59v9fv1w8GbStwxuuqqAjI9NMAOOgq1A== semver@^6.0.0, semver@^6.1.0, semver@^6.1.1, semver@^6.1.2, semver@^6.2.0, semver@^6.3.0: - version "6.3.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" - integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + version "6.3.1" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4" + integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA== semver@^7.3.2: - version "7.3.5" - resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.5.tgz#0b621c879348d8998e4b0e4be94b3f12e6018ef7" - integrity sha512-PoeGJYh8HK4BTO/a9Tf6ZG3veo/A7ZVsYrSA6J8ny9nb3B1VrpkuN+z9OE5wfE5p6H4LchYZsegiQgbJD94ZFQ== + version "7.5.4" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" + integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== dependencies: lru-cache "^6.0.0" From af29cebea783fd38f66e92e45a508e4401d90682 Mon Sep 17 00:00:00 2001 From: jandres - moscardo Date: Tue, 1 Aug 2023 09:05:56 +0200 Subject: [PATCH 010/103] docs: awareness of possible netpol overwrite set by tenant owners Co-authored-by: Dario Tranchitella Co-authored-by: jandres - moscardo --- docs/content/general/tutorial.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/content/general/tutorial.md b/docs/content/general/tutorial.md index ab8776724..e84ce939e 100644 --- a/docs/content/general/tutorial.md +++ b/docs/content/general/tutorial.md @@ -1308,6 +1308,12 @@ Kubernetes network policies control network traffic between namespaces and betwe To meet this requirement, Bill needs to define network policies that deny pods belonging to Alice's namespaces to access pods in namespaces belonging to other tenants, e.g. Bob's tenant `water`, or in system namespaces, e.g. `kube-system`. +> Keep in mind, that because of how the NetworkPolicies API works, the users can still add a policy which contradicts what the Tenant has set, resulting in users being able to circumvent the initial limitation set by the tenant admin. +> +> Two options can be put in place to mitigate this potential privilege escalation: +> 1. providing a restricted role rather than the default `admin` one +> 2. using Calico's `GlobalNetworkPolicy`, or Cilium's `CiliumClusterwideNetworkPolicy` which are defined at the cluster-level, thus creating an order of packet filtering. + Also, Bill can make sure pods belonging to a tenant namespace cannot access other network infrastructures like cluster nodes, load balancers, and virtual machines running other services. Bill can set network policies in the tenant manifest, according to the requirements: From 904dcfc18521f8bba657495ab318ce031fe468d3 Mon Sep 17 00:00:00 2001 From: Zadkiel Aharonian Date: Fri, 18 Aug 2023 10:29:03 +0200 Subject: [PATCH 011/103] feat(helm): add topologySpreadConstraints Add support for Capsule deployment topologySpreadConstraints in Capsule Helm Chart. Signed-off-by: Zadkiel Aharonian --- charts/capsule/Chart.yaml | 2 +- charts/capsule/README.md | 1 + charts/capsule/templates/deployment.yaml | 4 ++++ charts/capsule/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/capsule/Chart.yaml b/charts/capsule/Chart.yaml index 27e1c9cb8..a3aa7ec88 100644 --- a/charts/capsule/Chart.yaml +++ b/charts/capsule/Chart.yaml @@ -21,7 +21,7 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.4.5 +version: 0.4.6 # This is the version number of the application being deployed. # This version number should be incremented each time you make changes to the application. diff --git a/charts/capsule/README.md b/charts/capsule/README.md index d7e0040d2..d27b79a8b 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -85,6 +85,7 @@ Here the values you can override: | tls.enableController | bool | `true` | Start the Capsule controller that injects the CA into mutating and validating webhooks, and CRD as well. | | tls.name | string | `""` | Override name of the Capsule TLS Secret name when externally managed. | | tolerations | list | `[]` | Set list of tolerations for the Capsule pod | +| topologySpreadConstraints | list | `[]` | Set topology spread constraints for the Capsule pod | | validatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for validating webhooks | ### Manager Parameters diff --git a/charts/capsule/templates/deployment.yaml b/charts/capsule/templates/deployment.yaml index e0e6114ef..780876ed5 100644 --- a/charts/capsule/templates/deployment.yaml +++ b/charts/capsule/templates/deployment.yaml @@ -49,6 +49,10 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: cert secret: diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index 215a34266..29b72e3b5 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -126,6 +126,9 @@ replicaCount: 1 # -- Set affinity rules for the Capsule pod affinity: {} +# -- Set topology spread constraints for the Capsule pod +topologySpreadConstraints: [] + podSecurityPolicy: # -- Specify if a Pod Security Policy must be created enabled: false From 08389a27973f85bd534200af06a180331b515037 Mon Sep 17 00:00:00 2001 From: Devendra dhakad Date: Sun, 6 Aug 2023 19:27:11 +0530 Subject: [PATCH 012/103] docs: update docs to use forceTenantPrefix --- docs/content/general/tutorial.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/content/general/tutorial.md b/docs/content/general/tutorial.md index e84ce939e..2f7ab06b5 100644 --- a/docs/content/general/tutorial.md +++ b/docs/content/general/tutorial.md @@ -371,7 +371,9 @@ kubectl create ns oil-production Alice started the name of the namespace prepended by the name of the tenant: this is not a strict requirement but it is highly suggested because it is likely that many different tenants would like to call their namespaces `production`, `test`, or `demo`, etc. -The enforcement of this naming convention is optional and can be controlled by the cluster administrator with the `--force-tenant-prefix` option as an argument of the Capsule controller. +The enforcement of this naming convention is optional and can be controlled by the cluster administrator with the `spec.forceTenantPrefix` option for the loaded `CapsuleConfiguration`. + +> For more information, please, refer to the [`CapsuleConfiguration` API CRD](https://capsule.clastix.io/docs/general/crds-apis/#capsuleconfigurationspec-1). Alice can deploy any resource in any of the namespaces @@ -506,7 +508,7 @@ kubectl create ns oil-production kubectl create ns gas-production ``` -When the enforcement of the naming convention with the `--force-tenant-prefix` option, is enabled, the namespaces are automatically assigned to the right tenant by Capsule because the operator does a lookup on the tenant names. If the `--force-tenant-prefix` option, is not set, Alice needs to specify the tenant name as a label `capsule.clastix.io/tenant=` in the namespace manifest: +When the enforcement of the naming convention with the `forceTenantPrefix` option is enabled, the namespaces are automatically assigned to the right tenant by Capsule because the operator does a lookup on the tenant names. If the `forceTenantPrefix` option, is not set, Alice needs to specify the tenant name as a label `capsule.clastix.io/tenant=` in the namespace manifest: ```yaml kubectl apply -f - << EOF From ffa4a47e6baa6f9cb3660e2f37b81392a40cf675 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Sat, 19 Aug 2023 09:06:48 +0200 Subject: [PATCH 013/103] fix(gosec): implicit memory aliasing in for loop --- controllers/resources/global.go | 4 +++- controllers/resources/processor.go | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/controllers/resources/global.go b/controllers/resources/global.go index 6bcaaa931..675078478 100644 --- a/controllers/resources/global.go +++ b/controllers/resources/global.go @@ -40,7 +40,9 @@ func (r *Global) enqueueRequestFromTenant(ctx context.Context, object client.Obj set := sets.NewString() for _, res := range resList.Items { - selector, err := metav1.LabelSelectorAsSelector(&res.Spec.TenantSelector) + tntSelector := res.Spec.TenantSelector + + selector, err := metav1.LabelSelectorAsSelector(&tntSelector) if err != nil { continue } diff --git a/controllers/resources/processor.go b/controllers/resources/processor.go index 20075bb9a..3c0aea512 100644 --- a/controllers/resources/processor.go +++ b/controllers/resources/processor.go @@ -146,7 +146,9 @@ func (r *Processor) HandleSection(ctx context.Context, tnt capsulev1beta2.Tenant } // Namespaced Items are relying on selecting resources, rather than specifying a specific name: // creating it to get used by the client List action. - itemSelector, selectorErr := metav1.LabelSelectorAsSelector(&item.Selector) + objSelector := item.Selector + + itemSelector, selectorErr := metav1.LabelSelectorAsSelector(&objSelector) if selectorErr != nil { log.Error(selectorErr, "cannot create Selector for namespacedItem", keysAndValues...) From d096a25d6687af09e85b9b03587fd568d3542c5e Mon Sep 17 00:00:00 2001 From: Tisham Dhar Date: Thu, 24 Aug 2023 21:51:37 +0930 Subject: [PATCH 014/103] fix(docs): spellchecking in docs and typo fixes --- .github/workflows/docs-lint.yml | 27 +++ Makefile | 4 + docs/content/contributing/development.md | 2 +- docs/content/dictionary.txt | 217 ++++++++++++++++++++ docs/content/general/mtb.md | 2 +- docs/content/general/proxy.md | 2 +- docs/content/general/tutorial.md | 2 +- docs/content/guides/flux2-capsule.md | 10 +- docs/content/guides/kubernetes-dashboard.md | 2 +- docs/content/guides/oidc-auth.md | 2 +- docs/content/guides/pod-security.md | 6 +- 11 files changed, 262 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/docs-lint.yml create mode 100644 docs/content/dictionary.txt diff --git a/.github/workflows/docs-lint.yml b/.github/workflows/docs-lint.yml new file mode 100644 index 000000000..4e02e1100 --- /dev/null +++ b/.github/workflows/docs-lint.yml @@ -0,0 +1,27 @@ +name: docs-lint + +on: + push: + branches: [ "*" ] + paths: + - '.github/workflows/docs-lint.yml' + - 'docs/content/**' + pull_request: + branches: [ "*" ] + paths: + - '.github/workflows/docs-lint.yml' + - 'docs/content/**' + +jobs: + spelling: + name: Spell Check + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: actions/setup-node@v3 + with: + node-version: 18 + - run: npm install --global spellchecker-cli + - run: make docs-lint \ No newline at end of file diff --git a/Makefile b/Makefile index 892b2b0f5..859d5b343 100644 --- a/Makefile +++ b/Makefile @@ -275,3 +275,7 @@ e2e-exec: ginkgo e2e-destroy: kind delete cluster --name capsule + +docs-lint: + cd docs/content && spellchecker *.md */*.md -d dictionary.txt + diff --git a/docs/content/contributing/development.md b/docs/content/contributing/development.md index c0a9c926c..e56ff8f57 100644 --- a/docs/content/contributing/development.md +++ b/docs/content/contributing/development.md @@ -257,7 +257,7 @@ $ rm -f _tls.cnf By default, the webhooks will be registered with the services, which will route to the Pods, inside the cluster. -We need to _delegate_ the controllers' and webbooks' services to the code running in our IDE by patching the `MutatingWebhookConfiguration` and `ValidatingWebhookConfiguration`. +We need to _delegate_ the controllers' and webhooks' services to the code running in our IDE by patching the `MutatingWebhookConfiguration` and `ValidatingWebhookConfiguration`. ```shell # Export your laptop's IP with the 9443 port exposed by controllers/webhooks' services diff --git a/docs/content/dictionary.txt b/docs/content/dictionary.txt new file mode 100644 index 000000000..75792e7ef --- /dev/null +++ b/docs/content/dictionary.txt @@ -0,0 +1,217 @@ +ACL-filtered +APIs +Apache2 +Authenticator +BYOD +CLI +CRD +CRDs +CRs +CTO +CVE-2021-25735 +CaaS +CapsuleConfiguration +CapsuleConfigurationSpec +ClusterIP +ClusterRole +ClusterRoles +ConfigMap +Dependant +Env +ExternalName +GitOps +GitOps-ready +GitOps-way +GlobalTenantResource +GlobalTenantResourceSpec +GlobalTenantResourceStatus +Golang +Grafana +HTTPS +HostNetwork +HostPort +Hostname +Hostnames +IPBlock +IPC +IPs +IngressClass +IngressClasses +JSON +JWT +Keycloak +Kubebuilder +Kubeconfig +Kubernetes +Kubernetes-native +Kustomization +Kustomization. +Kustomizations +Kustomize +LimitRangeItem +LimitRangeSpec +LimitRanger +LoadBalance +LoadBalancer +MTB +MTB. +Miscellanea +MutatingAdmissionWebhook +MutatingWebhookConfiguration +Namespace +Namespace-as-a-Service +Namespace-level +NamespaceSelector +Namespaced-scope +Namespaces +NetworkPolicies +NetworkPolicy +NetworkPolicyEgressRule +NetworkPolicyIngressRule +NetworkPolicyPeer +NetworkPolicyPort +NetworkPolicySpec +NetworkPolicySpec's +NodePort +NodeSelector +OAuth +OIDC +OSS +OpenSSL +OwnerSpec +PID +PRs +PV +PVCs +PVs +PersistentVolume +PersistentVolumeClaim +PodNodeSelector +PodSecurityPolicies +PodSecurityPolicy +PriorityClass +PriorityClasses +PromQL +ProxySetting +PullPolicy +QoS +RBAC +README +Reconciler +Reconciler's +ResourceQuota +ResourceQuotaSpec +Roadmap +RoleBinding +RuntimeClass +RuntimeClasses +SDK +SRE +SSD +ScopeSelectorOperator +ServiceAccount +ServiceAccounts +ServiceMonitor +StorageClass +StorageClasses +TLS +TLS-terminated +TenantResource +TenantResourceSpec +TenantResourceStatus +TenantSpec +TenantStatus +UI +Uncordoning +ValidatingAdmissionWebhook +ValidatingWebhookConfiguration +Velero +Viceversa +WG +Webhook +Webhooks +Workqueue +YAML +additively +backend +balancers +behaviour +capsuleconfiguration +clusterrole +clusterrolebinding +config +cross-Namespace +cross-namespace +customizations +datasource +deletecollection +e2e +eg +eg. +endpointslice +enum +enums +env +etcd +fastly +favourite +flux2-capsule-multi-tenancy +flux2-multi-tenancy +gitops-reconciler-kubeconfig +goimports +golangci-lint +golint +hostname +hostnames +imagePullPolicy +init-time +ipBlock +k3d +keycloak +kubeconfig +kubectl +kubernetes +kustomize +labelled +latencies +lifecycle +linters +linux +lockdown +microservice +multitenant +naas +namespace +namespace-owner-reference +namespaceSelector +namespaced +namespaces +neighbour +networkpolicies +networkpolicy +ngrok +no-naas +non-namespaced +oauth2-proxy +onboarded +persistentvolumeclaims +podSelector +prepended +priorityClasses +radiuses +reconcilers +repo +resync +roadmap +rolebinding +rolebindings +scopeSelector +serviceaccount +stateful +uid +unsetting +v1alpha1 +v2 +webhook +webhooks +wontfix diff --git a/docs/content/general/mtb.md b/docs/content/general/mtb.md index 2d491b575..edf8368f5 100644 --- a/docs/content/general/mtb.md +++ b/docs/content/general/mtb.md @@ -2131,7 +2131,7 @@ kubectl --kubeconfig alice create ns oil-production kubectl --kubeconfig alice config set-context --current --namespace oil-production ``` -As tenant owner, creates a Persistent Volum Claim in the tenant namespace missing the Storage Class or using any other Storage Class: +As tenant owner, creates a Persistent Volume Claim in the tenant namespace missing the Storage Class or using any other Storage Class: ```yaml kubectl --kubeconfig alice apply -f - << EOF diff --git a/docs/content/general/proxy.md b/docs/content/general/proxy.md index 0ff709391..246a2193a 100644 --- a/docs/content/general/proxy.md +++ b/docs/content/general/proxy.md @@ -1,6 +1,6 @@ # Capsule Proxy -Capsule Proxy is an add-on for Capsule Operator addressing some RBAC issues when enabling multi-tenacy in Kubernetes since users cannot list the owned cluster-scoped resources. +Capsule Proxy is an add-on for Capsule Operator addressing some RBAC issues when enabling multi-tenancy in Kubernetes since users cannot list the owned cluster-scoped resources. Kubernetes RBAC cannot list only the owned cluster-scoped resources since there are no ACL-filtered APIs. For example: diff --git a/docs/content/general/tutorial.md b/docs/content/general/tutorial.md index 2f7ab06b5..a182ecd07 100644 --- a/docs/content/general/tutorial.md +++ b/docs/content/general/tutorial.md @@ -1603,7 +1603,7 @@ spec: > This feature is still in an alpha stage and requires a high amount of computing resources due to the dynamic client requests. ## Assign Additional Metadata -The cluster admin can _"taint"_ the namespaces created by tenant onwers with additional metadata as labels and annotations. There is no specific semantic assigned to these labels and annotations: they will be assigned to the namespaces in the tenant as they are created. This can help the cluster admin to implement specific use cases as, for example, leave only a given tenant to be backuped by a backup service. +The cluster admin can _"taint"_ the namespaces created by tenant owners with additional metadata as labels and annotations. There is no specific semantic assigned to these labels and annotations: they will be assigned to the namespaces in the tenant as they are created. This can help the cluster admin to implement specific use cases as, for example, leave only a given tenant to be backed up by a backup service. Assigns additional labels and annotations to all namespaces created in the `oil` tenant: diff --git a/docs/content/guides/flux2-capsule.md b/docs/content/guides/flux2-capsule.md index c06567caa..6aa9ca02b 100644 --- a/docs/content/guides/flux2-capsule.md +++ b/docs/content/guides/flux2-capsule.md @@ -4,17 +4,17 @@ This guide is intended to cover how to use Flux v2 with [multi-tenancy lockdown ### Flux and multi-tenancy -Flux v2 released a [set of features](https://fluxcd.io/blog/2022/05/may-2022-security-announcement/#whats-next-for-flux) that further increasesed security for multi-tenancy scenarios. +Flux v2 released a [set of features](https://fluxcd.io/blog/2022/05/may-2022-security-announcement/#whats-next-for-flux) that further increased security for multi-tenancy scenarios. These features enable you to: - disable cross-Namespace reference of Source CRs from Reconciliation CRs and Notification CRs. This way, especially for tenants, they can't access resources outside their space. This can be achieved with `--no-cross-namespace-refs=true` option of kustomize, helm, notification, image-reflector, image-automation controllers. -- set a default `ServiceAccount` impersonation for Reconciliation CRs. This is supposed to be an unprivileged SA that reconciles just the tenant's desired state. This will be enforced when is not otherwise specified explicitely in Reconciliation CR spec. This can be enforced with the `--default-service-account=` option of helm and kustomize controllers. +- set a default `ServiceAccount` impersonation for Reconciliation CRs. This is supposed to be an unprivileged SA that reconciles just the tenant's desired state. This will be enforced when is not otherwise specified explicitly in Reconciliation CR spec. This can be enforced with the `--default-service-account=` option of helm and kustomize controllers. > For this responsibility we identify a Tenant GitOps Reconciler identity, which is a ServiceAccount and it's also the tenant owner (more on tenants and owners later on, with Capsule). -- disallow remote bases for Kustomizations. Actually, this is not stryctly required, but it decreases the risk of referencing Kustomizations which aren't part of the controlled GitOps pipelines. In a multi-tenant scenario this is important too. They can be disabled with `--no-remote-bases=true` option of the kustomize controller. +- disallow remote bases for Kustomizations. Actually, this is not strictly required, but it decreases the risk of referencing Kustomizations which aren't part of the controlled GitOps pipelines. In a multi-tenant scenario this is important too. They can be disabled with `--no-remote-bases=true` option of the kustomize controller. -Where required, to ensure privileged Reconciliation resources have the needed privileges to be reconciled, we can explicitely set a privileged `ServiceAccount`s. +Where required, to ensure privileged Reconciliation resources have the needed privileges to be reconciled, we can explicitly set a privileged `ServiceAccount`s. In any case, is required that the `ServiceAccount` is in the same `Namespace` of the `Kustomization`, so unprivileged spaces should not have privileged `ServiceAccount`s available. @@ -385,7 +385,7 @@ The reconciliation requests will pass through Capsule Proxy as Tenant GitOps Rec ## Full setup -To have a glimp on a full setup you can follow the [flux2-capsule-multi-tenancy](https://github.com/clastix/flux2-capsule-multi-tenancy.git) repository. +To have a glimpse on a full setup you can follow the [flux2-capsule-multi-tenancy](https://github.com/clastix/flux2-capsule-multi-tenancy.git) repository. For simplicity, the system and tenants declarations are on the same repository but on dedicated git branches. It's a fork of [flux2-multi-tenancy](https://github.com/fluxcd/flux2-multi-tenancy.git) but with the integration we saw with Capsule. diff --git a/docs/content/guides/kubernetes-dashboard.md b/docs/content/guides/kubernetes-dashboard.md index 567b109aa..0f26c6f77 100644 --- a/docs/content/guides/kubernetes-dashboard.md +++ b/docs/content/guides/kubernetes-dashboard.md @@ -41,7 +41,7 @@ EOF > Values used for the config: > > - **OIDC_CLIENT_ID**: the keycloak client ID (name) which user in Kubernetes API Server for authorization -> - **OIDC_CLIENT_SECRET**: secret for the client (`OIDC_CLIENT_ID`). You can see it from the Keycloack UI -> Clients -> `OIDC_CLIENT_ID` -> Credentials +> - **OIDC_CLIENT_SECRET**: secret for the client (`OIDC_CLIENT_ID`). You can see it from the Keycloak UI -> Clients -> `OIDC_CLIENT_ID` -> Credentials > - **DASHBOARD_URL**: the Kubernetes Dashboard URL > - **KEYCLOAK_URL**: the Keycloak URL diff --git a/docs/content/guides/oidc-auth.md b/docs/content/guides/oidc-auth.md index 747ee508a..c59041e8d 100644 --- a/docs/content/guides/oidc-auth.md +++ b/docs/content/guides/oidc-auth.md @@ -1,5 +1,5 @@ # OIDC Authentication -Capsule does not care about the authentication strategy used in the cluster and all the Kubernetes methods of authentication are supported. The only requirement to use Capsule is to assign tenant users to the the group defined by `userGroups` option in the `CapsuleConfiguration`, which defaults to `capsule.clastix.io`. +Capsule does not care about the authentication strategy used in the cluster and all the Kubernetes methods of authentication are supported. The only requirement to use Capsule is to assign tenant users to the group defined by `userGroups` option in the `CapsuleConfiguration`, which defaults to `capsule.clastix.io`. In the following guide, we'll use [Keycloak](https://www.keycloak.org/) an Open Source Identity and Access Management server capable to authenticate users via OIDC and release JWT tokens as proof of authentication. diff --git a/docs/content/guides/pod-security.md b/docs/content/guides/pod-security.md index 28559a87d..f6a6ac0c9 100644 --- a/docs/content/guides/pod-security.md +++ b/docs/content/guides/pod-security.md @@ -1,5 +1,5 @@ # Pod Security -In Kubernetes, by default, workloads run with administrative access, which might be acceptable if there is only a single application running in the cluster or a single user accessing it. This is seldomly required and you’ll consequently suffer a noisy neighbour effect along with large security blast radiuses. +In Kubernetes, by default, workloads run with administrative access, which might be acceptable if there is only a single application running in the cluster or a single user accessing it. This is seldom required and you’ll consequently suffer a noisy neighbour effect along with large security blast radiuses. Many of these concerns were addressed initially by [PodSecurityPolicies](https://kubernetes.io/docs/concepts/security/pod-security-policy) which have been present in the Kubernetes APIs since the very early days. @@ -115,9 +115,9 @@ EOF Since the assigned `PodSecurityPolicy` explicitly disallows privileged containers, the tenant owner will see her request to be rejected by the Pod Security Policy Admission Controller. ## Pod Security Standards -One of the issues with Pod Secury Policies is that it is difficult to apply restrictive permissions on a granular level, increasing security risk. Also the Pod Security Policies get applied when the request is submitted and there is no way of applying them to pods that are already running. For these, and other reasons, the Kubernetes community decided to deprecate the Pod Secury Policies. +One of the issues with Pod Security Policies is that it is difficult to apply restrictive permissions on a granular level, increasing security risk. Also the Pod Security Policies get applied when the request is submitted and there is no way of applying them to pods that are already running. For these, and other reasons, the Kubernetes community decided to deprecate the Pod Security Policies. -As the Pod Secury Policies get deprecated and removed, the [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) is used in place. It defines three different policies to broadly cover the security spectrum. These policies are cumulative and range from highly-permissive to highly-restrictive: +As the Pod Security Policies get deprecated and removed, the [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) is used in place. It defines three different policies to broadly cover the security spectrum. These policies are cumulative and range from highly-permissive to highly-restrictive: - **Privileged**: unrestricted policy, providing the widest possible level of permissions. - **Baseline**: minimally restrictive policy which prevents known privilege escalations. From 444a2f15cb5b0c6ee266d409309fce7c071d44b0 Mon Sep 17 00:00:00 2001 From: Tisham Dhar Date: Fri, 25 Aug 2023 10:02:37 +0930 Subject: [PATCH 015/103] fix(docs): npx spellcheker, use node glob --- .github/workflows/docs-lint.yml | 1 - Makefile | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docs-lint.yml b/.github/workflows/docs-lint.yml index 4e02e1100..168ece40a 100644 --- a/.github/workflows/docs-lint.yml +++ b/.github/workflows/docs-lint.yml @@ -23,5 +23,4 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 18 - - run: npm install --global spellchecker-cli - run: make docs-lint \ No newline at end of file diff --git a/Makefile b/Makefile index 859d5b343..b928cae02 100644 --- a/Makefile +++ b/Makefile @@ -276,6 +276,7 @@ e2e-exec: ginkgo e2e-destroy: kind delete cluster --name capsule +SPELL_CHECKER = npx spellchecker-cli docs-lint: - cd docs/content && spellchecker *.md */*.md -d dictionary.txt + cd docs/content && $(SPELL_CHECKER) -f "*.md" "*/*.md" -d dictionary.txt From e1e57658a46278fe65bd3f5d4e09fc4889912b88 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 25 Aug 2023 17:14:03 +0200 Subject: [PATCH 016/103] fix(docs): broken link for maintainers file --- docs/content/contributing/governance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/contributing/governance.md b/docs/content/contributing/governance.md index 8fb4305cc..6c9af9b07 100644 --- a/docs/content/contributing/governance.md +++ b/docs/content/contributing/governance.md @@ -17,7 +17,7 @@ In the context of Capsule project, we consider the following roles: The release process will be governed by Maintainers. -Please, refer to the [maintainers file](https://github.com/clastix/capsule/blob/master/.github/blob/master/maintainers.yaml) available in the source code. +Please, refer to the [maintainers file](https://github.com/clastix/capsule/blob/master/.github/maintainers.yaml) available in the source code. ## Roadmap Planning From 605a11d38f9b43516af496cc9789345ab06660a1 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 25 Aug 2023 17:33:35 +0200 Subject: [PATCH 017/103] feat(docs): release process --- docs/content/contributing/release.md | 34 ++++++++++++++++++++++++++++ docs/gridsome.server.js | 7 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 docs/content/contributing/release.md diff --git a/docs/content/contributing/release.md b/docs/content/contributing/release.md new file mode 100644 index 000000000..aadf6a1fd --- /dev/null +++ b/docs/content/contributing/release.md @@ -0,0 +1,34 @@ +# Release Process + +The Capsule release process is constrained to _GitHub Releases_, following the git tag semantic versioning. + +## Semantic versioning convention + +Capsule is taking advantage of the [Semantic Versioning](https://semver.org/), although with some rules about the patch, the minor and the major bump versions. + +- `patch` (e.g.: 0.1.0 to 0.1.1): + a patch bumping occurs when some bugs are fixed, and no Kubernetes CRDs API changes are introduced. + The patch can contain also new features not yet promoted to a specific Kubernetes CRDs API type. + A patch may be used also to address CVE patches. +- `minor` (e.g.: 0.1.0 to 0.2.0): + a minor bumping occurs when a new CRDs API object is introduced, or rather, when some CRDs schemes are updated. + The minor bump is used to inform the Capsule adopters to manually update the Capsule CRDs, since Helm, the suggested tool for the release lifecycle management, is not able to automatically update the objects. + Upon every minor release, on the GitHub Release page, a list of API updates is described, and a link to the [upgrade guide](https://capsule.clastix.io/docs/guides/upgrading) is provided. +- `major` (e.g.: 0.1.0 to 1.0.0): + a major bump occurs when a breaking change, such as backward incompatible changes is introduced. + +## Container hosting + +All the Capsule container images are publicly hosted on [CLASTIX](https://clastix.io) [Docker Hub repository](https://hub.docker.com/r/clastix/capsule). + +The Capsule container image is built upon a git tag (issued thanks to the _GitHub Release_ feature) starting with the prefix `v` (e.g.: `v1.0.1`). +This will trigger a _GitHub Action_ which builds a multi-arch container image, then pushes it to the container registry. + +> The `latest` tag is not available to avoid moving git commit SHA reference. + +## Helm Chart hosting + +The suggested installation tool is [Helm](https://helm.sh), and the Capsule chart is hosted in the [GitHub repository](https://github.com/clastix/capsule/tree/master/charts/capsule). +For each Helm Chart release, a tit tag with the prefix `helm-v` will be issued to help developers to address the corresponding commit. + +The built Helm Charts are then automatically pushed upon tag release to the [CLASTIX Helm repository](https://clastix.github.io/charts). diff --git a/docs/gridsome.server.js b/docs/gridsome.server.js index ad2ccbb8d..ac07591a3 100644 --- a/docs/gridsome.server.js +++ b/docs/gridsome.server.js @@ -123,14 +123,17 @@ module.exports = function (api) { { label: 'Governance', path: '/docs/contributing/governance' - } + }, + { + label: 'Release process', + path: '/docs/contributing/release' + } ] } ] }) }) - api.createPages(({ createPage }) => { // Use the Pages API here: https://gridsome.org/docs/pages-api/ }) From 713db11bfc6bc9aabe48a02fdceadbddd7f8a454 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 25 Aug 2023 17:36:44 +0200 Subject: [PATCH 018/103] chore(spellcheck): ignoring new vocabularies --- docs/content/dictionary.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/content/dictionary.txt b/docs/content/dictionary.txt index 75792e7ef..046042916 100644 --- a/docs/content/dictionary.txt +++ b/docs/content/dictionary.txt @@ -3,11 +3,13 @@ APIs Apache2 Authenticator BYOD +CLASTIX CLI CRD CRDs CRs CTO +CVE CVE-2021-25735 CaaS CapsuleConfiguration @@ -106,6 +108,7 @@ RoleBinding RuntimeClass RuntimeClasses SDK +SHA SRE SSD ScopeSelectorOperator From 447cd09b0dac711b22b5f209f2c90ea06a953231 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 25 Aug 2023 17:40:50 +0200 Subject: [PATCH 019/103] chore(docs): release process in readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index d7827fdd6..e2c03f28a 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,10 @@ You can find how the Capsule project is governed [here](https://capsule.clastix. Please, refer to the maintainers file available [here](.github/maintainers.yaml). +## Release process + +Please, refer to the [documentation page](https://capsule.clastix.io/docs/contributing/release). + # FAQ - Q. How to pronounce Capsule? From 057b9c14118d5391b3d1b7f7313193eaa6c1d325 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Tue, 5 Sep 2023 12:12:49 +0200 Subject: [PATCH 020/103] fix(ingress): always deny empty hostnames --- pkg/webhook/ingress/errors.go | 14 ++++++++++++++ pkg/webhook/ingress/validate_hostnames.go | 7 +++++++ 2 files changed, 21 insertions(+) diff --git a/pkg/webhook/ingress/errors.go b/pkg/webhook/ingress/errors.go index 80d1a6223..ea51eb729 100644 --- a/pkg/webhook/ingress/errors.go +++ b/pkg/webhook/ingress/errors.go @@ -47,6 +47,20 @@ func NewIngressHostnameCollision(hostname string) error { return &ingressHostnameCollisionError{hostname: hostname} } +func NewEmptyIngressHostname(spec api.AllowedListSpec) error { + return &emptyIngressHostnameError{ + spec: spec, + } +} + +type emptyIngressHostnameError struct { + spec api.AllowedListSpec +} + +func (e emptyIngressHostnameError) Error() string { + return fmt.Sprintf("empty hostname is not allowed for the current Tenant%s", appendHostnameError(e.spec)) +} + func NewIngressHostnamesNotValid(invalidHostnames []string, notMatchingHostnames []string, spec api.AllowedListSpec) error { return &ingressHostnameNotValidError{invalidHostnames: invalidHostnames, notMatchingHostnames: notMatchingHostnames, spec: spec} } diff --git a/pkg/webhook/ingress/validate_hostnames.go b/pkg/webhook/ingress/validate_hostnames.go index 9975f3b1a..c5bca27f8 100644 --- a/pkg/webhook/ingress/validate_hostnames.go +++ b/pkg/webhook/ingress/validate_hostnames.go @@ -64,7 +64,14 @@ func (r *hostnames) validate(ctx context.Context, client client.Client, req admi } hostnameList := sets.New[string]() + for hostname := range ingress.HostnamePathsPairs() { + if len(hostname) == 0 { + recorder.Eventf(tenant, corev1.EventTypeWarning, "IngressHostnameEmpty", "Ingress %s/%s hostname is empty", ingress.Namespace(), ingress.Name()) + + return utils.ErroredResponse(NewEmptyIngressHostname(*tenant.Spec.IngressOptions.AllowedHostnames)) + } + hostnameList.Insert(hostname) } From 29d46529de4f3d51f831794bbd9d9710e66b9ecc Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Tue, 5 Sep 2023 15:11:48 +0200 Subject: [PATCH 021/103] test(e2e): always deny empty hostnames --- e2e/ingress_hostnames_test.go | 65 ++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 20 deletions(-) diff --git a/e2e/ingress_hostnames_test.go b/e2e/ingress_hostnames_test.go index 0a1153652..b234a3db9 100644 --- a/e2e/ingress_hostnames_test.go +++ b/e2e/ingress_hostnames_test.go @@ -43,37 +43,40 @@ var _ = Describe("when Tenant handles Ingress hostnames", func() { } // scaffold a basic networking.k8s.io Ingress with name and host - networkingIngress := func(name, hostname string) *networkingv1.Ingress { - return &networkingv1.Ingress{ + networkingIngress := func(name string, hostnames ...string) *networkingv1.Ingress { + ing := &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: name, }, Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ - { - Host: hostname, - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ - { - Path: "/", - PathType: func(v networkingv1.PathType) *networkingv1.PathType { - return &v - }(networkingv1.PathTypeExact), - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ - Name: "foo", - Port: networkingv1.ServiceBackendPort{Name: "http"}, - }, - }, + Rules: []networkingv1.IngressRule{}, + }, + } + + for _, hostname := range hostnames { + ing.Spec.Rules = append(ing.Spec.Rules, networkingv1.IngressRule{ + Host: hostname, + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: []networkingv1.HTTPIngressPath{ + { + Path: "/", + PathType: func(v networkingv1.PathType) *networkingv1.PathType { + return &v + }(networkingv1.PathTypeExact), + Backend: networkingv1.IngressBackend{ + Service: &networkingv1.IngressServiceBackend{ + Name: "foo", + Port: networkingv1.ServiceBackendPort{Name: "http"}, }, }, }, }, }, }, - }, + }) } + return ing } // scaffold a basic extensions Ingress with name and host extensionsIngress := func(name, hostname string) *extensionsv1beta1.Ingress { @@ -119,6 +122,28 @@ var _ = Describe("when Tenant handles Ingress hostnames", func() { Expect(k8sClient.Delete(context.TODO(), tnt)).Should(Succeed()) }) + It("should block an empty hostname", func() { + ns := NewNamespace("") + cs := ownerClient(tnt.Spec.Owners[0]) + + NamespaceCreation(ns, tnt.Spec.Owners[0], defaultTimeoutInterval).Should(Succeed()) + TenantNamespaceList(tnt, defaultTimeoutInterval).Should(ContainElement(ns.GetName())) + + By("testing networking.k8s.io", func() { + if err := k8sClient.List(context.Background(), &networkingv1.IngressList{}); err != nil { + if utils.IsUnsupportedAPI(err) { + Skip(fmt.Sprintf("Running test due to unsupported API kind: %s", err.Error())) + } + } + + Eventually(func() (err error) { + obj := networkingIngress("no-empty-hostname", "", "kubernetes.io") + _, err = cs.NetworkingV1().Ingresses(ns.GetName()).Create(context.TODO(), obj, metav1.CreateOptions{}) + return + }, defaultTimeoutInterval, defaultPollInterval).ShouldNot(Succeed()) + }) + }) + It("should block a non allowed Hostname", func() { ns := NewNamespace("") cs := ownerClient(tnt.Spec.Owners[0]) From 37455417bc819fba4f4e1d6c2babcedb73a353d4 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Wed, 26 Jul 2023 11:31:28 +0200 Subject: [PATCH 022/103] fix: resource quota annotations key max length support --- api/v1beta2/tenant_annotations.go | 37 ++++++++++++++++++++++++---- controllers/tenant/resourcequotas.go | 8 ++++-- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/api/v1beta2/tenant_annotations.go b/api/v1beta2/tenant_annotations.go index 4f02bdf64..34fc79b61 100644 --- a/api/v1beta2/tenant_annotations.go +++ b/api/v1beta2/tenant_annotations.go @@ -4,14 +4,41 @@ package v1beta2 import ( + "crypto/md5" + "encoding/hex" "fmt" - "strings" ) -func UsedQuotaFor(resource fmt.Stringer) string { - return "quota.capsule.clastix.io/used-" + strings.ReplaceAll(resource.String(), "/", "_") +const ( + // Annotation name part must be no more than 63 characters. + maxAnnotationLength = 63 +) + +func createAnnotation(format string, resource fmt.Stringer) (string, error) { + suffix := resource.String() + + hash := md5.Sum([]byte(resource.String())) + + hashed := hex.EncodeToString(hash[:]) + capsuleHashed := format + hashed + capsuleAnnotation := format + suffix + + switch { + case len(capsuleAnnotation) <= maxAnnotationLength: + return capsuleAnnotation, nil + case len(capsuleHashed) <= maxAnnotationLength: + return capsuleHashed, nil + case len(hashed) <= maxAnnotationLength: + return hashed, nil + default: + return "", fmt.Errorf("the annotation name would exceed the maximum supported length (%d), skipping", maxAnnotationLength) + } +} + +func UsedQuotaFor(resource fmt.Stringer) (string, error) { + return createAnnotation("quota.capsule.clastix.io/used-", resource) } -func HardQuotaFor(resource fmt.Stringer) string { - return "quota.capsule.clastix.io/hard-" + strings.ReplaceAll(resource.String(), "/", "_") +func HardQuotaFor(resource fmt.Stringer) (string, error) { + return createAnnotation("quota.capsule.clastix.io/hard-", resource) } diff --git a/controllers/tenant/resourcequotas.go b/controllers/tenant/resourcequotas.go index 23886322e..7f70e0531 100644 --- a/controllers/tenant/resourcequotas.go +++ b/controllers/tenant/resourcequotas.go @@ -237,8 +237,12 @@ func (r *Manager) resourceQuotasUpdate(ctx context.Context, resourceName corev1. found.Annotations = make(map[string]string) } found.Labels = rq.Labels - found.Annotations[capsulev1beta2.UsedQuotaFor(resourceName)] = actual.String() - found.Annotations[capsulev1beta2.HardQuotaFor(resourceName)] = limit.String() + if actualKey, keyErr := capsulev1beta2.UsedQuotaFor(resourceName); keyErr == nil { + found.Annotations[actualKey] = actual.String() + } + if limitKey, keyErr := capsulev1beta2.HardQuotaFor(resourceName); keyErr == nil { + found.Annotations[limitKey] = limit.String() + } // Updating the Resource according to the actual.Cmp result found.Spec.Hard = rq.Spec.Hard From 56f51855e281a84ad6abb858628a6b8226682e17 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Wed, 26 Jul 2023 12:07:21 +0200 Subject: [PATCH 023/103] chore(gosec): no need for security check --- api/v1beta2/tenant_annotations.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/v1beta2/tenant_annotations.go b/api/v1beta2/tenant_annotations.go index 34fc79b61..63413e34c 100644 --- a/api/v1beta2/tenant_annotations.go +++ b/api/v1beta2/tenant_annotations.go @@ -4,7 +4,7 @@ package v1beta2 import ( - "crypto/md5" + "crypto/md5" //#nosec "encoding/hex" "fmt" ) @@ -17,7 +17,7 @@ const ( func createAnnotation(format string, resource fmt.Stringer) (string, error) { suffix := resource.String() - hash := md5.Sum([]byte(resource.String())) + hash := md5.Sum([]byte(resource.String())) //#nosec hashed := hex.EncodeToString(hash[:]) capsuleHashed := format + hashed From e7f871d2f5fe54103009a9aa4c7e19b4bce5c488 Mon Sep 17 00:00:00 2001 From: maxgio92 Date: Wed, 27 Sep 2023 12:26:01 +0200 Subject: [PATCH 024/103] Document how Capsule integrates with Rancher Projects (#791) * docs: document integration with rancher projects Signed-off-by: Massimiliano Giovagnoli * chore(docs/guides/rancher-projects/capsule-rancher.md): add markdown yaml code block header Co-authored-by: Dario Tranchitella * chore(docs/guides/rancher-projects/capsule-proxy-rancher.md): remove typos Co-authored-by: Dario Tranchitella * chore(docs/guides/rancher-projects): set correct indentation for code blocks Signed-off-by: Massimiliano Giovagnoli Co-authored-by: Dario Tranchitella --------- Signed-off-by: Massimiliano Giovagnoli Co-authored-by: Dario Tranchitella --- .../rancher-projects/capsule-proxy-rancher.md | 128 +++++++++++ .../rancher-projects/capsule-rancher.md | 207 ++++++++++++++++++ .../guides/rancher-projects/introduction.md | 27 +++ .../guides/rancher-projects/oidc-keycloak.md | 40 ++++ docs/gridsome.server.js | 21 ++ 5 files changed, 423 insertions(+) create mode 100644 docs/content/guides/rancher-projects/capsule-proxy-rancher.md create mode 100644 docs/content/guides/rancher-projects/capsule-rancher.md create mode 100644 docs/content/guides/rancher-projects/introduction.md create mode 100644 docs/content/guides/rancher-projects/oidc-keycloak.md diff --git a/docs/content/guides/rancher-projects/capsule-proxy-rancher.md b/docs/content/guides/rancher-projects/capsule-proxy-rancher.md new file mode 100644 index 000000000..3e67de0cf --- /dev/null +++ b/docs/content/guides/rancher-projects/capsule-proxy-rancher.md @@ -0,0 +1,128 @@ +# Capsule Proxy and Rancher Projects + +This guide explains how to setup the integration between Capsule Proxy and Rancher Projects. + +It then explains how for the tenant user, the access to Kubernetes cluster-wide resources is transparent. + +## Rancher Shell and Capsule + +In order to integrate the Rancher Shell with Capsule it's needed to route the Kubernetes API requests made from the shell, via Capsule Proxy. + +The [capsule-rancher-addon](https://github.com/clastix/capsule-addon-rancher/tree/master/charts/capsule-rancher-addon) allows the integration transparently. + +### Install the Capsule addon + +Add the Clastix Helm repository `https://clastix.github.io/charts`. + +By updating the cache with Clastix's Helm repository a Helm chart named `capsule-rancher-addon` is available. + +Install keeping attention to the following Helm values: + +* `proxy.caSecretKey`: the `Secret` key that contains the CA certificate used to sign the Capsule Proxy TLS certificate (it should be`"ca.crt"` when Capsule Proxy has been configured with certificates generated with Cert Manager). +* `proxy.servicePort`: the port configured for the Capsule Proxy Kubernetes `Service` (`443` in this setup). +* `proxy.serviceURL`: the name of the Capsule Proxy `Service` (by default `"capsule-proxy.capsule-system.svc"` hen installed in the *capsule-system* `Namespace`). + +## Rancher Cluster Agent + +In both CLI and dashboard use cases, the [Cluster Agent](https://ranchermanager.docs.rancher.com/v2.5/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/launch-kubernetes-with-rancher/about-rancher-agents) is responsible for the two-way communication between Rancher and the downstream cluster. + +In a standard setup, the Cluster Agents communicates to the API server. In this setup it will communicate with Capsule Proxy to ensure filtering of cluster-scope resources, for Tenants. + +Cluster Agents accepts as arguments: +- `KUBERNETES_SERVICE_HOST` environment variable +- `KUBERNETES_SERVICE_PORT` environment variable + +which will be set, at cluster import-time, to the values of the Capsule Proxy `Service`. For example: +- `KUBERNETES_SERVICE_HOST=capsule-proxy.capsule-system.svc` +- (optional) `KUBERNETES_SERVICE_PORT=9001`. You can skip it by installing Capsule Proxy with Helm value `service.port=443`. + +The expected CA is the one for which the certificate is inside the `kube-root-ca` `ConfigMap` in the same `Namespace` of the Cluster Agent (*cattle-system*). + +## Capsule Proxy + +Capsule Proxy needs to provide a x509 certificate for which the root CA is trusted by the Cluster Agent. +The goal can be achieved by, either using the Kubernetes CA to sign its certificate, or by using a dedicated root CA. + +### With the Kubernetes root CA + +> Note: this can be achieved when the Kubernetes root CA keypair is accessible. For example is likely to be possibile with on-premise setup, but not with managed Kubernetes services. + +With this approach Cert Manager will sign certificates with the Kubernetes root CA for which it's needed to be provided a `Secret`. + +```shell +kubectl create secret tls -n capsule-system kubernetes-ca-key-pair --cert=/path/to/ca.crt --key=/path/to/ca.key +``` + +When installing Capsule Proxy with Helm chart, it's needed to specify to generate Capsule Proxy `Certificate`s with Cert Manager with an external `ClusterIssuer`: +- `certManager.externalCA.enabled=true` +- `certManager.externalCA.secretName=kubernetes-ca-key-pair` +- `certManager.generateCertificates=true` + +and disable the job for generating the certificates without Cert Manager: +- `options.generateCertificates=false` + +### Enable tenant users access cluster resources + +In order to allow tenant users to list cluster-scope resources, like `Node`s, Tenants need to be configured with proper `proxySettings`, for example: + +```yaml +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: oil +spec: + owners: + - kind: User + name: alice + proxySettings: + - kind: Nodes + operations: + - List +[...] +``` + +Also, in order to assign or filter nodes per Tenant, it's needed labels on node in order to be selected: + +```shell +kubectl label node worker-01 capsule.clastix.io/tenant=oil +``` + + and a node selector at Tenant level: + +```yaml +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: oil +spec: + nodeSelector: + capsule.clastix.io/tenant: oil +[...] +``` + +The final manifest is: + +```yaml +apiVersion: capsule.clastix.io/v1beta2 +kind: Tenant +metadata: + name: oil +spec: + owners: + - kind: User + name: alice + proxySettings: + - kind: Node + operations: + - List + nodeSelector: + capsule.clastix.io/tenant: oil +``` + +The same appplies for: +- `Nodes` +- `StorageClasses` +- `IngressClasses` +- `PriorityClasses` + +More on this in the [official documentation](https://capsule.clastix.io/docs/general/proxy#tenant-owner-authorization). diff --git a/docs/content/guides/rancher-projects/capsule-rancher.md b/docs/content/guides/rancher-projects/capsule-rancher.md new file mode 100644 index 000000000..36930aa59 --- /dev/null +++ b/docs/content/guides/rancher-projects/capsule-rancher.md @@ -0,0 +1,207 @@ +# Capsule and Rancher Projects + +This guide explains how to setup the integration between Capsule and Rancher Projects. + +It then explains how for the tenant user, the access to Kubernetes resources is transparent. + +## Manually + +## Pre-requisites + +- An authentication provider in Rancher, e.g. an OIDC identity provider +- A *Tenant Member* `Cluster Role` in Rancher + +### Configure an identity provider for Kubernetes + +You can follow [this general guide](https://capsule.clastix.io/docs/guides/oidc-auth) to configure an OIDC authentication for Kubernetes. + +For a Keycloak specific setup yon can check [this resources list](./oidc-keycloak.md). + +#### Known issues + +##### Keycloak new URLs without `/auth` makes Rancher crash + +- [rancher/rancher#38480](https://github.com/rancher/rancher/issues/38480) +- [rancher/rancher#38683](https://github.com/rancher/rancher/issues/38683) + +### Create the Tenant Member Cluster Role + +A custom Rancher `Cluster Role` is needed to allow Tenant users, to read cluster-scope resources and Rancher doesn't provide e built-in Cluster Role with this tailored set of privileges. + +When logged-in to the Rancher UI as administrator, from the Users & Authentication page, create a Cluster Role named *Tenant Member* with the following privileges: +- `get`, `list`, `watch` operations over `IngressClasses` resources. +- `get`, `list`, `watch` operations over `StorageClasses` resources. +- `get`, `list`, `watch` operations over `PriorityClasses` resources. +- `get`, `list`, `watch` operations over `Nodes` resources. +- `get`, `list`, `watch` operations over `RuntimeClasses` resources. + +## Configuration (administration) + +### Tenant onboarding + +When onboarding tenants, the administrator needs to create the following, in order to bind the `Project` with the `Tenant`: + +- In Rancher, create a `Project`. +- In the target Kubernetes cluster, create a `Tenant`, with the following specification: + ```yaml + kind: Tenant + ... + spec: + namespaceOptions: + additionalMetadata: + annotations: + field.cattle.io/projectId: ${CLUSTER_ID}:${PROJECT_ID} + labels: + field.cattle.io/projectId: ${PROJECT_ID} + ``` + where `$CLUSTER_ID` and `$PROEJCT_ID` can be retrieved, assuming a valid `$CLUSTER_NAME`, as: + + ```shell + CLUSTER_NAME=foo + CLUSTER_ID=$(kubectl get cluster -n fleet-default ${CLUSTER_NAME} -o jsonpath='{.status.clusterName}') + PROJECT_IDS=$(kubectl get projects -n $CLUSTER_ID -o jsonpath="{.items[*].metadata.name}") + for project_id in $PROJECT_IDS; do echo "${project_id}"; done + ``` + + More on declarative `Project`s [here](https://github.com/rancher/rancher/issues/35631). +- In the identity provider, create a user with [correct OIDC claim](https://capsule.clastix.io/docs/guides/oidc-auth) of the Tenant. +- In Rancher, add the new user to the `Project` with the *Read-only* `Role`. +- In Rancher, add the new user to the `Cluster` with the *Tenant Member* `Cluster Role`. + +#### Create the Tenant Member Project Role + +A custom `Project Role` is needed to allow Tenant users, with minimun set of privileges and create and delete `Namespace`s. + +Create a Project Role named *Tenant Member* that inherits the privileges from the following Roles: +- *read-only* +- *create-ns* + + +### Usage + +When the configuration administrative tasks have been completed, the tenant users are ready to use the Kubernetes cluster transparently. + +For example can create Namespaces in a self-service mode, that would be otherwise impossible with the sole use of Rancher Projects. + +#### Namespace creation + +From the tenant user perspective both CLI and the UI are valid interfaces to communicate with. + +#### From CLI + +- Tenants `kubectl`-logs in to the OIDC provider +- Tenant creates a Namespace, as a valid OIDC-discoverable user. + +the `Namespace` is now part of both the Tenant and the Project. + +> As administrator, you can verify with: +> +> ```shell +> kubectl get tenant ${TENANT_NAME} -o jsonpath='{.status}' +> kubectl get namespace -l field.cattle.io/projectId=${PROJECT_ID} +> ``` + +#### From UI + +- Tenants logs in to Rancher, with a valid OIDC-discoverable user (in a valid Tenant group). +- Tenant user create a valid Namespace + +the `Namespace` is now part of both the Tenant and the Project. + +> As administrator, you can verify with: +> +> ```shell +> kubectl get tenant ${TENANT_NAME} -o jsonpath='{.status}' +> kubectl get namespace -l field.cattle.io/projectId=${PROJECT_ID} +> ``` + +### Additional administration + +#### Project monitoring + +Before proceeding is recommended to read the official Rancher documentation about [Project Monitors](https://ranchermanager.docs.rancher.com/v2.6/how-to-guides/advanced-user-guides/monitoring-alerting-guides/prometheus-federator-guides/project-monitors). + +In summary, the setup is composed by a cluster-level Prometheus, Prometheus Federator via which single Project-level Prometheus federate to. + +#### Network isolation + +Before proceeding is recommended to read the official Capsule documentation about [`NetworkPolicy` at `Tenant`-level](https://capsule.clastix.io/docs/general/tutorial/#assign-network-policies)`. + +##### Network isolation and Project Monitor + +As Rancher's Project Monitor deploys the Prometheus stack in a `Namespace` that is not part of **neither** the `Project` **nor** the `Tenant` `Namespace`s, is important to apply the label selectors in the `NetworkPolicy` `ingress` rules to the `Namespace` created by Project Monitor. + +That Project monitoring `Namespace` will be named as `cattle-project--monitoring`. + +For example, if the `NetworkPolicy` is configured to allow all ingress traffic from `Namespace` with label `capsule.clastix.io/tenant=foo`, this label is to be applied to the Project monitoring `Namespace` too. + +Then, a `NetworkPolicy` can be applied at `Tenant`-level with Capsule `GlobalTenantResource`s. For example it can be applied a minimal policy for the *oil* `Tenant`: + +```yaml +apiVersion: capsule.clastix.io/v1beta2 +kind: GlobalTenantResource +metadata: + name: oil-networkpolicies +spec: + tenantSelector: + matchLabels: + capsule.clastix.io/tenant: oil + resyncPeriod: 360s + pruningOnDelete: true + resources: + - namespaceSelector: + matchLabels: + capsule.clastix.io/tenant: oil + rawItems: + - apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + name: oil-minimal + spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + # Intra-Tenant + - from: + - namespaceSelector: + matchLabels: + capsule.clastix.io/tenant: oil + # Rancher Project Monitor stack + - from: + - namespaceSelector: + matchLabels: + role: monitoring + # Kubernetes nodes + - from: + - ipBlock: + cidr: 192.168.1.0/24 + egress: + # Kubernetes DNS server + - to: + - namespaceSelector: {} + podSelector: + matchLabels: + k8s-app: kube-dns + ports: + - port: 53 + protocol: UDP + # Intra-Tenant + - to: + - namespaceSelector: + matchLabels: + capsule.clastix.io/tenant: oil + # Kubernetes API server + - to: + - ipBlock: + cidr: 10.43.0.1/32 + ports: + - port: 443 +``` + +## Cluster-wide resources and Rancher Shell interface + +For using the Rancher Shell and cluster-wide resources as tenant user, please follow [this guide](./capsule-proxy-rancher.md). + + diff --git a/docs/content/guides/rancher-projects/introduction.md b/docs/content/guides/rancher-projects/introduction.md new file mode 100644 index 000000000..f8de4ef91 --- /dev/null +++ b/docs/content/guides/rancher-projects/introduction.md @@ -0,0 +1,27 @@ +# Introduction + +The integration between Rancher and Capsule, aims to provide a multi-tenant Kubernetes service to users, enabling: +- a self-service approach +- access to cluster-wide resources + +to end-users. + +Tenant users will have the ability to access Kubernetes resources through: +- Rancher UI +- Rancher Shell +- Kubernetes CLI + +On the other side, administrators need to manage the Kubernetes clusters through Rancher. + +Rancher provides a feature called **Projects** to segregate resources inside a common domain. +At the same time Projects doesn't provide way to segregate Kubernetes cluster-scope resources. + +Capsule as a project born for creating a framework for multi-tenant platforms, integrates with Rancher Projects enhancing the experience with **Tenants**. + +Capsule allows tenants isolation and resources control in a declarative way, while enabling a self-service experience to tenants. +With Capsule Proxy users can also access cluster-wide resources, as configured by administrators at `Tenant` custom resource-level. + +You can read in detail how the integration works and how to configure it, in the following guides. +- [How to integrate Rancher Projects with Capsule Tenants](./capsule-proxy-rancher.md) +- [How to enable cluster-wide resources and Rancher shell access](./capsule-proxy-rancher.md). + diff --git a/docs/content/guides/rancher-projects/oidc-keycloak.md b/docs/content/guides/rancher-projects/oidc-keycloak.md new file mode 100644 index 000000000..29c6c5d99 --- /dev/null +++ b/docs/content/guides/rancher-projects/oidc-keycloak.md @@ -0,0 +1,40 @@ +# Configure OIDC authentication with Keycloak + +## Pre-requisites + +- Keycloak realm for Rancher +- Rancher OIDC authentication provider + +## Keycloak realm for Rancher + +These instructions is specific to a setup made with Keycloak as an OIDC identity provider. + +### Mappers + +- Add to userinfo Group Membership type, claim name `groups` +- Add to userinfo Audience type, claim name `client audience` +- Add to userinfo, full group path, Group Membership type, claim name `full_group_path` + +More on this on the [official guide](https://capsule.clastix.io/docs/guides/oidc-auth/#configuring-oidc-server). + +## Rancher OIDC authentication provider + +Configure an OIDC authentication provider, with Client with issuer, return URLs specific to the Keycloak setup. + +> Use old and Rancher-standard paths with `/auth` subpath (see issues below). +> +> Add custom paths, remove `/auth` subpath in return and issuer URLs. + +## Configuration + +### Configure Tenant users + +1. In Rancher, configure OIDC authentication with Keycloak to use [with Rancher](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc). +1. In Keycloak, Create a Group in the rancher Realm: *capsule.clastix.io*. +1. In Keycloak, Create a User in the rancher Realm, member of *capsule.clastix.io* Group. +1. In the Kubernetes target cluster, update the `CapsuleConfiguration` by adding the `"keycloakoidc_group://capsule.clastix.io"` Kubernetes `Group`. +1. Login to Rancher with Keycloak with the new user. +1. In Rancher as an administrator, set the user custom role with `get` of Cluster. +1. In Rancher as an administrator, add the Rancher user ID of the just-logged in user as Owner of a `Tenant`. +1. (optional) configure `proxySettings` for the `Tenant` to enable tenant users to access cluster-wide resources. + diff --git a/docs/gridsome.server.js b/docs/gridsome.server.js index ac07591a3..f54b84073 100644 --- a/docs/gridsome.server.js +++ b/docs/gridsome.server.js @@ -90,6 +90,27 @@ module.exports = function (api) { label: 'Control Pod Security', path: '/docs/guides/pod-security' }, + { + title: 'Tenants and Rancher Projects', + subItems: [ + { + label: 'Overview', + path: '/docs/guides/rancher-projects/introduction' + }, + { + label: 'Tenants and Projects', + path: '/docs/guides/rancher-projects/capsule-rancher' + }, + { + label: 'Rancher Shell and cluster-wide resources', + path: '/docs/guides/rancher-projects/capsule-proxy-rancher' + }, + { + label: 'OIDC authentication with Capsule, Rancher and Keycloak', + path: '/docs/guides/rancher-projects/oidc-keycloak' + }, + ] + }, { title: 'Managed Kubernetes', subItems: [ From eafdddec3e14c78d9b2ce2616ae63342040d028d Mon Sep 17 00:00:00 2001 From: ptx96 Date: Thu, 28 Sep 2023 10:26:44 +0200 Subject: [PATCH 025/103] chore(ci): added fossa license check Signed-off-by: ptx96 --- .github/workflows/fossa.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/fossa.yml diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 000000000..a56ba66d5 --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,27 @@ +name: FOSSA + +on: + push: + branches: [ "*" ] + pull_request: + branches: [ "*" ] + +jobs: + fossa-scan: + runs-on: ubuntu-20.04 + steps: + - name: "Checkout Code" + uses: actions/checkout@v3 + + - name: "Run FOSSA Scan" + uses: fossas/fossa-action@v1.3.1 + with: + api-key: ${{ secrets.FOSSA_API_KEY }} + container: ubuntu:20.04 + + - name: "Run FOSSA Test" + uses: fossas/fossa-action@v1.3.1 + with: + api-key: ${{ secrets.FOSSA_API_KEY }} + container: ubuntu:20.04 + run-tests: true From efd12e537bb84ef17be6387cfc66e0606914917e Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 29 Sep 2023 17:24:46 +0200 Subject: [PATCH 026/103] chore(fossa): disabling container scanning Signed-off-by: Dario Tranchitella --- .github/workflows/fossa.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index a56ba66d5..e1d363249 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -17,11 +17,9 @@ jobs: uses: fossas/fossa-action@v1.3.1 with: api-key: ${{ secrets.FOSSA_API_KEY }} - container: ubuntu:20.04 - name: "Run FOSSA Test" uses: fossas/fossa-action@v1.3.1 with: api-key: ${{ secrets.FOSSA_API_KEY }} - container: ubuntu:20.04 run-tests: true From febcc0db80ed5729cf633372863e6425e94ab3e7 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Fri, 29 Sep 2023 17:36:03 +0200 Subject: [PATCH 027/103] chore(readme): reporting cii status Signed-off-by: Dario Tranchitella --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index e2c03f28a..f4b004c96 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,9 @@ + + +

From e093e2d83caefc6a30aee33412d57097f9e998e6 Mon Sep 17 00:00:00 2001 From: Massimiliano Giovagnoli Date: Fri, 29 Sep 2023 17:58:26 +0200 Subject: [PATCH 028/103] chore: update code of conduct by following cncf one Signed-off-by: Massimiliano Giovagnoli --- CODE_OF_CONDUCT.md | 4 +++- README.md | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index d5b681694..a91796a0c 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,5 +1,7 @@ # Contributor Covenant Code of Conduct +Capsule follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). + ## Our Pledge We as members, contributors, and leaders pledge to make participation in our @@ -114,7 +116,7 @@ the community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], +This Code of Conduct follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md) and is adapted from the [Contributor Covenant][homepage], version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. diff --git a/README.md b/README.md index f4b004c96..4ef97db40 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,8 @@ make helm-docs Join the community, share and learn from it. You can find all the resources to how to contribute code and docs, connect with people in the [community repository](https://github.com/clastix/capsule-community). +Please read the [code of conduct](CODE_OF_CONDUCT.md). + ## Adopters See the [ADOPTERS.md](ADOPTERS.md) file for a list of companies that are using Capsule. From d6ca71d7d8734e23fa24380cfbabf80c3b0ac793 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 00:35:05 +0000 Subject: [PATCH 029/103] build(deps-dev): bump postcss from 8.2.13 to 8.4.31 in /docs Bumps [postcss](https://github.com/postcss/postcss) from 8.2.13 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.2.13...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- docs/package-lock.json | 61 ++++++++++++++---------------------------- docs/package.json | 2 +- docs/yarn.lock | 44 +++++++++++------------------- 3 files changed, 36 insertions(+), 71 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 617eb2c85..76741e43b 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -3545,12 +3545,6 @@ "simple-swizzle": "^0.2.2" } }, - "colorette": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.4.0.tgz", - "integrity": "sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g==", - "dev": true - }, "columnify": { "version": "1.5.4", "resolved": "https://registry.npmjs.org/columnify/-/columnify-1.5.4.tgz", @@ -8378,9 +8372,9 @@ "optional": true }, "nanoid": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.2.0.tgz", - "integrity": "sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA==", + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", "dev": true }, "nanomatch": { @@ -9117,14 +9111,22 @@ "integrity": "sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=" }, "postcss": { - "version": "8.2.13", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.13.tgz", - "integrity": "sha512-FCE5xLH+hjbzRdpbRb1IMCvPv9yZx2QnDarBEYSN0N0HYk+TcXsEhwdFcFb+SRWOKzKGErhIEbBK2ogyLdTtfQ==", + "version": "8.4.31", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz", + "integrity": "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==", "dev": true, "requires": { - "colorette": "^1.2.2", - "nanoid": "^3.1.22", - "source-map": "^0.6.1" + "nanoid": "^3.3.6", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + }, + "dependencies": { + "picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", + "dev": true + } } }, "postcss-attribute-case-insensitive": { @@ -10916,29 +10918,6 @@ "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", "dev": true - }, - "nanoid": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", - "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", - "dev": true - }, - "picocolors": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", - "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==", - "dev": true - }, - "postcss": { - "version": "8.4.25", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.25.tgz", - "integrity": "sha512-7taJ/8t2av0Z+sQEvNzCkpDynl0tX3uJMCODi6nT3PfASC7dYCWV9aQ+uiCf+KBD4SEFcu+GvJdGdwzQ6OSjCw==", - "dev": true, - "requires": { - "nanoid": "^3.3.6", - "picocolors": "^1.0.0", - "source-map-js": "^1.0.2" - } } } }, @@ -12966,9 +12945,9 @@ } }, "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", "dev": true, "optional": true }, diff --git a/docs/package.json b/docs/package.json index c054edc93..2c8182477 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,7 +16,7 @@ "devDependencies": { "autoprefixer": "^9.8.8", "gridsome-plugin-tailwindcss": "^4.1.1", - "postcss": "^8.2.13", + "postcss": "^8.4.31", "postcss-import": "^14.0.2", "postcss-preset-env": "^6.7.0", "prism-themes": "^1.9.0", diff --git a/docs/yarn.lock b/docs/yarn.lock index c7fc18604..6a980be42 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -2583,11 +2583,6 @@ color@^4.0.1: color-convert "^2.0.1" color-string "^1.6.0" -colorette@^1.2.2: - version "1.4.0" - resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.4.0.tgz#5190fbb87276259a86ad700bff2c6d6faa3fca40" - integrity sha512-Y2oEozpomLn7Q3HFP7dpww7AtMJplbM9lGZP6RDfHqmbeRjiwRg4n6VM6j4KLmRke85uWEI7JqF17f3pqdRA0g== - columnify@^1.5.4: version "1.5.4" resolved "https://registry.yarnpkg.com/columnify/-/columnify-1.5.4.tgz#4737ddf1c7b69a8a7c340570782e947eec8e78bb" @@ -6525,10 +6520,10 @@ nan@^2.12.1: resolved "https://registry.yarnpkg.com/nan/-/nan-2.15.0.tgz#3f34a473ff18e15c1b5626b62903b5ad6e665fee" integrity sha512-8ZtvEnA2c5aYCZYd1cvgdnU6cqwixRoYg70xPLWUws5ORTa/lnw+u4amixRS/Ac5U5mQVgp9pnlSUnbNWFaWZQ== -nanoid@^3.1.22, nanoid@^3.1.28: - version "3.2.0" - resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.2.0.tgz#62667522da6673971cca916a6d3eff3f415ff80c" - integrity sha512-fmsZYa9lpn69Ad5eDn7FMcnnSR+8R34W9qJEijxYhTbfOWzr22n1QxCMzXLK+ODyW2973V3Fux959iQoUxzUIA== +nanoid@^3.3.6: + version "3.3.6" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c" + integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA== nanomatch@^1.2.9: version "1.2.13" @@ -7925,23 +7920,14 @@ postcss@^7, postcss@^7.0.0, postcss@^7.0.1, postcss@^7.0.14, postcss@^7.0.17, po picocolors "^0.2.1" source-map "^0.6.1" -postcss@^8.2.1: - version "8.3.9" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.3.9.tgz#98754caa06c4ee9eb59cc48bd073bb6bd3437c31" - integrity sha512-f/ZFyAKh9Dnqytx5X62jgjhhzttjZS7hMsohcI7HEI5tjELX/HxCy3EFhsRxyzGvrzFF+82XPvCS8T9TFleVJw== - dependencies: - nanoid "^3.1.28" - picocolors "^0.2.1" - source-map-js "^0.6.2" - -postcss@^8.2.13: - version "8.2.13" - resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.2.13.tgz#dbe043e26e3c068e45113b1ed6375d2d37e2129f" - integrity sha512-FCE5xLH+hjbzRdpbRb1IMCvPv9yZx2QnDarBEYSN0N0HYk+TcXsEhwdFcFb+SRWOKzKGErhIEbBK2ogyLdTtfQ== +postcss@^8.2.1, postcss@^8.4.31: + version "8.4.31" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d" + integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ== dependencies: - colorette "^1.2.2" - nanoid "^3.1.22" - source-map "^0.6.1" + nanoid "^3.3.6" + picocolors "^1.0.0" + source-map-js "^1.0.2" prebuild-install@^5.3.4: version "5.3.6" @@ -9046,10 +9032,10 @@ source-list-map@^2.0.0: resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.1.tgz#3993bd873bfc48479cca9ea3a547835c7c154b34" integrity sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw== -source-map-js@^0.6.2: - version "0.6.2" - resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-0.6.2.tgz#0bb5de631b41cfbda6cfba8bd05a80efdfd2385e" - integrity sha512-/3GptzWzu0+0MBQFrDKzw/DvvMTUORvgY6k6jd/VS6iCR4RDTKWH6v6WPwQoUO8667uQEf9Oe38DxAYWY5F/Ug== +source-map-js@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.0.2.tgz#adbc361d9c62df380125e7f161f71c826f1e490c" + integrity sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw== source-map-resolve@^0.5.0: version "0.5.3" From d7a48d771fb08f5c082a0372c76b95c5554bd0d6 Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Mon, 16 Oct 2023 13:55:51 +0200 Subject: [PATCH 030/103] refactor: moving to new neutral organization Signed-off-by: Dario Tranchitella --- PROJECT | 16 +++--- api/v1alpha1/conversion_hub.go | 4 +- api/v1alpha1/conversion_hub_test.go | 4 +- api/v1alpha1/tenant_types.go | 2 +- api/v1alpha1/zz_generated.deepcopy.go | 2 +- api/v1beta1/ingress_options.go | 2 +- api/v1beta1/namespace_options.go | 2 +- api/v1beta1/service_options.go | 2 +- api/v1beta1/tenant_types.go | 2 +- api/v1beta1/zz_generated.deepcopy.go | 2 +- .../capsuleconfiguration_convertion_hub.go | 2 +- api/v1beta2/capsuleconfiguration_types.go | 2 +- api/v1beta2/ingress_options.go | 2 +- api/v1beta2/namespace_options.go | 2 +- api/v1beta2/tenant_conversion_hub.go | 4 +- api/v1beta2/tenant_types.go | 2 +- api/v1beta2/tenantresource_namespaced.go | 2 +- api/v1beta2/zz_generated.deepcopy.go | 2 +- controllers/config/manager.go | 6 +-- controllers/pv/controller.go | 6 +-- controllers/rbac/manager.go | 6 +-- controllers/resources/global.go | 2 +- controllers/resources/namespaced.go | 2 +- controllers/resources/processor.go | 2 +- controllers/servicelabels/abstract.go | 4 +- controllers/tenant/limitranges.go | 4 +- controllers/tenant/manager.go | 2 +- controllers/tenant/namespaces.go | 6 +-- controllers/tenant/networkpolicies.go | 4 +- controllers/tenant/resourcequotas.go | 6 +-- controllers/tenant/resourcequotas_quota.go | 2 +- controllers/tenant/rolebindings.go | 6 +-- controllers/tenant/utils.go | 2 +- controllers/tls/manager.go | 6 +-- e2e/additional_role_bindings_test.go | 4 +- e2e/allowed_external_ips_test.go | 4 +- e2e/container_registry_test.go | 4 +- e2e/custom_capsule_group_test.go | 2 +- e2e/custom_resource_quota_test.go | 2 +- e2e/disable_externalname_test.go | 4 +- e2e/disable_ingress_wildcard_test.go | 4 +- e2e/disable_loadbalancer_test.go | 4 +- e2e/disable_node_ports_test.go | 4 +- e2e/dynamic_tenant_owner_clusterroles_test.go | 2 +- e2e/enable_loadbalancer_test.go | 4 +- e2e/enable_node_ports_test.go | 2 +- e2e/forbidden_annotations_regex_test.go | 4 +- e2e/force_tenant_prefix_test.go | 2 +- e2e/globaltenantresource_test.go | 4 +- e2e/imagepullpolicy_multiple_test.go | 4 +- e2e/imagepullpolicy_single_test.go | 4 +- e2e/ingress_class_extensions_test.go | 6 +-- e2e/ingress_class_networking_test.go | 6 +-- ..._hostnames_collision_cluster_scope_test.go | 6 +-- ...gress_hostnames_collision_disabled_test.go | 6 +-- ...ostnames_collision_namespace_scope_test.go | 6 +-- ...s_hostnames_collision_tenant_scope_test.go | 6 +-- e2e/ingress_hostnames_test.go | 6 +-- e2e/missing_tenant_test.go | 2 +- e2e/namespace_additional_metadata_test.go | 4 +- e2e/namespace_capsule_label_test.go | 2 +- e2e/namespace_user_metadata_test.go | 4 +- e2e/new_namespace_test.go | 2 +- e2e/node_user_metadata_test.go | 6 +-- e2e/overquota_namespace_test.go | 2 +- e2e/owner_webhooks_test.go | 4 +- e2e/pod_priority_class_test.go | 4 +- e2e/pod_runtime_class_test.go | 4 +- e2e/preventing_pv_cross_tenant_mount_test.go | 2 +- e2e/protected_namespace_regex_test.go | 2 +- e2e/resource_quota_exceeded_test.go | 4 +- e2e/sa_prevent_privilege_escalation_test.go | 2 +- e2e/selecting_non_owned_tenant_test.go | 4 +- e2e/selecting_tenant_fail_test.go | 2 +- e2e/selecting_tenant_with_label_test.go | 4 +- e2e/service_metadata_test.go | 6 +-- e2e/storage_class_test.go | 4 +- e2e/suite_test.go | 2 +- e2e/tenant_cordoning_test.go | 2 +- e2e/tenant_name_webhook_test.go | 2 +- e2e/tenant_protected_webhook_test.go | 2 +- e2e/tenant_resources_changes_test.go | 4 +- e2e/tenant_resources_test.go | 4 +- e2e/tenantresource_test.go | 4 +- e2e/utils_test.go | 2 +- go.mod | 2 +- main.go | 52 +++++++++---------- pkg/configuration/client.go | 4 +- pkg/configuration/configuration.go | 2 +- pkg/indexer/indexer.go | 12 ++--- pkg/indexer/namespace/namespaces.go | 2 +- pkg/indexer/tenant/namespaces.go | 2 +- pkg/indexer/tenant/owner.go | 4 +- pkg/indexer/tenantresource/global.go | 2 +- pkg/indexer/tenantresource/local.go | 2 +- pkg/utils/node_selector.go | 2 +- pkg/utils/owner.go | 2 +- pkg/utils/tenant_labels.go | 6 +-- pkg/webhook/defaults/handler.go | 4 +- pkg/webhook/defaults/ingress.go | 6 +-- pkg/webhook/defaults/pods.go | 4 +- pkg/webhook/defaults/storage.go | 4 +- pkg/webhook/ingress/errors.go | 4 +- pkg/webhook/ingress/utils.go | 2 +- pkg/webhook/ingress/validate_class.go | 8 +-- pkg/webhook/ingress/validate_collision.go | 12 ++--- pkg/webhook/ingress/validate_hostnames.go | 8 +-- pkg/webhook/ingress/validate_wildcard.go | 6 +-- pkg/webhook/namespace/errors.go | 2 +- pkg/webhook/namespace/freezed.go | 8 +-- pkg/webhook/namespace/owner_reference.go | 4 +- pkg/webhook/namespace/patch.go | 8 +-- pkg/webhook/namespace/prefix.go | 8 +-- pkg/webhook/namespace/quota.go | 6 +-- pkg/webhook/namespace/user_metadata.go | 6 +-- pkg/webhook/networkpolicy/validating.go | 8 +-- pkg/webhook/node/errors.go | 2 +- pkg/webhook/node/user_metadata.go | 6 +-- pkg/webhook/ownerreference/patching.go | 10 ++-- pkg/webhook/pod/containerregistry.go | 6 +-- pkg/webhook/pod/containerregistry_errors.go | 2 +- pkg/webhook/pod/imagepullpolicy.go | 6 +-- pkg/webhook/pod/imagepullpolicy_pullpolicy.go | 2 +- pkg/webhook/pod/priorityclass.go | 4 +- pkg/webhook/pod/priorityclass_errors.go | 4 +- pkg/webhook/pod/runtimeclass.go | 4 +- pkg/webhook/pod/runtimeclass_errors.go | 4 +- pkg/webhook/pvc/errors.go | 4 +- pkg/webhook/pvc/pv.go | 6 +-- pkg/webhook/pvc/validating.go | 4 +- pkg/webhook/route/cordoning.go | 2 +- pkg/webhook/route/defaults.go | 2 +- pkg/webhook/route/ingresses.go | 2 +- pkg/webhook/route/namespaces.go | 2 +- pkg/webhook/route/networkpolicies.go | 2 +- pkg/webhook/route/node.go | 2 +- pkg/webhook/route/ownerreference.go | 2 +- pkg/webhook/route/pods.go | 2 +- pkg/webhook/route/pvc.go | 2 +- pkg/webhook/route/services.go | 2 +- pkg/webhook/route/tenantresource_objs.go | 2 +- pkg/webhook/route/tenants.go | 2 +- pkg/webhook/service/errors.go | 2 +- pkg/webhook/service/validating.go | 6 +-- pkg/webhook/tenant/containerregistry_regex.go | 6 +-- pkg/webhook/tenant/cordoning.go | 8 +-- pkg/webhook/tenant/custom_resource_quota.go | 6 +-- .../tenant/forbidden_annotations_regex.go | 6 +-- pkg/webhook/tenant/freezed_emitter.go | 6 +-- pkg/webhook/tenant/hostname_regex.go | 6 +-- pkg/webhook/tenant/ingressclass_regex.go | 6 +-- pkg/webhook/tenant/name.go | 6 +-- pkg/webhook/tenant/protected.go | 6 +-- pkg/webhook/tenant/rolebindings_regex.go | 6 +-- pkg/webhook/tenant/serviceaccount_format.go | 6 +-- pkg/webhook/tenant/storageclass_regex.go | 6 +-- pkg/webhook/tenantresource/objects.go | 8 +-- pkg/webhook/utils/error.go | 2 +- pkg/webhook/utils/in_capsule_groups.go | 4 +- pkg/webhook/utils/is_capsule_user.go | 6 +-- pkg/webhook/utils/is_tenant_owner.go | 2 +- pkg/webhook/utils/tenant_by_field.go | 2 +- 162 files changed, 352 insertions(+), 352 deletions(-) diff --git a/PROJECT b/PROJECT index ff22733dd..81d642aa1 100644 --- a/PROJECT +++ b/PROJECT @@ -5,7 +5,7 @@ plugins: manifests.sdk.operatorframework.io/v2: {} scorecard.sdk.operatorframework.io/v2: {} projectName: capsule -repo: github.com/clastix/capsule +repo: github.com/projectcapsule/capsule resources: - api: crdVersion: v1 @@ -13,7 +13,7 @@ resources: domain: clastix.io group: capsule kind: Tenant - path: github.com/clastix/capsule/api/v1alpha1 + path: github.com/projectcapsule/capsule/api/v1alpha1 version: v1alpha1 webhooks: conversion: true @@ -24,21 +24,21 @@ resources: domain: clastix.io group: capsule kind: CapsuleConfiguration - path: github.com/clastix/capsule/api/v1alpha1 + path: github.com/projectcapsule/capsule/api/v1alpha1 version: v1alpha1 - api: crdVersion: v1 domain: clastix.io group: capsule kind: Tenant - path: github.com/clastix/capsule/api/v1beta1 + path: github.com/projectcapsule/capsule/api/v1beta1 version: v1beta1 - api: crdVersion: v1 domain: clastix.io group: capsule kind: Tenant - path: github.com/clastix/capsule/api/v1beta2 + path: github.com/projectcapsule/capsule/api/v1beta2 version: v1beta2 - api: crdVersion: v1 @@ -46,7 +46,7 @@ resources: domain: clastix.io group: capsule kind: CapsuleConfiguration - path: github.com/clastix/capsule/api/v1beta2 + path: github.com/projectcapsule/capsule/api/v1beta2 version: v1beta2 - api: crdVersion: v1 @@ -54,13 +54,13 @@ resources: domain: clastix.io group: capsule kind: TenantResource - path: github.com/clastix/capsule/api/v1beta2 + path: github.com/projectcapsule/capsule/api/v1beta2 version: v1beta2 - api: crdVersion: v1 domain: clastix.io group: capsule kind: GlobalTenantResource - path: github.com/clastix/capsule/api/v1beta2 + path: github.com/projectcapsule/capsule/api/v1beta2 version: v1beta2 version: "3" diff --git a/api/v1alpha1/conversion_hub.go b/api/v1alpha1/conversion_hub.go index 1332ff076..9502ff34b 100644 --- a/api/v1alpha1/conversion_hub.go +++ b/api/v1alpha1/conversion_hub.go @@ -13,8 +13,8 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/conversion" - capsulev1beta1 "github.com/clastix/capsule/api/v1beta1" - "github.com/clastix/capsule/pkg/api" + capsulev1beta1 "github.com/projectcapsule/capsule/api/v1beta1" + "github.com/projectcapsule/capsule/pkg/api" ) const ( diff --git a/api/v1alpha1/conversion_hub_test.go b/api/v1alpha1/conversion_hub_test.go index 64a2e369f..806a5ea35 100644 --- a/api/v1alpha1/conversion_hub_test.go +++ b/api/v1alpha1/conversion_hub_test.go @@ -15,8 +15,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/pointer" - capsulev1beta1 "github.com/clastix/capsule/api/v1beta1" - "github.com/clastix/capsule/pkg/api" + capsulev1beta1 "github.com/projectcapsule/capsule/api/v1beta1" + "github.com/projectcapsule/capsule/pkg/api" ) //nolint:maintidx diff --git a/api/v1alpha1/tenant_types.go b/api/v1alpha1/tenant_types.go index e0b8c8842..b5e0cd865 100644 --- a/api/v1alpha1/tenant_types.go +++ b/api/v1alpha1/tenant_types.go @@ -8,7 +8,7 @@ import ( networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) // TenantSpec defines the desired state of Tenant. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index db6547945..dc6f72f4a 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ package v1alpha1 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" corev1 "k8s.io/api/core/v1" "k8s.io/api/networking/v1" runtime "k8s.io/apimachinery/pkg/runtime" diff --git a/api/v1beta1/ingress_options.go b/api/v1beta1/ingress_options.go index ab4baad70..edac1664f 100644 --- a/api/v1beta1/ingress_options.go +++ b/api/v1beta1/ingress_options.go @@ -4,7 +4,7 @@ package v1beta1 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type IngressOptions struct { diff --git a/api/v1beta1/namespace_options.go b/api/v1beta1/namespace_options.go index c4a2aed5e..1b2ff2f66 100644 --- a/api/v1beta1/namespace_options.go +++ b/api/v1beta1/namespace_options.go @@ -6,7 +6,7 @@ package v1beta1 import ( "strings" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type NamespaceOptions struct { diff --git a/api/v1beta1/service_options.go b/api/v1beta1/service_options.go index 636a2f7f3..2de0617f7 100644 --- a/api/v1beta1/service_options.go +++ b/api/v1beta1/service_options.go @@ -4,7 +4,7 @@ package v1beta1 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type ServiceOptions struct { diff --git a/api/v1beta1/tenant_types.go b/api/v1beta1/tenant_types.go index 5d809b243..d81a15bc2 100644 --- a/api/v1beta1/tenant_types.go +++ b/api/v1beta1/tenant_types.go @@ -6,7 +6,7 @@ package v1beta1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) // TenantSpec defines the desired state of Tenant. diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 5ae9834b7..78d33aa13 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ package v1beta1 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" runtime "k8s.io/apimachinery/pkg/runtime" ) diff --git a/api/v1beta2/capsuleconfiguration_convertion_hub.go b/api/v1beta2/capsuleconfiguration_convertion_hub.go index 6f4c02b5a..ceb4d10ec 100644 --- a/api/v1beta2/capsuleconfiguration_convertion_hub.go +++ b/api/v1beta2/capsuleconfiguration_convertion_hub.go @@ -10,7 +10,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/conversion" - capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1" + capsulev1alpha1 "github.com/projectcapsule/capsule/api/v1alpha1" ) func (in *CapsuleConfiguration) ConvertTo(raw conversion.Hub) error { diff --git a/api/v1beta2/capsuleconfiguration_types.go b/api/v1beta2/capsuleconfiguration_types.go index a5854b518..07248401e 100644 --- a/api/v1beta2/capsuleconfiguration_types.go +++ b/api/v1beta2/capsuleconfiguration_types.go @@ -6,7 +6,7 @@ package v1beta2 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) // CapsuleConfigurationSpec defines the Capsule configuration. diff --git a/api/v1beta2/ingress_options.go b/api/v1beta2/ingress_options.go index 740b1503d..82353dce2 100644 --- a/api/v1beta2/ingress_options.go +++ b/api/v1beta2/ingress_options.go @@ -4,7 +4,7 @@ package v1beta2 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type IngressOptions struct { diff --git a/api/v1beta2/namespace_options.go b/api/v1beta2/namespace_options.go index 0b71d73f5..a97152466 100644 --- a/api/v1beta2/namespace_options.go +++ b/api/v1beta2/namespace_options.go @@ -4,7 +4,7 @@ package v1beta2 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type NamespaceOptions struct { diff --git a/api/v1beta2/tenant_conversion_hub.go b/api/v1beta2/tenant_conversion_hub.go index aa144bb56..5658bd982 100644 --- a/api/v1beta2/tenant_conversion_hub.go +++ b/api/v1beta2/tenant_conversion_hub.go @@ -10,8 +10,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/conversion" - capsulev1beta1 "github.com/clastix/capsule/api/v1beta1" - "github.com/clastix/capsule/pkg/api" + capsulev1beta1 "github.com/projectcapsule/capsule/api/v1beta1" + "github.com/projectcapsule/capsule/pkg/api" ) func (in *Tenant) ConvertFrom(raw conversion.Hub) error { diff --git a/api/v1beta2/tenant_types.go b/api/v1beta2/tenant_types.go index 60edd2fe7..73ddfa038 100644 --- a/api/v1beta2/tenant_types.go +++ b/api/v1beta2/tenant_types.go @@ -6,7 +6,7 @@ package v1beta2 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) // TenantSpec defines the desired state of Tenant. diff --git a/api/v1beta2/tenantresource_namespaced.go b/api/v1beta2/tenantresource_namespaced.go index ac6c764ce..6fb088406 100644 --- a/api/v1beta2/tenantresource_namespaced.go +++ b/api/v1beta2/tenantresource_namespaced.go @@ -7,7 +7,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) // TenantResourceSpec defines the desired state of TenantResource. diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go index 141f2fe97..4fef513eb 100644 --- a/api/v1beta2/zz_generated.deepcopy.go +++ b/api/v1beta2/zz_generated.deepcopy.go @@ -9,7 +9,7 @@ package v1beta2 import ( - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" diff --git a/controllers/config/manager.go b/controllers/config/manager.go index 129733d68..5393a92e1 100644 --- a/controllers/config/manager.go +++ b/controllers/config/manager.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/controllers/utils" - "github.com/clastix/capsule/pkg/configuration" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/controllers/utils" + "github.com/projectcapsule/capsule/pkg/configuration" ) type Manager struct { diff --git a/controllers/pv/controller.go b/controllers/pv/controller.go index 3ef3ebae3..20c2bc745 100644 --- a/controllers/pv/controller.go +++ b/controllers/pv/controller.go @@ -16,9 +16,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsuleutils "github.com/clastix/capsule/pkg/utils" - webhookutils "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsuleutils "github.com/projectcapsule/capsule/pkg/utils" + webhookutils "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type Controller struct { diff --git a/controllers/rbac/manager.go b/controllers/rbac/manager.go index a5a8c0864..449b22004 100644 --- a/controllers/rbac/manager.go +++ b/controllers/rbac/manager.go @@ -20,9 +20,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/controllers/utils" - "github.com/clastix/capsule/pkg/configuration" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/controllers/utils" + "github.com/projectcapsule/capsule/pkg/configuration" ) type Manager struct { diff --git a/controllers/resources/global.go b/controllers/resources/global.go index 675078478..40fbf8c6c 100644 --- a/controllers/resources/global.go +++ b/controllers/resources/global.go @@ -21,7 +21,7 @@ import ( ctrllog "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type Global struct { diff --git a/controllers/resources/namespaced.go b/controllers/resources/namespaced.go index e9b0ae80e..b3b1a4198 100644 --- a/controllers/resources/namespaced.go +++ b/controllers/resources/namespaced.go @@ -18,7 +18,7 @@ import ( ctrllog "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type Namespaced struct { diff --git a/controllers/resources/processor.go b/controllers/resources/processor.go index 3c0aea512..4e2d8e90d 100644 --- a/controllers/resources/processor.go +++ b/controllers/resources/processor.go @@ -22,7 +22,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" ctrllog "sigs.k8s.io/controller-runtime/pkg/log" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) const ( diff --git a/controllers/servicelabels/abstract.go b/controllers/servicelabels/abstract.go index 19674a015..dcc979282 100644 --- a/controllers/servicelabels/abstract.go +++ b/controllers/servicelabels/abstract.go @@ -20,8 +20,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) type abstractServiceLabelsReconciler struct { diff --git a/controllers/tenant/limitranges.go b/controllers/tenant/limitranges.go index 99a035763..f6e9cd90f 100644 --- a/controllers/tenant/limitranges.go +++ b/controllers/tenant/limitranges.go @@ -13,8 +13,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) // Ensuring all the LimitRange are applied to each Namespace handled by the Tenant. diff --git a/controllers/tenant/manager.go b/controllers/tenant/manager.go index c89c6cf9b..37141433c 100644 --- a/controllers/tenant/manager.go +++ b/controllers/tenant/manager.go @@ -18,7 +18,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type Manager struct { diff --git a/controllers/tenant/namespaces.go b/controllers/tenant/namespaces.go index 3262511c3..d09369ed0 100644 --- a/controllers/tenant/namespaces.go +++ b/controllers/tenant/namespaces.go @@ -16,9 +16,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) // Ensuring all annotations are applied to each Namespace handled by the Tenant. diff --git a/controllers/tenant/networkpolicies.go b/controllers/tenant/networkpolicies.go index 914897ee7..e3a9f76bd 100644 --- a/controllers/tenant/networkpolicies.go +++ b/controllers/tenant/networkpolicies.go @@ -13,8 +13,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) // Ensuring all the NetworkPolicies are applied to each Namespace handled by the Tenant. diff --git a/controllers/tenant/resourcequotas.go b/controllers/tenant/resourcequotas.go index 7f70e0531..39c35dff5 100644 --- a/controllers/tenant/resourcequotas.go +++ b/controllers/tenant/resourcequotas.go @@ -19,9 +19,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) // When the Resource Budget assigned to a Tenant is Tenant-scoped we have to rely on the ResourceQuota resources to diff --git a/controllers/tenant/resourcequotas_quota.go b/controllers/tenant/resourcequotas_quota.go index 55e427497..8a9356846 100644 --- a/controllers/tenant/resourcequotas_quota.go +++ b/controllers/tenant/resourcequotas_quota.go @@ -16,7 +16,7 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/util/retry" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) func (r *Manager) syncCustomResourceQuotaUsages(ctx context.Context, tenant *capsulev1beta2.Tenant) error { diff --git a/controllers/tenant/rolebindings.go b/controllers/tenant/rolebindings.go index 236bfec74..1e85c7d72 100644 --- a/controllers/tenant/rolebindings.go +++ b/controllers/tenant/rolebindings.go @@ -14,9 +14,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) // ownerClusterRoleBindings generates a Capsule AdditionalRoleBinding object for the Owner dynamic clusterrole in order diff --git a/controllers/tenant/utils.go b/controllers/tenant/utils.go index 5adf7ac4f..a85df9eda 100644 --- a/controllers/tenant/utils.go +++ b/controllers/tenant/utils.go @@ -14,7 +14,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - capsulev1beta2 "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/pkg/utils" ) // pruningResources is taking care of removing the no more requested sub-resources as LimitRange, ResourceQuota or diff --git a/controllers/tls/manager.go b/controllers/tls/manager.go index f788e3604..9da5d1778 100644 --- a/controllers/tls/manager.go +++ b/controllers/tls/manager.go @@ -28,9 +28,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/clastix/capsule/controllers/utils" - "github.com/clastix/capsule/pkg/cert" - "github.com/clastix/capsule/pkg/configuration" + "github.com/projectcapsule/capsule/controllers/utils" + "github.com/projectcapsule/capsule/pkg/cert" + "github.com/projectcapsule/capsule/pkg/configuration" ) const ( diff --git a/e2e/additional_role_bindings_test.go b/e2e/additional_role_bindings_test.go index 9bca98ba3..7cb2e4fc4 100644 --- a/e2e/additional_role_bindings_test.go +++ b/e2e/additional_role_bindings_test.go @@ -14,8 +14,8 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a Namespace with an additional Role Binding", func() { diff --git a/e2e/allowed_external_ips_test.go b/e2e/allowed_external_ips_test.go index d5b0757e9..29a6da572 100644 --- a/e2e/allowed_external_ips_test.go +++ b/e2e/allowed_external_ips_test.go @@ -14,8 +14,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("enforcing an allowed set of Service external IPs", func() { diff --git a/e2e/container_registry_test.go b/e2e/container_registry_test.go index 9b499f243..405eed57b 100644 --- a/e2e/container_registry_test.go +++ b/e2e/container_registry_test.go @@ -15,8 +15,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) type Patch struct { diff --git a/e2e/custom_capsule_group_test.go b/e2e/custom_capsule_group_test.go index 750ece2fc..e8ad51319 100644 --- a/e2e/custom_capsule_group_test.go +++ b/e2e/custom_capsule_group_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace as Tenant owner with custom --capsule-group", func() { diff --git a/e2e/custom_resource_quota_test.go b/e2e/custom_resource_quota_test.go index dd056d0d4..4640d4129 100644 --- a/e2e/custom_resource_quota_test.go +++ b/e2e/custom_resource_quota_test.go @@ -20,7 +20,7 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes/scheme" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("when Tenant limits custom Resource Quota", func() { diff --git a/e2e/disable_externalname_test.go b/e2e/disable_externalname_test.go index 819bc0af1..c9e571156 100644 --- a/e2e/disable_externalname_test.go +++ b/e2e/disable_externalname_test.go @@ -15,8 +15,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating an ExternalName service when it is disabled for Tenant", func() { diff --git a/e2e/disable_ingress_wildcard_test.go b/e2e/disable_ingress_wildcard_test.go index 38c6a7b6d..bd4ae2ec0 100644 --- a/e2e/disable_ingress_wildcard_test.go +++ b/e2e/disable_ingress_wildcard_test.go @@ -17,8 +17,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("creating an Ingress with a wildcard when it is denied for the Tenant", func() { diff --git a/e2e/disable_loadbalancer_test.go b/e2e/disable_loadbalancer_test.go index c4f52c783..4d5293fa3 100644 --- a/e2e/disable_loadbalancer_test.go +++ b/e2e/disable_loadbalancer_test.go @@ -15,8 +15,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a LoadBalancer service when it is disabled for Tenant", func() { diff --git a/e2e/disable_node_ports_test.go b/e2e/disable_node_ports_test.go index 2e08dced5..48ab1fe11 100644 --- a/e2e/disable_node_ports_test.go +++ b/e2e/disable_node_ports_test.go @@ -15,8 +15,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a nodePort service when it is disabled for Tenant", func() { diff --git a/e2e/dynamic_tenant_owner_clusterroles_test.go b/e2e/dynamic_tenant_owner_clusterroles_test.go index 36221053c..882298a0c 100644 --- a/e2e/dynamic_tenant_owner_clusterroles_test.go +++ b/e2e/dynamic_tenant_owner_clusterroles_test.go @@ -13,7 +13,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("defining dynamic Tenant Owner Cluster Roles", func() { diff --git a/e2e/enable_loadbalancer_test.go b/e2e/enable_loadbalancer_test.go index f9ac51b45..9ba44bb10 100644 --- a/e2e/enable_loadbalancer_test.go +++ b/e2e/enable_loadbalancer_test.go @@ -15,8 +15,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a LoadBalancer service when it is enabled for Tenant", func() { diff --git a/e2e/enable_node_ports_test.go b/e2e/enable_node_ports_test.go index 764b06657..373b7ad38 100644 --- a/e2e/enable_node_ports_test.go +++ b/e2e/enable_node_ports_test.go @@ -14,7 +14,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a nodePort service when it is enabled for Tenant", func() { diff --git a/e2e/forbidden_annotations_regex_test.go b/e2e/forbidden_annotations_regex_test.go index f2797a846..b67f219bf 100644 --- a/e2e/forbidden_annotations_regex_test.go +++ b/e2e/forbidden_annotations_regex_test.go @@ -12,8 +12,8 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a tenant with various forbidden regexes", func() { diff --git a/e2e/force_tenant_prefix_test.go b/e2e/force_tenant_prefix_test.go index ef763eb4f..c9c2ac837 100644 --- a/e2e/force_tenant_prefix_test.go +++ b/e2e/force_tenant_prefix_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace with Tenant name prefix enforcement", func() { diff --git a/e2e/globaltenantresource_test.go b/e2e/globaltenantresource_test.go index 2a3beff48..7e1a69877 100644 --- a/e2e/globaltenantresource_test.go +++ b/e2e/globaltenantresource_test.go @@ -21,8 +21,8 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("Creating a GlobalTenantResource object", func() { diff --git a/e2e/imagepullpolicy_multiple_test.go b/e2e/imagepullpolicy_multiple_test.go index 65fdc18fe..6cd9cbe1f 100644 --- a/e2e/imagepullpolicy_multiple_test.go +++ b/e2e/imagepullpolicy_multiple_test.go @@ -13,8 +13,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("enforcing some defined ImagePullPolicy", func() { diff --git a/e2e/imagepullpolicy_single_test.go b/e2e/imagepullpolicy_single_test.go index 6143bf772..3018fb084 100644 --- a/e2e/imagepullpolicy_single_test.go +++ b/e2e/imagepullpolicy_single_test.go @@ -13,8 +13,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("enforcing a defined ImagePullPolicy", func() { diff --git a/e2e/ingress_class_extensions_test.go b/e2e/ingress_class_extensions_test.go index 7171fc144..154693d18 100644 --- a/e2e/ingress_class_extensions_test.go +++ b/e2e/ingress_class_extensions_test.go @@ -16,9 +16,9 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when Tenant handles Ingress classes with extensions/v1beta1", func() { diff --git a/e2e/ingress_class_networking_test.go b/e2e/ingress_class_networking_test.go index 881a4b7dc..ae30d118a 100644 --- a/e2e/ingress_class_networking_test.go +++ b/e2e/ingress_class_networking_test.go @@ -21,9 +21,9 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when Tenant handles Ingress classes with networking.k8s.io/v1", func() { diff --git a/e2e/ingress_hostnames_collision_cluster_scope_test.go b/e2e/ingress_hostnames_collision_cluster_scope_test.go index 14d895c7f..2f58da846 100644 --- a/e2e/ingress_hostnames_collision_cluster_scope_test.go +++ b/e2e/ingress_hostnames_collision_cluster_scope_test.go @@ -16,9 +16,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when handling Cluster scoped Ingress hostnames collision", func() { diff --git a/e2e/ingress_hostnames_collision_disabled_test.go b/e2e/ingress_hostnames_collision_disabled_test.go index 7b18ec4fc..894ae7c9d 100644 --- a/e2e/ingress_hostnames_collision_disabled_test.go +++ b/e2e/ingress_hostnames_collision_disabled_test.go @@ -16,9 +16,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when disabling Ingress hostnames collision", func() { diff --git a/e2e/ingress_hostnames_collision_namespace_scope_test.go b/e2e/ingress_hostnames_collision_namespace_scope_test.go index 317f1ce87..21b136ab4 100644 --- a/e2e/ingress_hostnames_collision_namespace_scope_test.go +++ b/e2e/ingress_hostnames_collision_namespace_scope_test.go @@ -16,9 +16,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when handling Namespace scoped Ingress hostnames collision", func() { diff --git a/e2e/ingress_hostnames_collision_tenant_scope_test.go b/e2e/ingress_hostnames_collision_tenant_scope_test.go index 9e4604945..4acb4b782 100644 --- a/e2e/ingress_hostnames_collision_tenant_scope_test.go +++ b/e2e/ingress_hostnames_collision_tenant_scope_test.go @@ -16,9 +16,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when handling Tenant scoped Ingress hostnames collision", func() { diff --git a/e2e/ingress_hostnames_test.go b/e2e/ingress_hostnames_test.go index b234a3db9..8167d4b5c 100644 --- a/e2e/ingress_hostnames_test.go +++ b/e2e/ingress_hostnames_test.go @@ -16,9 +16,9 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("when Tenant handles Ingress hostnames", func() { diff --git a/e2e/missing_tenant_test.go b/e2e/missing_tenant_test.go index fdc98d41a..cb8ebbe9d 100644 --- a/e2e/missing_tenant_test.go +++ b/e2e/missing_tenant_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace creation with no Tenant assigned", func() { diff --git a/e2e/namespace_additional_metadata_test.go b/e2e/namespace_additional_metadata_test.go index 4bac88bf8..a432f30c6 100644 --- a/e2e/namespace_additional_metadata_test.go +++ b/e2e/namespace_additional_metadata_test.go @@ -13,8 +13,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a Namespace for a Tenant with additional metadata", func() { diff --git a/e2e/namespace_capsule_label_test.go b/e2e/namespace_capsule_label_test.go index aa858dfd3..c517f25fd 100644 --- a/e2e/namespace_capsule_label_test.go +++ b/e2e/namespace_capsule_label_test.go @@ -14,7 +14,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating several Namespaces for a Tenant", func() { diff --git a/e2e/namespace_user_metadata_test.go b/e2e/namespace_user_metadata_test.go index 7f7d57739..3f5c02f04 100644 --- a/e2e/namespace_user_metadata_test.go +++ b/e2e/namespace_user_metadata_test.go @@ -15,8 +15,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("creating a Namespace with user-specified labels and annotations", func() { diff --git a/e2e/new_namespace_test.go b/e2e/new_namespace_test.go index 21df08128..6ec99f1f1 100644 --- a/e2e/new_namespace_test.go +++ b/e2e/new_namespace_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespaces as different type of Tenant owners", func() { diff --git a/e2e/node_user_metadata_test.go b/e2e/node_user_metadata_test.go index 2a02ba182..9d834b2b5 100644 --- a/e2e/node_user_metadata_test.go +++ b/e2e/node_user_metadata_test.go @@ -15,9 +15,9 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) var _ = Describe("modifying node labels and annotations", func() { diff --git a/e2e/overquota_namespace_test.go b/e2e/overquota_namespace_test.go index 9587baa5e..6687a5cbf 100644 --- a/e2e/overquota_namespace_test.go +++ b/e2e/overquota_namespace_test.go @@ -13,7 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace in over-quota of three", func() { diff --git a/e2e/owner_webhooks_test.go b/e2e/owner_webhooks_test.go index bc1f8f853..d4a36879b 100644 --- a/e2e/owner_webhooks_test.go +++ b/e2e/owner_webhooks_test.go @@ -17,8 +17,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("when Tenant owner interacts with the webhooks", func() { diff --git a/e2e/pod_priority_class_test.go b/e2e/pod_priority_class_test.go index 0e96c555c..24e95cb34 100644 --- a/e2e/pod_priority_class_test.go +++ b/e2e/pod_priority_class_test.go @@ -19,8 +19,8 @@ import ( "k8s.io/apimachinery/pkg/selection" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("enforcing a Priority Class", func() { diff --git a/e2e/pod_runtime_class_test.go b/e2e/pod_runtime_class_test.go index 58c5339ac..d96651064 100644 --- a/e2e/pod_runtime_class_test.go +++ b/e2e/pod_runtime_class_test.go @@ -16,9 +16,9 @@ import ( nodev1 "k8s.io/api/node/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("enforcing a Runtime Class", func() { diff --git a/e2e/preventing_pv_cross_tenant_mount_test.go b/e2e/preventing_pv_cross_tenant_mount_test.go index 0618bb581..baa96741f 100644 --- a/e2e/preventing_pv_cross_tenant_mount_test.go +++ b/e2e/preventing_pv_cross_tenant_mount_test.go @@ -17,7 +17,7 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("preventing PersistentVolume cross-tenant mount", func() { diff --git a/e2e/protected_namespace_regex_test.go b/e2e/protected_namespace_regex_test.go index 3b4279b9e..306e15b2a 100644 --- a/e2e/protected_namespace_regex_test.go +++ b/e2e/protected_namespace_regex_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace with a protected Namespace regex enabled", func() { diff --git a/e2e/resource_quota_exceeded_test.go b/e2e/resource_quota_exceeded_test.go index 868135180..d16465dab 100644 --- a/e2e/resource_quota_exceeded_test.go +++ b/e2e/resource_quota_exceeded_test.go @@ -9,7 +9,7 @@ import ( "context" "fmt" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -20,7 +20,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/utils/pointer" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("exceeding a Tenant resource quota", func() { diff --git a/e2e/sa_prevent_privilege_escalation_test.go b/e2e/sa_prevent_privilege_escalation_test.go index b31a4a869..192b7e5c8 100644 --- a/e2e/sa_prevent_privilege_escalation_test.go +++ b/e2e/sa_prevent_privilege_escalation_test.go @@ -19,7 +19,7 @@ import ( "k8s.io/client-go/kubernetes" "sigs.k8s.io/controller-runtime/pkg/client/config" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("trying to escalate from a Tenant Namespace ServiceAccount", func() { diff --git a/e2e/selecting_non_owned_tenant_test.go b/e2e/selecting_non_owned_tenant_test.go index 8734dbd51..9b8d8fa1b 100644 --- a/e2e/selecting_non_owned_tenant_test.go +++ b/e2e/selecting_non_owned_tenant_test.go @@ -8,14 +8,14 @@ package e2e import ( "context" - "github.com/clastix/capsule/pkg/utils" + "github.com/projectcapsule/capsule/pkg/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace trying to select a third Tenant", func() { diff --git a/e2e/selecting_tenant_fail_test.go b/e2e/selecting_tenant_fail_test.go index 95253c45e..8615a1f1a 100644 --- a/e2e/selecting_tenant_fail_test.go +++ b/e2e/selecting_tenant_fail_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace without a Tenant selector when user owns multiple Tenants", func() { diff --git a/e2e/selecting_tenant_with_label_test.go b/e2e/selecting_tenant_with_label_test.go index 093a27127..32df40b06 100644 --- a/e2e/selecting_tenant_with_label_test.go +++ b/e2e/selecting_tenant_with_label_test.go @@ -8,13 +8,13 @@ package e2e import ( "context" - "github.com/clastix/capsule/pkg/utils" + "github.com/projectcapsule/capsule/pkg/utils" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Namespace with Tenant selector when user owns multiple tenants", func() { diff --git a/e2e/service_metadata_test.go b/e2e/service_metadata_test.go index b27524fc5..c13941fc2 100644 --- a/e2e/service_metadata_test.go +++ b/e2e/service_metadata_test.go @@ -21,9 +21,9 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/utils" ) var _ = Describe("adding metadata to Service objects", func() { diff --git a/e2e/storage_class_test.go b/e2e/storage_class_test.go index c182c4ea4..05dfd6d1e 100644 --- a/e2e/storage_class_test.go +++ b/e2e/storage_class_test.go @@ -24,8 +24,8 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("when Tenant handles Storage classes", func() { diff --git a/e2e/suite_test.go b/e2e/suite_test.go index 55a6e3707..5b10f1595 100644 --- a/e2e/suite_test.go +++ b/e2e/suite_test.go @@ -19,7 +19,7 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) // These tests use Ginkgo (BDD-style Go testing framework). Refer to diff --git a/e2e/tenant_cordoning_test.go b/e2e/tenant_cordoning_test.go index 95a772285..ed58651ba 100644 --- a/e2e/tenant_cordoning_test.go +++ b/e2e/tenant_cordoning_test.go @@ -15,7 +15,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("cordoning a Tenant", func() { diff --git a/e2e/tenant_name_webhook_test.go b/e2e/tenant_name_webhook_test.go index 91abe3787..0cd3578ee 100644 --- a/e2e/tenant_name_webhook_test.go +++ b/e2e/tenant_name_webhook_test.go @@ -12,7 +12,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating a Tenant with wrong name", func() { diff --git a/e2e/tenant_protected_webhook_test.go b/e2e/tenant_protected_webhook_test.go index f41175a37..a526c9eef 100644 --- a/e2e/tenant_protected_webhook_test.go +++ b/e2e/tenant_protected_webhook_test.go @@ -13,7 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("Deleting a tenant with protected annotation", func() { diff --git a/e2e/tenant_resources_changes_test.go b/e2e/tenant_resources_changes_test.go index 17a7e7135..21ae2e070 100644 --- a/e2e/tenant_resources_changes_test.go +++ b/e2e/tenant_resources_changes_test.go @@ -9,7 +9,7 @@ import ( "context" "fmt" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -20,7 +20,7 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("changing Tenant managed Kubernetes resources", func() { diff --git a/e2e/tenant_resources_test.go b/e2e/tenant_resources_test.go index 5337775e5..0d3965cde 100644 --- a/e2e/tenant_resources_test.go +++ b/e2e/tenant_resources_test.go @@ -10,7 +10,7 @@ import ( "fmt" "strings" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -20,7 +20,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) var _ = Describe("creating namespaces within a Tenant with resources", func() { diff --git a/e2e/tenantresource_test.go b/e2e/tenantresource_test.go index 478db0f8f..444d26ffe 100644 --- a/e2e/tenantresource_test.go +++ b/e2e/tenantresource_test.go @@ -22,8 +22,8 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" ) var _ = Describe("Creating a TenantResource object", func() { diff --git a/e2e/utils_test.go b/e2e/utils_test.go index 46ec50d1a..98e4897ad 100644 --- a/e2e/utils_test.go +++ b/e2e/utils_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/apimachinery/pkg/version" "k8s.io/client-go/kubernetes" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) const ( diff --git a/go.mod b/go.mod index 8b3d2b31f..bb684037c 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/clastix/capsule +module github.com/projectcapsule/capsule go 1.19 diff --git a/main.go b/main.go index 52d28240d..b67e6660f 100644 --- a/main.go +++ b/main.go @@ -26,32 +26,32 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" ctrlwebhook "sigs.k8s.io/controller-runtime/pkg/webhook" - capsulev1alpha1 "github.com/clastix/capsule/api/v1alpha1" - capsulev1beta1 "github.com/clastix/capsule/api/v1beta1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - configcontroller "github.com/clastix/capsule/controllers/config" - "github.com/clastix/capsule/controllers/pv" - rbaccontroller "github.com/clastix/capsule/controllers/rbac" - "github.com/clastix/capsule/controllers/resources" - servicelabelscontroller "github.com/clastix/capsule/controllers/servicelabels" - tenantcontroller "github.com/clastix/capsule/controllers/tenant" - tlscontroller "github.com/clastix/capsule/controllers/tls" - "github.com/clastix/capsule/pkg/configuration" - "github.com/clastix/capsule/pkg/indexer" - "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/defaults" - "github.com/clastix/capsule/pkg/webhook/ingress" - namespacewebhook "github.com/clastix/capsule/pkg/webhook/namespace" - "github.com/clastix/capsule/pkg/webhook/networkpolicy" - "github.com/clastix/capsule/pkg/webhook/node" - "github.com/clastix/capsule/pkg/webhook/ownerreference" - "github.com/clastix/capsule/pkg/webhook/pod" - "github.com/clastix/capsule/pkg/webhook/pvc" - "github.com/clastix/capsule/pkg/webhook/route" - "github.com/clastix/capsule/pkg/webhook/service" - "github.com/clastix/capsule/pkg/webhook/tenant" - tntresource "github.com/clastix/capsule/pkg/webhook/tenantresource" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1alpha1 "github.com/projectcapsule/capsule/api/v1alpha1" + capsulev1beta1 "github.com/projectcapsule/capsule/api/v1beta1" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + configcontroller "github.com/projectcapsule/capsule/controllers/config" + "github.com/projectcapsule/capsule/controllers/pv" + rbaccontroller "github.com/projectcapsule/capsule/controllers/rbac" + "github.com/projectcapsule/capsule/controllers/resources" + servicelabelscontroller "github.com/projectcapsule/capsule/controllers/servicelabels" + tenantcontroller "github.com/projectcapsule/capsule/controllers/tenant" + tlscontroller "github.com/projectcapsule/capsule/controllers/tls" + "github.com/projectcapsule/capsule/pkg/configuration" + "github.com/projectcapsule/capsule/pkg/indexer" + "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/defaults" + "github.com/projectcapsule/capsule/pkg/webhook/ingress" + namespacewebhook "github.com/projectcapsule/capsule/pkg/webhook/namespace" + "github.com/projectcapsule/capsule/pkg/webhook/networkpolicy" + "github.com/projectcapsule/capsule/pkg/webhook/node" + "github.com/projectcapsule/capsule/pkg/webhook/ownerreference" + "github.com/projectcapsule/capsule/pkg/webhook/pod" + "github.com/projectcapsule/capsule/pkg/webhook/pvc" + "github.com/projectcapsule/capsule/pkg/webhook/route" + "github.com/projectcapsule/capsule/pkg/webhook/service" + "github.com/projectcapsule/capsule/pkg/webhook/tenant" + tntresource "github.com/projectcapsule/capsule/pkg/webhook/tenantresource" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) var ( diff --git a/pkg/configuration/client.go b/pkg/configuration/client.go index c50d1b201..8d65ccae1 100644 --- a/pkg/configuration/client.go +++ b/pkg/configuration/client.go @@ -12,8 +12,8 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsuleapi "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsuleapi "github.com/projectcapsule/capsule/pkg/api" ) // capsuleConfiguration is the Capsule Configuration retrieval mode diff --git a/pkg/configuration/configuration.go b/pkg/configuration/configuration.go index 68ad64169..c91350fc0 100644 --- a/pkg/configuration/configuration.go +++ b/pkg/configuration/configuration.go @@ -6,7 +6,7 @@ package configuration import ( "regexp" - capsuleapi "github.com/clastix/capsule/pkg/api" + capsuleapi "github.com/projectcapsule/capsule/pkg/api" ) const ( diff --git a/pkg/indexer/indexer.go b/pkg/indexer/indexer.go index e726ca8b0..7f01e758b 100644 --- a/pkg/indexer/indexer.go +++ b/pkg/indexer/indexer.go @@ -14,12 +14,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/indexer/ingress" - "github.com/clastix/capsule/pkg/indexer/namespace" - "github.com/clastix/capsule/pkg/indexer/tenant" - "github.com/clastix/capsule/pkg/indexer/tenantresource" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/indexer/ingress" + "github.com/projectcapsule/capsule/pkg/indexer/namespace" + "github.com/projectcapsule/capsule/pkg/indexer/tenant" + "github.com/projectcapsule/capsule/pkg/indexer/tenantresource" + "github.com/projectcapsule/capsule/pkg/utils" ) type CustomIndexer interface { diff --git a/pkg/indexer/namespace/namespaces.go b/pkg/indexer/namespace/namespaces.go index 87ea803b2..cc4a1527b 100644 --- a/pkg/indexer/namespace/namespaces.go +++ b/pkg/indexer/namespace/namespaces.go @@ -9,7 +9,7 @@ import ( corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type OwnerReference struct{} diff --git a/pkg/indexer/tenant/namespaces.go b/pkg/indexer/tenant/namespaces.go index ab9d80088..7aced7955 100644 --- a/pkg/indexer/tenant/namespaces.go +++ b/pkg/indexer/tenant/namespaces.go @@ -6,7 +6,7 @@ package tenant import ( "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type NamespacesReference struct { diff --git a/pkg/indexer/tenant/owner.go b/pkg/indexer/tenant/owner.go index 46dc3c693..e871ab9ca 100644 --- a/pkg/indexer/tenant/owner.go +++ b/pkg/indexer/tenant/owner.go @@ -8,8 +8,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) type OwnerReference struct{} diff --git a/pkg/indexer/tenantresource/global.go b/pkg/indexer/tenantresource/global.go index 380d9eb84..a3253b3be 100644 --- a/pkg/indexer/tenantresource/global.go +++ b/pkg/indexer/tenantresource/global.go @@ -7,7 +7,7 @@ package tenantresource import ( "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type GlobalProcessedItems struct{} diff --git a/pkg/indexer/tenantresource/local.go b/pkg/indexer/tenantresource/local.go index 9413400cb..a1633c9a0 100644 --- a/pkg/indexer/tenantresource/local.go +++ b/pkg/indexer/tenantresource/local.go @@ -7,7 +7,7 @@ package tenantresource import ( "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type LocalProcessedItems struct{} diff --git a/pkg/utils/node_selector.go b/pkg/utils/node_selector.go index 94f3b785f..ccf2a4b9a 100644 --- a/pkg/utils/node_selector.go +++ b/pkg/utils/node_selector.go @@ -8,7 +8,7 @@ import ( "sort" "strings" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) const ( diff --git a/pkg/utils/owner.go b/pkg/utils/owner.go index fad2c6956..12c0b5c09 100644 --- a/pkg/utils/owner.go +++ b/pkg/utils/owner.go @@ -6,7 +6,7 @@ package utils import ( "fmt" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) func GetOwnersWithKinds(tenant *capsulev1beta2.Tenant) (owners []string) { diff --git a/pkg/utils/tenant_labels.go b/pkg/utils/tenant_labels.go index db97f7aea..65dc5b76a 100644 --- a/pkg/utils/tenant_labels.go +++ b/pkg/utils/tenant_labels.go @@ -11,9 +11,9 @@ import ( rbacv1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/runtime" - "github.com/clastix/capsule/api/v1alpha1" - "github.com/clastix/capsule/api/v1beta1" - "github.com/clastix/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/api/v1alpha1" + "github.com/projectcapsule/capsule/api/v1beta1" + "github.com/projectcapsule/capsule/api/v1beta2" ) func GetTypeLabel(t runtime.Object) (label string, err error) { diff --git a/pkg/webhook/defaults/handler.go b/pkg/webhook/defaults/handler.go index 57b384927..1f5e0d36e 100644 --- a/pkg/webhook/defaults/handler.go +++ b/pkg/webhook/defaults/handler.go @@ -12,8 +12,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) type handler struct { diff --git a/pkg/webhook/defaults/ingress.go b/pkg/webhook/defaults/ingress.go index 7038245c6..8bbb07f0c 100644 --- a/pkg/webhook/defaults/ingress.go +++ b/pkg/webhook/defaults/ingress.go @@ -15,9 +15,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsuleingress "github.com/clastix/capsule/pkg/webhook/ingress" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsuleingress "github.com/projectcapsule/capsule/pkg/webhook/ingress" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) func mutateIngressDefaults(ctx context.Context, req admission.Request, version *version.Version, c client.Client, decoder *admission.Decoder, recorder record.EventRecorder, namespace string) *admission.Response { diff --git a/pkg/webhook/defaults/pods.go b/pkg/webhook/defaults/pods.go index 3e5ff455a..612cc81ef 100644 --- a/pkg/webhook/defaults/pods.go +++ b/pkg/webhook/defaults/pods.go @@ -14,8 +14,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) func mutatePodDefaults(ctx context.Context, req admission.Request, c client.Client, decoder *admission.Decoder, recorder record.EventRecorder, namespace string) *admission.Response { diff --git a/pkg/webhook/defaults/storage.go b/pkg/webhook/defaults/storage.go index 2513524b8..89b4efc53 100644 --- a/pkg/webhook/defaults/storage.go +++ b/pkg/webhook/defaults/storage.go @@ -14,8 +14,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) func mutatePVCDefaults(ctx context.Context, req admission.Request, c client.Client, decoder *admission.Decoder, recorder record.EventRecorder, namespace string) *admission.Response { diff --git a/pkg/webhook/ingress/errors.go b/pkg/webhook/ingress/errors.go index ea51eb729..afb6212d6 100644 --- a/pkg/webhook/ingress/errors.go +++ b/pkg/webhook/ingress/errors.go @@ -7,8 +7,8 @@ import ( "fmt" "strings" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/webhook/utils" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type ingressClassForbiddenError struct { diff --git a/pkg/webhook/ingress/utils.go b/pkg/webhook/ingress/utils.go index 0fe7f99a1..bbb15ad82 100644 --- a/pkg/webhook/ingress/utils.go +++ b/pkg/webhook/ingress/utils.go @@ -14,7 +14,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) func TenantFromIngress(ctx context.Context, c client.Client, ingress Ingress) (*capsulev1beta2.Tenant, error) { diff --git a/pkg/webhook/ingress/validate_class.go b/pkg/webhook/ingress/validate_class.go index 9f2018d21..47ff3df53 100644 --- a/pkg/webhook/ingress/validate_class.go +++ b/pkg/webhook/ingress/validate_class.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type class struct { diff --git a/pkg/webhook/ingress/validate_collision.go b/pkg/webhook/ingress/validate_collision.go index e552be818..022d64606 100644 --- a/pkg/webhook/ingress/validate_collision.go +++ b/pkg/webhook/ingress/validate_collision.go @@ -18,12 +18,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/configuration" - "github.com/clastix/capsule/pkg/indexer/ingress" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/configuration" + "github.com/projectcapsule/capsule/pkg/indexer/ingress" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type collision struct { diff --git a/pkg/webhook/ingress/validate_hostnames.go b/pkg/webhook/ingress/validate_hostnames.go index c5bca27f8..a11eedc98 100644 --- a/pkg/webhook/ingress/validate_hostnames.go +++ b/pkg/webhook/ingress/validate_hostnames.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type hostnames struct { diff --git a/pkg/webhook/ingress/validate_wildcard.go b/pkg/webhook/ingress/validate_wildcard.go index c4c8a1320..fd29800a2 100644 --- a/pkg/webhook/ingress/validate_wildcard.go +++ b/pkg/webhook/ingress/validate_wildcard.go @@ -14,9 +14,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type wildcard struct{} diff --git a/pkg/webhook/namespace/errors.go b/pkg/webhook/namespace/errors.go index 8b0ec4f2b..ba37aab8e 100644 --- a/pkg/webhook/namespace/errors.go +++ b/pkg/webhook/namespace/errors.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - capsuleapi "github.com/clastix/capsule/pkg/api" + capsuleapi "github.com/projectcapsule/capsule/pkg/api" ) //nolint:predeclared diff --git a/pkg/webhook/namespace/freezed.go b/pkg/webhook/namespace/freezed.go index a9a1234dd..8b4f26a1d 100644 --- a/pkg/webhook/namespace/freezed.go +++ b/pkg/webhook/namespace/freezed.go @@ -13,10 +13,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type freezedHandler struct { diff --git a/pkg/webhook/namespace/owner_reference.go b/pkg/webhook/namespace/owner_reference.go index 7f4e29609..350c1423e 100644 --- a/pkg/webhook/namespace/owner_reference.go +++ b/pkg/webhook/namespace/owner_reference.go @@ -13,8 +13,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type ownerReferenceHandler struct{} diff --git a/pkg/webhook/namespace/patch.go b/pkg/webhook/namespace/patch.go index 1f3fb18ea..653ecb6a5 100644 --- a/pkg/webhook/namespace/patch.go +++ b/pkg/webhook/namespace/patch.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsuleutils "github.com/clastix/capsule/pkg/utils" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsuleutils "github.com/projectcapsule/capsule/pkg/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type patchHandler struct{} diff --git a/pkg/webhook/namespace/prefix.go b/pkg/webhook/namespace/prefix.go index 7c998ba68..105a6d579 100644 --- a/pkg/webhook/namespace/prefix.go +++ b/pkg/webhook/namespace/prefix.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type prefixHandler struct { diff --git a/pkg/webhook/namespace/quota.go b/pkg/webhook/namespace/quota.go index 86010e860..5d4f98553 100644 --- a/pkg/webhook/namespace/quota.go +++ b/pkg/webhook/namespace/quota.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type quotaHandler struct{} diff --git a/pkg/webhook/namespace/user_metadata.go b/pkg/webhook/namespace/user_metadata.go index 6d42f4084..9c1bb0934 100644 --- a/pkg/webhook/namespace/user_metadata.go +++ b/pkg/webhook/namespace/user_metadata.go @@ -13,9 +13,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type userMetadataHandler struct{} diff --git a/pkg/webhook/networkpolicy/validating.go b/pkg/webhook/networkpolicy/validating.go index f5cc6b5a5..ef0841553 100644 --- a/pkg/webhook/networkpolicy/validating.go +++ b/pkg/webhook/networkpolicy/validating.go @@ -13,10 +13,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsuleutils "github.com/clastix/capsule/pkg/utils" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsuleutils "github.com/projectcapsule/capsule/pkg/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type handler struct{} diff --git a/pkg/webhook/node/errors.go b/pkg/webhook/node/errors.go index 1b7a5f373..55087fa43 100644 --- a/pkg/webhook/node/errors.go +++ b/pkg/webhook/node/errors.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - capsulev1beta2 "github.com/clastix/capsule/pkg/api" + capsulev1beta2 "github.com/projectcapsule/capsule/pkg/api" ) //nolint:predeclared diff --git a/pkg/webhook/node/user_metadata.go b/pkg/webhook/node/user_metadata.go index 01e2ea8d3..c800f287e 100644 --- a/pkg/webhook/node/user_metadata.go +++ b/pkg/webhook/node/user_metadata.go @@ -13,9 +13,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type userMetadataHandler struct { diff --git a/pkg/webhook/ownerreference/patching.go b/pkg/webhook/ownerreference/patching.go index fb950cba5..3fd993593 100644 --- a/pkg/webhook/ownerreference/patching.go +++ b/pkg/webhook/ownerreference/patching.go @@ -19,11 +19,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsuleutils "github.com/clastix/capsule/pkg/utils" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsuleutils "github.com/projectcapsule/capsule/pkg/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type handler struct { diff --git a/pkg/webhook/pod/containerregistry.go b/pkg/webhook/pod/containerregistry.go index c21e4cf02..17c7148e3 100644 --- a/pkg/webhook/pod/containerregistry.go +++ b/pkg/webhook/pod/containerregistry.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type containerRegistryHandler struct{} diff --git a/pkg/webhook/pod/containerregistry_errors.go b/pkg/webhook/pod/containerregistry_errors.go index 776594a4e..aa9961a83 100644 --- a/pkg/webhook/pod/containerregistry_errors.go +++ b/pkg/webhook/pod/containerregistry_errors.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type missingContainerRegistryError struct { diff --git a/pkg/webhook/pod/imagepullpolicy.go b/pkg/webhook/pod/imagepullpolicy.go index 3b160b208..73c530304 100644 --- a/pkg/webhook/pod/imagepullpolicy.go +++ b/pkg/webhook/pod/imagepullpolicy.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type imagePullPolicy struct{} diff --git a/pkg/webhook/pod/imagepullpolicy_pullpolicy.go b/pkg/webhook/pod/imagepullpolicy_pullpolicy.go index ccafe549c..ec28123d3 100644 --- a/pkg/webhook/pod/imagepullpolicy_pullpolicy.go +++ b/pkg/webhook/pod/imagepullpolicy_pullpolicy.go @@ -6,7 +6,7 @@ package pod import ( "strings" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) type PullPolicy interface { diff --git a/pkg/webhook/pod/priorityclass.go b/pkg/webhook/pod/priorityclass.go index 81d02eec1..8f4d71482 100644 --- a/pkg/webhook/pod/priorityclass.go +++ b/pkg/webhook/pod/priorityclass.go @@ -12,8 +12,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type priorityClass struct{} diff --git a/pkg/webhook/pod/priorityclass_errors.go b/pkg/webhook/pod/priorityclass_errors.go index 9198d598e..0cf2a5871 100644 --- a/pkg/webhook/pod/priorityclass_errors.go +++ b/pkg/webhook/pod/priorityclass_errors.go @@ -6,8 +6,8 @@ package pod import ( "fmt" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/webhook/utils" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type podPriorityClassForbiddenError struct { diff --git a/pkg/webhook/pod/runtimeclass.go b/pkg/webhook/pod/runtimeclass.go index 08d539c07..71059daca 100644 --- a/pkg/webhook/pod/runtimeclass.go +++ b/pkg/webhook/pod/runtimeclass.go @@ -14,8 +14,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type runtimeClass struct{} diff --git a/pkg/webhook/pod/runtimeclass_errors.go b/pkg/webhook/pod/runtimeclass_errors.go index 0a1d9c73a..eb037fb06 100644 --- a/pkg/webhook/pod/runtimeclass_errors.go +++ b/pkg/webhook/pod/runtimeclass_errors.go @@ -6,8 +6,8 @@ package pod import ( "fmt" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/webhook/utils" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type podRuntimeClassForbiddenError struct { diff --git a/pkg/webhook/pvc/errors.go b/pkg/webhook/pvc/errors.go index 11337172c..26043a9e8 100644 --- a/pkg/webhook/pvc/errors.go +++ b/pkg/webhook/pvc/errors.go @@ -6,8 +6,8 @@ package pvc import ( "fmt" - "github.com/clastix/capsule/pkg/api" - "github.com/clastix/capsule/pkg/webhook/utils" + "github.com/projectcapsule/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type storageClassNotValidError struct { diff --git a/pkg/webhook/pvc/pv.go b/pkg/webhook/pvc/pv.go index 6f004d259..771372842 100644 --- a/pkg/webhook/pvc/pv.go +++ b/pkg/webhook/pvc/pv.go @@ -14,9 +14,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type PV struct { diff --git a/pkg/webhook/pvc/validating.go b/pkg/webhook/pvc/validating.go index 03b6fb2cc..1651531a3 100644 --- a/pkg/webhook/pvc/validating.go +++ b/pkg/webhook/pvc/validating.go @@ -13,8 +13,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type validating struct{} diff --git a/pkg/webhook/route/cordoning.go b/pkg/webhook/route/cordoning.go index 4d6357cc5..d2771e350 100644 --- a/pkg/webhook/route/cordoning.go +++ b/pkg/webhook/route/cordoning.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/cordoning,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="*",resources="*",verbs=create;update;delete,versions="*",name=cordoning.tenant.capsule.clastix.io diff --git a/pkg/webhook/route/defaults.go b/pkg/webhook/route/defaults.go index b42ca895e..ed4ef7eaa 100644 --- a/pkg/webhook/route/defaults.go +++ b/pkg/webhook/route/defaults.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/defaults,mutating=true,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=pods,verbs=create,versions=v1,name=pod.defaults.capsule.clastix.io diff --git a/pkg/webhook/route/ingresses.go b/pkg/webhook/route/ingresses.go index 980562fce..18221f32b 100644 --- a/pkg/webhook/route/ingresses.go +++ b/pkg/webhook/route/ingresses.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/ingresses,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups=networking.k8s.io;extensions,resources=ingresses,verbs=create;update,versions=v1beta1;v1,name=ingress.capsule.clastix.io diff --git a/pkg/webhook/route/namespaces.go b/pkg/webhook/route/namespaces.go index 8de32da30..73b240a73 100644 --- a/pkg/webhook/route/namespaces.go +++ b/pkg/webhook/route/namespaces.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/namespaces,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=namespaces,verbs=create;update;delete,versions=v1,name=namespaces.capsule.clastix.io diff --git a/pkg/webhook/route/networkpolicies.go b/pkg/webhook/route/networkpolicies.go index 20f928251..7c86fadb4 100644 --- a/pkg/webhook/route/networkpolicies.go +++ b/pkg/webhook/route/networkpolicies.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/networkpolicies,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="networking.k8s.io",resources=networkpolicies,verbs=update;delete,versions=v1,name=networkpolicies.capsule.clastix.io diff --git a/pkg/webhook/route/node.go b/pkg/webhook/route/node.go index 13dcbe20d..11d5c3aae 100644 --- a/pkg/webhook/route/node.go +++ b/pkg/webhook/route/node.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/nodes,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=nodes,verbs=update,versions=v1,name=nodes.capsule.clastix.io diff --git a/pkg/webhook/route/ownerreference.go b/pkg/webhook/route/ownerreference.go index 9fb903a21..115f52084 100644 --- a/pkg/webhook/route/ownerreference.go +++ b/pkg/webhook/route/ownerreference.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/namespace-owner-reference,mutating=true,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=namespaces,verbs=create;update,versions=v1,name=owner.namespace.capsule.clastix.io diff --git a/pkg/webhook/route/pods.go b/pkg/webhook/route/pods.go index e704567d8..fdad1a731 100644 --- a/pkg/webhook/route/pods.go +++ b/pkg/webhook/route/pods.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/pods,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=pods.capsule.clastix.io diff --git a/pkg/webhook/route/pvc.go b/pkg/webhook/route/pvc.go index 2892e0648..8c361b027 100644 --- a/pkg/webhook/route/pvc.go +++ b/pkg/webhook/route/pvc.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/persistentvolumeclaims,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=persistentvolumeclaims,verbs=create,versions=v1,name=pvc.capsule.clastix.io diff --git a/pkg/webhook/route/services.go b/pkg/webhook/route/services.go index c4f8dac8c..3040872f8 100644 --- a/pkg/webhook/route/services.go +++ b/pkg/webhook/route/services.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/services,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="",resources=services,verbs=create;update,versions=v1,name=services.capsule.clastix.io diff --git a/pkg/webhook/route/tenantresource_objs.go b/pkg/webhook/route/tenantresource_objs.go index b1e8e3cc2..00c3fb6b4 100644 --- a/pkg/webhook/route/tenantresource_objs.go +++ b/pkg/webhook/route/tenantresource_objs.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/tenantresource-objects,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="*",resources="*",verbs=update;delete,versions="*",name=resource-objects.tenant.capsule.clastix.io diff --git a/pkg/webhook/route/tenants.go b/pkg/webhook/route/tenants.go index 8059c8f71..05e12f629 100644 --- a/pkg/webhook/route/tenants.go +++ b/pkg/webhook/route/tenants.go @@ -4,7 +4,7 @@ package route import ( - capsulewebhook "github.com/clastix/capsule/pkg/webhook" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" ) // +kubebuilder:webhook:path=/tenants,mutating=false,sideEffects=None,admissionReviewVersions=v1,failurePolicy=fail,groups="capsule.clastix.io",resources=tenants,verbs=create;update;delete,versions=v1beta2,name=tenants.capsule.clastix.io diff --git a/pkg/webhook/service/errors.go b/pkg/webhook/service/errors.go index c85cb65b6..ebb190c51 100644 --- a/pkg/webhook/service/errors.go +++ b/pkg/webhook/service/errors.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) type externalServiceIPForbiddenError struct { diff --git a/pkg/webhook/service/validating.go b/pkg/webhook/service/validating.go index 3dda98bb8..845a416dd 100644 --- a/pkg/webhook/service/validating.go +++ b/pkg/webhook/service/validating.go @@ -14,9 +14,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type handler struct{} diff --git a/pkg/webhook/tenant/containerregistry_regex.go b/pkg/webhook/tenant/containerregistry_regex.go index 2445e896b..a0ee1c1e9 100644 --- a/pkg/webhook/tenant/containerregistry_regex.go +++ b/pkg/webhook/tenant/containerregistry_regex.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type containerRegistryRegexHandler struct{} diff --git a/pkg/webhook/tenant/cordoning.go b/pkg/webhook/tenant/cordoning.go index 13b6a3f8c..8c4d802fa 100644 --- a/pkg/webhook/tenant/cordoning.go +++ b/pkg/webhook/tenant/cordoning.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/configuration" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/configuration" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type cordoningHandler struct { diff --git a/pkg/webhook/tenant/custom_resource_quota.go b/pkg/webhook/tenant/custom_resource_quota.go index e18ccbb94..2afbbfd2b 100644 --- a/pkg/webhook/tenant/custom_resource_quota.go +++ b/pkg/webhook/tenant/custom_resource_quota.go @@ -16,9 +16,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type resourceCounterHandler struct { diff --git a/pkg/webhook/tenant/forbidden_annotations_regex.go b/pkg/webhook/tenant/forbidden_annotations_regex.go index 3cfb79f28..f01aff612 100644 --- a/pkg/webhook/tenant/forbidden_annotations_regex.go +++ b/pkg/webhook/tenant/forbidden_annotations_regex.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type forbiddenAnnotationsRegexHandler struct{} diff --git a/pkg/webhook/tenant/freezed_emitter.go b/pkg/webhook/tenant/freezed_emitter.go index a4c2d2288..1617ed290 100644 --- a/pkg/webhook/tenant/freezed_emitter.go +++ b/pkg/webhook/tenant/freezed_emitter.go @@ -11,9 +11,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type freezedEmitterHandler struct{} diff --git a/pkg/webhook/tenant/hostname_regex.go b/pkg/webhook/tenant/hostname_regex.go index 23c68dc54..ef7e8dfbc 100644 --- a/pkg/webhook/tenant/hostname_regex.go +++ b/pkg/webhook/tenant/hostname_regex.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type hostnameRegexHandler struct{} diff --git a/pkg/webhook/tenant/ingressclass_regex.go b/pkg/webhook/tenant/ingressclass_regex.go index e33493388..c012dccd3 100644 --- a/pkg/webhook/tenant/ingressclass_regex.go +++ b/pkg/webhook/tenant/ingressclass_regex.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type ingressClassRegexHandler struct{} diff --git a/pkg/webhook/tenant/name.go b/pkg/webhook/tenant/name.go index 96ab98b30..b79db0607 100644 --- a/pkg/webhook/tenant/name.go +++ b/pkg/webhook/tenant/name.go @@ -11,9 +11,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type nameHandler struct{} diff --git a/pkg/webhook/tenant/protected.go b/pkg/webhook/tenant/protected.go index 72d3612f7..8dcff5bed 100644 --- a/pkg/webhook/tenant/protected.go +++ b/pkg/webhook/tenant/protected.go @@ -11,9 +11,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type protectedHandler struct{} diff --git a/pkg/webhook/tenant/rolebindings_regex.go b/pkg/webhook/tenant/rolebindings_regex.go index cb7a655ca..717d7c66c 100644 --- a/pkg/webhook/tenant/rolebindings_regex.go +++ b/pkg/webhook/tenant/rolebindings_regex.go @@ -14,9 +14,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type rbRegexHandler struct{} diff --git a/pkg/webhook/tenant/serviceaccount_format.go b/pkg/webhook/tenant/serviceaccount_format.go index 6a394b152..487d1d7f6 100644 --- a/pkg/webhook/tenant/serviceaccount_format.go +++ b/pkg/webhook/tenant/serviceaccount_format.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type saNameHandler struct{} diff --git a/pkg/webhook/tenant/storageclass_regex.go b/pkg/webhook/tenant/storageclass_regex.go index 9719ea6a3..30b78fc39 100644 --- a/pkg/webhook/tenant/storageclass_regex.go +++ b/pkg/webhook/tenant/storageclass_regex.go @@ -12,9 +12,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type storageClassRegexHandler struct{} diff --git a/pkg/webhook/tenantresource/objects.go b/pkg/webhook/tenantresource/objects.go index 6398d9218..daaa7447e 100644 --- a/pkg/webhook/tenantresource/objects.go +++ b/pkg/webhook/tenantresource/objects.go @@ -14,10 +14,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/indexer/tenantresource" - capsulewebhook "github.com/clastix/capsule/pkg/webhook" - "github.com/clastix/capsule/pkg/webhook/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/indexer/tenantresource" + capsulewebhook "github.com/projectcapsule/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/webhook/utils" ) type cordoningHandler struct{} diff --git a/pkg/webhook/utils/error.go b/pkg/webhook/utils/error.go index fe137ee9a..8406ab460 100644 --- a/pkg/webhook/utils/error.go +++ b/pkg/webhook/utils/error.go @@ -10,7 +10,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/clastix/capsule/pkg/api" + "github.com/projectcapsule/capsule/pkg/api" ) func ErroredResponse(err error) *admission.Response { diff --git a/pkg/webhook/utils/in_capsule_groups.go b/pkg/webhook/utils/in_capsule_groups.go index 9089cec78..e26bb2d22 100644 --- a/pkg/webhook/utils/in_capsule_groups.go +++ b/pkg/webhook/utils/in_capsule_groups.go @@ -10,8 +10,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/clastix/capsule/pkg/configuration" - "github.com/clastix/capsule/pkg/webhook" + "github.com/projectcapsule/capsule/pkg/configuration" + "github.com/projectcapsule/capsule/pkg/webhook" ) func InCapsuleGroups(configuration configuration.Configuration, handlers ...webhook.Handler) webhook.Handler { diff --git a/pkg/webhook/utils/is_capsule_user.go b/pkg/webhook/utils/is_capsule_user.go index bcd607c49..e35d9677f 100644 --- a/pkg/webhook/utils/is_capsule_user.go +++ b/pkg/webhook/utils/is_capsule_user.go @@ -12,15 +12,15 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" - "github.com/clastix/capsule/pkg/utils" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" + "github.com/projectcapsule/capsule/pkg/utils" ) func IsCapsuleUser(ctx context.Context, req admission.Request, clt client.Client, userGroups []string) bool { groupList := utils.NewUserGroupList(req.UserInfo.Groups) // if the user is a ServiceAccount belonging to the kube-system namespace, definitely, it's not a Capsule user // and we can skip the check in case of Capsule user group assigned to system:authenticated - // (ref: https://github.com/clastix/capsule/issues/234) + // (ref: https://github.com/projectcapsule/capsule/issues/234) if groupList.Find("system:serviceaccounts:kube-system") { return false } diff --git a/pkg/webhook/utils/is_tenant_owner.go b/pkg/webhook/utils/is_tenant_owner.go index bd14f9a4f..62c0ceb3b 100644 --- a/pkg/webhook/utils/is_tenant_owner.go +++ b/pkg/webhook/utils/is_tenant_owner.go @@ -6,7 +6,7 @@ package utils import ( authenticationv1 "k8s.io/api/authentication/v1" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) func IsTenantOwner(owners capsulev1beta2.OwnerListSpec, userInfo authenticationv1.UserInfo) bool { diff --git a/pkg/webhook/utils/tenant_by_field.go b/pkg/webhook/utils/tenant_by_field.go index 3c9af276a..8f01a95f2 100644 --- a/pkg/webhook/utils/tenant_by_field.go +++ b/pkg/webhook/utils/tenant_by_field.go @@ -9,7 +9,7 @@ import ( "k8s.io/apimachinery/pkg/fields" "sigs.k8s.io/controller-runtime/pkg/client" - capsulev1beta2 "github.com/clastix/capsule/api/v1beta2" + capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2" ) func TenantByStatusNamespace(ctx context.Context, c client.Client, namespace string) (*capsulev1beta2.Tenant, error) { From 7ea8ff632764688113e87ef4cb72690fbeb0d5bb Mon Sep 17 00:00:00 2001 From: Dario Tranchitella Date: Mon, 16 Oct 2023 13:58:41 +0200 Subject: [PATCH 031/103] docs: moving to new neutral organization Signed-off-by: Dario Tranchitella --- README.md | 8 ++++---- docs/content/contributing/development.md | 6 +++--- docs/content/contributing/governance.md | 2 +- docs/content/contributing/guidelines.md | 6 +++--- docs/content/contributing/release.md | 2 +- docs/content/general/getting-started.md | 6 +++--- docs/content/general/lens.md | 2 +- docs/content/general/proxy.md | 2 +- docs/content/guides/flux2-capsule.md | 4 ++-- docs/content/guides/monitoring.md | 6 +++--- docs/content/guides/upgrading.md | 6 +++--- docs/src/components/AppFooter.vue | 2 +- docs/src/components/AppNavbar.vue | 2 +- 13 files changed, 27 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 4ef97db40..7f28e7bf8 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@

- + - + @@ -94,7 +94,7 @@ make helm-docs ## Community -Join the community, share and learn from it. You can find all the resources to how to contribute code and docs, connect with people in the [community repository](https://github.com/clastix/capsule-community). +Join the community, share and learn from it. You can find all the resources to how to contribute code and docs, connect with people in the [community repository](https://github.com/projectcapsule/capsule-community). Please read the [code of conduct](CODE_OF_CONDUCT.md). @@ -122,7 +122,7 @@ Please, refer to the [documentation page](https://capsule.clastix.io/docs/contri - Q. Is it production grade? - A. Although under frequent development and improvements, Capsule is ready to be used in production environments as currently, people are using it in public and private deployments. Check out the [release](https://github.com/clastix/capsule/releases) page for a detailed list of available versions. + A. Although under frequent development and improvements, Capsule is ready to be used in production environments as currently, people are using it in public and private deployments. Check out the [release](https://github.com/projectcapsule/capsule/releases) page for a detailed list of available versions. - Q. Does it work with my Kubernetes XYZ distribution? diff --git a/docs/content/contributing/development.md b/docs/content/contributing/development.md index e56ff8f57..43184ffed 100644 --- a/docs/content/contributing/development.md +++ b/docs/content/contributing/development.md @@ -107,12 +107,12 @@ $ git clone git@github.com:myuser/capsule.git && cd capsule It's a good practice to add the upstream as the remote too so we can easily fetch and merge the upstream to our fork: ```shell -$ git remote add upstream https://github.com/clastix/capsule.git +$ git remote add upstream https://github.com/projectcapsule/capsule.git $ git remote -vv origin git@github.com:myuser/capsule.git (fetch) origin git@github.com:myuser/capsule.git (push) -upstream https://github.com/clastix/capsule.git (fetch) -upstream https://github.com/clastix/capsule.git (push) +upstream https://github.com/projectcapsule/capsule.git (fetch) +upstream https://github.com/projectcapsule/capsule.git (push) ``` Pull all tags diff --git a/docs/content/contributing/governance.md b/docs/content/contributing/governance.md index 6c9af9b07..6c012d881 100644 --- a/docs/content/contributing/governance.md +++ b/docs/content/contributing/governance.md @@ -17,7 +17,7 @@ In the context of Capsule project, we consider the following roles: The release process will be governed by Maintainers. -Please, refer to the [maintainers file](https://github.com/clastix/capsule/blob/master/.github/maintainers.yaml) available in the source code. +Please, refer to the [maintainers file](https://github.com/projectcapsule/capsule/blob/master/.github/maintainers.yaml) available in the source code. ## Roadmap Planning diff --git a/docs/content/contributing/guidelines.md b/docs/content/contributing/guidelines.md index 5d1016972..e6ac97175 100644 --- a/docs/content/contributing/guidelines.md +++ b/docs/content/contributing/guidelines.md @@ -59,7 +59,7 @@ You can easily check them issuing the _Make_ recipe `golint`. golangci-lint run -c .golangci.yml ``` -> Enabled linters and related options are defined in the [.golanci.yml file](https://github.com/clastix/capsule/blob/master/.golangci.yml) +> Enabled linters and related options are defined in the [.golanci.yml file](https://github.com/projectcapsule/capsule/blob/master/.golangci.yml) ### goimports @@ -77,7 +77,7 @@ To help you out you can use the _Make_ recipe `goimports` ``` # make goimports -goimports -w -l -local "github.com/clastix/capsule" . +goimports -w -l -local "github.com/projectcapsule/capsule" . ``` ## Finding contributions to work on @@ -108,4 +108,4 @@ Please, add a new single line at end of any file as the current coding style. ## Licensing -See the [LICENSE](https://github.com/clastix/capsule/blob/master/LICENSE) file for our project's licensing. We can ask you to confirm the licensing of your contribution. +See the [LICENSE](https://github.com/projectcapsule/capsule/blob/master/LICENSE) file for our project's licensing. We can ask you to confirm the licensing of your contribution. diff --git a/docs/content/contributing/release.md b/docs/content/contributing/release.md index aadf6a1fd..668ab31f4 100644 --- a/docs/content/contributing/release.md +++ b/docs/content/contributing/release.md @@ -28,7 +28,7 @@ This will trigger a _GitHub Action_ which builds a multi-arch container image, t ## Helm Chart hosting -The suggested installation tool is [Helm](https://helm.sh), and the Capsule chart is hosted in the [GitHub repository](https://github.com/clastix/capsule/tree/master/charts/capsule). +The suggested installation tool is [Helm](https://helm.sh), and the Capsule chart is hosted in the [GitHub repository](https://github.com/projectcapsule/capsule/tree/master/charts/capsule). For each Helm Chart release, a tit tag with the prefix `helm-v` will be issued to help developers to address the corresponding commit. The built Helm Charts are then automatically pushed upon tag release to the [CLASTIX Helm repository](https://clastix.github.io/charts). diff --git a/docs/content/general/getting-started.md b/docs/content/general/getting-started.md index 5eed91215..979e99e20 100644 --- a/docs/content/general/getting-started.md +++ b/docs/content/general/getting-started.md @@ -9,7 +9,7 @@ Make sure you have access to a Kubernetes cluster as administrator. There are two ways to install Capsule: * Use the [single YAML file installer](https://raw.githubusercontent.com/clastix/capsule/master/config/install.yaml) -* Use the [Capsule Helm Chart](https://github.com/clastix/capsule/blob/master/charts/capsule/README.md) +* Use the [Capsule Helm Chart](https://github.com/projectcapsule/capsule/blob/master/charts/capsule/README.md) ### Install with the single YAML file installer @@ -23,7 +23,7 @@ It will install the Capsule controller in a dedicated namespace `capsule-system` ### Install with Helm Chart -Please, refer to the instructions reported in the Capsule Helm Chart [README](https://github.com/clastix/capsule/blob/master/charts/capsule/README.md). +Please, refer to the instructions reported in the Capsule Helm Chart [README](https://github.com/projectcapsule/capsule/blob/master/charts/capsule/README.md). ## Create your first Tenant @@ -74,7 +74,7 @@ Users authenticated through an _OIDC token_ must have in their token: ] ``` -The [hack/create-user.sh](https://github.com/clastix/capsule/blob/master/hack/create-user.sh) can help you set up a dummy `kubeconfig` for the `alice` user acting as owner of a tenant called `oil` +The [hack/create-user.sh](https://github.com/projectcapsule/capsule/blob/master/hack/create-user.sh) can help you set up a dummy `kubeconfig` for the `alice` user acting as owner of a tenant called `oil` ```bash ./hack/create-user.sh alice oil diff --git a/docs/content/general/lens.md b/docs/content/general/lens.md index ec96f8ad8..9db9ff142 100644 --- a/docs/content/general/lens.md +++ b/docs/content/general/lens.md @@ -8,4 +8,4 @@ Capsule extension for Lens provides these capabilities: - See tenant details and change through the embedded Lens editor - Check Resources Quota and Budget at both the tenant and namespace level -Please, see the [README](https://github.com/clastix/capsule-lens-extension) for details about the installation of the Capsule Lens Extension. +Please, see the [README](https://github.com/projectcapsule/capsule-lens-extension) for details about the installation of the Capsule Lens Extension. diff --git a/docs/content/general/proxy.md b/docs/content/general/proxy.md index 246a2193a..237df36ae 100644 --- a/docs/content/general/proxy.md +++ b/docs/content/general/proxy.md @@ -138,7 +138,7 @@ Each Resource kind can be granted with several verbs, such as: ## Cluster-scoped resources selection strategy precedence -Starting from [Capsule v0.2.0](https://github.com/clastix/capsule/releases/tag/v0.2.0), selection of cluster-scoped resources based on labels has been introduced. +Starting from [Capsule v0.2.0](https://github.com/projectcapsule/capsule/releases/tag/v0.2.0), selection of cluster-scoped resources based on labels has been introduced. Due to the limitations of Kubernetes API Server which not support `OR` label selector, the Capsule core team decided to give precedence to the label selector over the exact and regex match. diff --git a/docs/content/guides/flux2-capsule.md b/docs/content/guides/flux2-capsule.md index 6aa9ca02b..fac1baeb1 100644 --- a/docs/content/guides/flux2-capsule.md +++ b/docs/content/guides/flux2-capsule.md @@ -180,7 +180,7 @@ To deepen on this please go to [#Insights](#insights). ### How to setup Tenants GitOps-ready -Given that [Capsule](github.com/clastix/capsule) and [Capsule Proxy](github.com/clastix/capsule-proxy) are installed, and [Flux v2](https://github.com/fluxcd/flux2) configured with [multi-tenancy lockdown](https://fluxcd.io/docs/installation/#multi-tenancy-lockdown) features, of which the patch below: +Given that [Capsule](github.com/projectcapsule/capsule) and [Capsule Proxy](github.com/clastix/capsule-proxy) are installed, and [Flux v2](https://github.com/fluxcd/flux2) configured with [multi-tenancy lockdown](https://fluxcd.io/docs/installation/#multi-tenancy-lockdown) features, of which the patch below: ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 @@ -435,7 +435,7 @@ For other protections against threats in this multi-tenancy scenario please see - https://fluxcd.io/docs/installation/#multi-tenancy-lockdown - https://fluxcd.io/blog/2022/05/may-2022-security-announcement/ - https://github.com/clastix/capsule-proxy/issues/218 -- https://github.com/clastix/capsule/issues/528 +- https://github.com/projectcapsule/capsule/issues/528 - https://github.com/clastix/flux2-capsule-multi-tenancy - https://github.com/fluxcd/flux2-multi-tenancy - https://fluxcd.io/docs/guides/repository-structure/ diff --git a/docs/content/guides/monitoring.md b/docs/content/guides/monitoring.md index 9f92f0d84..113a146dd 100644 --- a/docs/content/guides/monitoring.md +++ b/docs/content/guides/monitoring.md @@ -18,7 +18,7 @@ To fastly deploy this monitoring stack, consider installing the [Prometheus Oper ## Quick Start -The Capsule Helm [charts](https://github.com/clastix/capsule/tree/master/charts/capsule) allow you to automatically create Kubernetes minimum resources needed for the proper functioning of the dashboard: +The Capsule Helm [charts](https://github.com/projectcapsule/capsule/tree/master/charts/capsule) allow you to automatically create Kubernetes minimum resources needed for the proper functioning of the dashboard: * ServiceMonitor * Role @@ -38,7 +38,7 @@ serviceMonitor: name: namespace: ``` -Take a look at the Helm charts [README.md](https://github.com/clastix/capsule/blob/master/charts/capsule/README.md#customize-the-installation) file for further customization. +Take a look at the Helm charts [README.md](https://github.com/projectcapsule/capsule/blob/master/charts/capsule/README.md#customize-the-installation) file for further customization. ### Check Service Monitor @@ -47,7 +47,7 @@ Verify that the service monitor is working correctly through the Prometheus "tar ![Prometheus Targets](./assets/prometheus_targets.png) ### Deploy dashboard -A dashboard for Grafana is provided as [dashboard.json](https://github.com/clastix/capsule/blob/master/config/grafana/dashboard.json). +A dashboard for Grafana is provided as [dashboard.json](https://github.com/projectcapsule/capsule/blob/master/config/grafana/dashboard.json). Render with `kustomize` the dashboard as a ConfigMap and apply in the namespace where Grafana is installed, making sure to select the correct Prometheus datasource: diff --git a/docs/content/guides/upgrading.md b/docs/content/guides/upgrading.md index caa6f1a99..f68d4dc0f 100644 --- a/docs/content/guides/upgrading.md +++ b/docs/content/guides/upgrading.md @@ -2,9 +2,9 @@ List of Tenant API changes: -- [Capsule v0.1.0](https://github.com/clastix/capsule/releases/tag/v0.1.0) bump to `v1beta1` from `v1alpha1`. -- [Capsule v0.2.0](https://github.com/clastix/capsule/releases/tag/v0.2.0) bump to `v1beta2` from `v1beta1`, deprecating `v1alpha1`. -- [Capsule v0.3.0](https://github.com/clastix/capsule/releases/tag/v0.3.0) missing enums required by [Capsule Proxy](https://github.com/clastix/capsule-proxy). +- [Capsule v0.1.0](https://github.com/projectcapsule/capsule/releases/tag/v0.1.0) bump to `v1beta1` from `v1alpha1`. +- [Capsule v0.2.0](https://github.com/projectcapsule/capsule/releases/tag/v0.2.0) bump to `v1beta2` from `v1beta1`, deprecating `v1alpha1`. +- [Capsule v0.3.0](https://github.com/projectcapsule/capsule/releases/tag/v0.3.0) missing enums required by [Capsule Proxy](https://github.com/clastix/capsule-proxy). This document aims to provide support and a guide on how to perform a clean upgrade to the latest API version in order to avoid service disruption and data loss. diff --git a/docs/src/components/AppFooter.vue b/docs/src/components/AppFooter.vue index 910fc08be..2d2f62787 100644 --- a/docs/src/components/AppFooter.vue +++ b/docs/src/components/AppFooter.vue @@ -17,7 +17,7 @@