15d336272e
Fix PSP volumes error message
2016-09-01 15:55:34 -07:00
3808243b9e
Append "AppArmor enabled" to the Node ready condition message
2016-08-31 09:27:47 -07:00
3c23d68b66
Merge pull request #31471 from timstclair/aa-beta
...
Automatic merge from submit-queue
[AppArmor] Promote AppArmor annotations to beta
Justification for promoting AppArmor to beta:
1. We will provide an upgrade path to GA
2. We don't anticipate any major changes to the design, and will continue to invest in this feature
3. We will thoroughly test it. If any serious issues are uncovered we can reevaluate, and we're committed to fixing them.
4. We plan to provide beta-level support for the feature anyway (responding quickly to issues).
Note that this does not include the yet-to-be-merged status annotation (https://github.com/kubernetes/kubernetes/pull/31382 ). I'd like to propose keeping that one alpha for now because I'm not sure the PodStatus is the right long-term home for it (I think a separate monitoring channel, e.g. cAdvisor, would be a better solution).
/cc @thockin @matchstick @erictune
2016-08-28 12:19:56 -07:00
9bde6f0770
Add AppArmor feature gate
2016-08-25 17:40:18 -07:00
a5b7212453
Promote AppArmor annotations to beta
2016-08-25 15:40:32 -07:00
ed36baed20
Add sysctl PodSecurityPolicy support
2016-08-25 13:22:01 +02:00
dea4b0226d
support Azure data disk volume
...
Signed-off-by: Huamin Chen <hchen@redhat.com>
2016-08-23 13:23:07 +00:00
293770ef31
AppArmor PodSecurityPolicy implementation
2016-08-21 23:10:45 -07:00
f94df59791
Remove apparmor dependency on pkg/kubelet/lifecycle
2016-08-21 20:59:11 -07:00
eed42380f9
Initial Quobyte support
2016-08-18 17:13:50 +02:00
c99d7fddc1
Add alpha annotations support to the PodSecurityPolicy provider
2016-08-17 10:14:36 -07:00
db6629228f
Add AppArmor E2E test
2016-08-15 13:25:22 -07:00
3c7896719b
Implement AppArmor Kubelet support
2016-08-15 13:25:17 -07:00
2c28b88efb
Merge pull request #29812 from timstclair/aa-validation
...
Automatic merge from submit-queue
Add AppArmor validation logic
The validation checks the prerequisites described in the [AppArmor proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/apparmor.md#prerequisites ).
In order to unblock the AppArmor implementation from waiting on the APIs to merge, this PR uses 2 helper stubs for handling the Pod API.
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.kubernetes.io/review_button.svg " height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.kubernetes.io/reviews/kubernetes/kubernetes/29812 )
<!-- Reviewable:end -->
2016-08-11 15:49:55 -07:00
bdc306bbfe
Add AppArmor validation logic
...
The validation checks the prerequisites described in the [AppArmor
proposal](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/apparmor.md#prerequisites )
2016-08-11 10:31:25 -07:00
c0f4bd38ff
enable golint for pkg/security/podsecuritypolicy/capabilities
...
Signed-off-by: Jess Frazelle <me@jessfraz.com>
2016-08-10 16:46:19 -07:00
c88a07ce1a
Run goimports
2016-08-02 15:12:39 +03:00
3301f6d14f
Merge pull request #29356 from smarterclayton/init_containers
...
Automatic merge from submit-queue
LimitRanger and PodSecurityPolicy need to check more on init containers
Container limits not applied to init containers. HostPorts not checked on podsecuritypolicy
@pweil- @derekwaynecarr
2016-07-27 16:09:34 -07:00
66e7257a81
Add package docs for pod security policy
2016-07-22 13:35:37 -04:00
affd79fdc0
InitContainers are not checked for hostPort ranges
...
PodSecurityPolicy must verify that host port ranges are guarded on init
containers.
2016-07-20 23:19:34 -04:00
2b0ed014b7
Use Go canonical import paths
...
Add canonical imports only in existing doc.go files.
https://golang.org/doc/go1.4#canonicalimports
Fixes #29014
2016-07-16 13:48:21 -04:00
ef0c9f0c5b
Remove "All rights reserved" from all the headers.
2016-06-29 17:47:36 -07:00
11397654b6
Adding volume plugin to api/v1 and updating auto-generated files
2016-05-21 12:53:03 -07:00
56193b7140
PSP types
2016-05-11 18:07:35 -04:00
Tim St. Clair
