├── .dockerignore ├── .gitignore ├── .travis.yml ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── config.go ├── e2e_test.go ├── glide.lock ├── glide.yaml ├── ingress_crosscheck_test.go ├── ingress_e2e_test.go ├── ingress_unit_test.go ├── kube_client.go ├── main.go ├── scanner.go ├── scheme.go ├── serve.go ├── test ├── create-signed-cert.sh ├── manifests │ ├── cronjob-complete-annotation-whitelist.yaml │ ├── cronjob-complete.yaml │ ├── cronjob-incomplete.yaml │ ├── cronjob-zero.yaml │ ├── deployment-complete-annotation-whitelist.yaml │ ├── deployment-complete.yaml │ ├── deployment-incomplete.yaml │ ├── deployment-zero.yaml │ ├── ingress-collision-path.yaml │ ├── ingress-collision-tls.yaml │ ├── ingress-no-collision.yaml │ ├── ingress-valid.yaml │ ├── invalid-deployment-update-01-zero.yaml │ ├── invalid-deployment-update-02-complete.yaml │ ├── job-complete-annotation-whitelist.yaml │ ├── job-complete.yaml │ ├── job-incomplete.yaml │ ├── job-zero.yaml │ ├── namespace.yaml │ ├── pod-complete.yaml │ ├── pod-custom-annot-prefix-default.yaml │ ├── pod-custom-annot-prefix-set.yaml │ ├── pod-custom-annot-prefix-wrong.yaml │ ├── pod-incomplete.yaml │ ├── pod-readonly-rootfs-annotation-false.yaml │ ├── pod-readonly-rootfs-annotation-missing.yaml │ ├── pod-readonly-rootfs-annotation-whitelist.yaml │ ├── pod-readonly-rootfs-false.yaml │ ├── pod-readonly-rootfs-missing.yaml │ ├── pod-zero.yaml │ ├── statefulset-complete-annotation-whitelist.yaml │ ├── statefulset-complete.yaml │ ├── statefulset-incomplete.yaml │ └── statefulset-zero.yaml └── webhook.template.yaml ├── utils_test.go ├── validation.go ├── validation_ingress.go └── webhook.go /.dockerignore: -------------------------------------------------------------------------------- 1 | vendor 2 | test -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/.gitignore -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/.travis.yml -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/README.md -------------------------------------------------------------------------------- /config.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/config.go -------------------------------------------------------------------------------- /e2e_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/e2e_test.go -------------------------------------------------------------------------------- /glide.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/glide.lock -------------------------------------------------------------------------------- /glide.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/glide.yaml -------------------------------------------------------------------------------- /ingress_crosscheck_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/ingress_crosscheck_test.go -------------------------------------------------------------------------------- /ingress_e2e_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/ingress_e2e_test.go -------------------------------------------------------------------------------- /ingress_unit_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/ingress_unit_test.go -------------------------------------------------------------------------------- /kube_client.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/kube_client.go -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/main.go -------------------------------------------------------------------------------- /scanner.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/scanner.go -------------------------------------------------------------------------------- /scheme.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/scheme.go -------------------------------------------------------------------------------- /serve.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/serve.go -------------------------------------------------------------------------------- /test/create-signed-cert.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/create-signed-cert.sh -------------------------------------------------------------------------------- /test/manifests/cronjob-complete-annotation-whitelist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/cronjob-complete-annotation-whitelist.yaml -------------------------------------------------------------------------------- /test/manifests/cronjob-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/cronjob-complete.yaml -------------------------------------------------------------------------------- /test/manifests/cronjob-incomplete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/cronjob-incomplete.yaml -------------------------------------------------------------------------------- /test/manifests/cronjob-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/cronjob-zero.yaml -------------------------------------------------------------------------------- /test/manifests/deployment-complete-annotation-whitelist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/deployment-complete-annotation-whitelist.yaml -------------------------------------------------------------------------------- /test/manifests/deployment-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/deployment-complete.yaml -------------------------------------------------------------------------------- /test/manifests/deployment-incomplete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/deployment-incomplete.yaml -------------------------------------------------------------------------------- /test/manifests/deployment-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/deployment-zero.yaml -------------------------------------------------------------------------------- /test/manifests/ingress-collision-path.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/ingress-collision-path.yaml -------------------------------------------------------------------------------- /test/manifests/ingress-collision-tls.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/ingress-collision-tls.yaml -------------------------------------------------------------------------------- /test/manifests/ingress-no-collision.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/ingress-no-collision.yaml -------------------------------------------------------------------------------- /test/manifests/ingress-valid.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/ingress-valid.yaml -------------------------------------------------------------------------------- /test/manifests/invalid-deployment-update-01-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/invalid-deployment-update-01-zero.yaml -------------------------------------------------------------------------------- /test/manifests/invalid-deployment-update-02-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/invalid-deployment-update-02-complete.yaml -------------------------------------------------------------------------------- /test/manifests/job-complete-annotation-whitelist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/job-complete-annotation-whitelist.yaml -------------------------------------------------------------------------------- /test/manifests/job-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/job-complete.yaml -------------------------------------------------------------------------------- /test/manifests/job-incomplete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/job-incomplete.yaml -------------------------------------------------------------------------------- /test/manifests/job-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/job-zero.yaml -------------------------------------------------------------------------------- /test/manifests/namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/namespace.yaml -------------------------------------------------------------------------------- /test/manifests/pod-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-complete.yaml -------------------------------------------------------------------------------- /test/manifests/pod-custom-annot-prefix-default.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-custom-annot-prefix-default.yaml -------------------------------------------------------------------------------- /test/manifests/pod-custom-annot-prefix-set.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-custom-annot-prefix-set.yaml -------------------------------------------------------------------------------- /test/manifests/pod-custom-annot-prefix-wrong.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-custom-annot-prefix-wrong.yaml -------------------------------------------------------------------------------- /test/manifests/pod-incomplete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-incomplete.yaml -------------------------------------------------------------------------------- /test/manifests/pod-readonly-rootfs-annotation-false.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-readonly-rootfs-annotation-false.yaml -------------------------------------------------------------------------------- /test/manifests/pod-readonly-rootfs-annotation-missing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-readonly-rootfs-annotation-missing.yaml -------------------------------------------------------------------------------- /test/manifests/pod-readonly-rootfs-annotation-whitelist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-readonly-rootfs-annotation-whitelist.yaml -------------------------------------------------------------------------------- /test/manifests/pod-readonly-rootfs-false.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-readonly-rootfs-false.yaml -------------------------------------------------------------------------------- /test/manifests/pod-readonly-rootfs-missing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-readonly-rootfs-missing.yaml -------------------------------------------------------------------------------- /test/manifests/pod-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/pod-zero.yaml -------------------------------------------------------------------------------- /test/manifests/statefulset-complete-annotation-whitelist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/statefulset-complete-annotation-whitelist.yaml -------------------------------------------------------------------------------- /test/manifests/statefulset-complete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/statefulset-complete.yaml -------------------------------------------------------------------------------- /test/manifests/statefulset-incomplete.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/statefulset-incomplete.yaml -------------------------------------------------------------------------------- /test/manifests/statefulset-zero.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/manifests/statefulset-zero.yaml -------------------------------------------------------------------------------- /test/webhook.template.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/test/webhook.template.yaml -------------------------------------------------------------------------------- /utils_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/utils_test.go -------------------------------------------------------------------------------- /validation.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/validation.go -------------------------------------------------------------------------------- /validation_ingress.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/validation_ingress.go -------------------------------------------------------------------------------- /webhook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/avast/k8s-admission-webhook/HEAD/webhook.go --------------------------------------------------------------------------------