github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-02 08:17:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #62545 from php-coder/psp_move_registry_to_policy

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 62650, 62303, 62545, 62375). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Move podsecuritypolicy registry to policy package

**What this PR does / why we need it:**
This is a part of the PSP migration from extensions to policy API group. This PR moves registry to policy package and changes preferred storage format to policy/v1beta1

**Which issue(s) this PR fixes:**
Addressed to https://github.com/kubernetes/features/issues/5
This commit is contained in:
Kubernetes Submit Queue 2018-04-16 13:56:10 -07:00 committed by GitHub
commit 7c0df535e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 18 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cmd/kube-apiserver/app/server.go
View File

@ -643,8 +643,7 @@ func BuildStorageFactory(s *options.ServerRunOptions, apiResourceConfig *servers
storageFactory.AddCohabitatingResources(apps.Resource("daemonsets"), extensions.Resource("daemonsets")) storageFactory.AddCohabitatingResources(apps.Resource("daemonsets"), extensions.Resource("daemonsets"))
storageFactory.AddCohabitatingResources(apps.Resource("replicasets"), extensions.Resource("replicasets")) storageFactory.AddCohabitatingResources(apps.Resource("replicasets"), extensions.Resource("replicasets"))
storageFactory.AddCohabitatingResources(api.Resource("events"), events.Resource("events")) storageFactory.AddCohabitatingResources(api.Resource("events"), events.Resource("events"))
// TODO(#54933): 1.11: switch to using policy storage and flip the order here storageFactory.AddCohabitatingResources(policy.Resource("podsecuritypolicies"), extensions.Resource("podsecuritypolicies"))
storageFactory.AddCohabitatingResources(extensions.Resource("podsecuritypolicies"), policy.Resource("podsecuritypolicies"))
for _, override := range s.Etcd.EtcdServersOverrides { for _, override := range s.Etcd.EtcdServersOverrides {
tokens := strings.Split(override, "#") tokens := strings.Split(override, "#")
apiresource := strings.Split(tokens[0], "/") apiresource := strings.Split(tokens[0], "/")

2
hack/test-update-storage-objects.sh
View File

@ -109,7 +109,7 @@ examples/persistent-volume-provisioning/rbd/rbd-storage-class.yaml,storageclasse
) )
KUBE_OLD_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1" KUBE_OLD_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1beta1,extensions/v1beta1"
KUBE_NEW_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1" KUBE_NEW_API_VERSION="networking.k8s.io/v1,storage.k8s.io/v1,extensions/v1beta1,policy/v1beta1"
KUBE_OLD_STORAGE_VERSIONS="storage.k8s.io/v1beta1" KUBE_OLD_STORAGE_VERSIONS="storage.k8s.io/v1beta1"
KUBE_NEW_STORAGE_VERSIONS="storage.k8s.io/v1" KUBE_NEW_STORAGE_VERSIONS="storage.k8s.io/v1"

2
pkg/registry/BUILD
View File

@ -70,11 +70,11 @@ filegroup(
"//pkg/registry/events/rest:all-srcs", "//pkg/registry/events/rest:all-srcs",
"//pkg/registry/extensions/controller/storage:all-srcs", "//pkg/registry/extensions/controller/storage:all-srcs",
"//pkg/registry/extensions/ingress:all-srcs", "//pkg/registry/extensions/ingress:all-srcs",
"//pkg/registry/extensions/podsecuritypolicy:all-srcs",
"//pkg/registry/extensions/rest:all-srcs", "//pkg/registry/extensions/rest:all-srcs",
"//pkg/registry/networking/networkpolicy:all-srcs", "//pkg/registry/networking/networkpolicy:all-srcs",
"//pkg/registry/networking/rest:all-srcs", "//pkg/registry/networking/rest:all-srcs",
"//pkg/registry/policy/poddisruptionbudget:all-srcs", "//pkg/registry/policy/poddisruptionbudget:all-srcs",
"//pkg/registry/policy/podsecuritypolicy:all-srcs",
"//pkg/registry/policy/rest:all-srcs", "//pkg/registry/policy/rest:all-srcs",
"//pkg/registry/rbac:all-srcs", "//pkg/registry/rbac:all-srcs",
"//pkg/registry/registrytest:all-srcs", "//pkg/registry/registrytest:all-srcs",

2
pkg/registry/extensions/rest/BUILD
View File

@ -17,8 +17,8 @@ go_library(
"//pkg/registry/apps/replicaset/storage:go_default_library", "//pkg/registry/apps/replicaset/storage:go_default_library",
"//pkg/registry/extensions/controller/storage:go_default_library", "//pkg/registry/extensions/controller/storage:go_default_library",
"//pkg/registry/extensions/ingress/storage:go_default_library", "//pkg/registry/extensions/ingress/storage:go_default_library",
"//pkg/registry/extensions/podsecuritypolicy/storage:go_default_library",
"//pkg/registry/networking/networkpolicy/storage:go_default_library", "//pkg/registry/networking/networkpolicy/storage:go_default_library",
"//pkg/registry/policy/podsecuritypolicy/storage:go_default_library",
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library", "//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",

6
pkg/registry/extensions/rest/storage_extensions.go
View File

@ -29,8 +29,8 @@ import (
replicasetstore "k8s.io/kubernetes/pkg/registry/apps/replicaset/storage" replicasetstore "k8s.io/kubernetes/pkg/registry/apps/replicaset/storage"
expcontrollerstore "k8s.io/kubernetes/pkg/registry/extensions/controller/storage" expcontrollerstore "k8s.io/kubernetes/pkg/registry/extensions/controller/storage"
ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage" ingressstore "k8s.io/kubernetes/pkg/registry/extensions/ingress/storage"
pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage"
networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage" networkpolicystore "k8s.io/kubernetes/pkg/registry/networking/networkpolicy/storage"
pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage"
) )
type RESTStorageProvider struct{} type RESTStorageProvider struct{}
@ -74,8 +74,8 @@ func (p RESTStorageProvider) v1beta1Storage(apiResourceConfigSource serverstorag
storage["ingresses/status"] = ingressStatusStorage storage["ingresses/status"] = ingressStatusStorage
// podsecuritypolicy // podsecuritypolicy
podSecurityExtensionsStorage := pspstore.NewREST(restOptionsGetter) podSecurityPolicyStorage := pspstore.NewREST(restOptionsGetter)
storage["podSecurityPolicies"] = podSecurityExtensionsStorage storage["podSecurityPolicies"] = podSecurityPolicyStorage
// replicasets // replicasets
replicaSetStorage := replicasetstore.NewStorage(restOptionsGetter) replicaSetStorage := replicasetstore.NewStorage(restOptionsGetter)

4
pkg/registry/extensions/podsecuritypolicy/BUILD → pkg/registry/policy/podsecuritypolicy/BUILD
View File

@ -11,7 +11,7 @@ go_library(
"doc.go", "doc.go",
"strategy.go", "strategy.go",
], ],
importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy", importpath = "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy",
deps = [ deps = [
"//pkg/api/legacyscheme:go_default_library", "//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/policy:go_default_library", "//pkg/apis/policy:go_default_library",
@ -35,7 +35,7 @@ filegroup(
name = "all-srcs", name = "all-srcs",
srcs = [ srcs = [
":package-srcs", ":package-srcs",
"//pkg/registry/extensions/podsecuritypolicy/storage:all-srcs", "//pkg/registry/policy/podsecuritypolicy/storage:all-srcs",
], ],
tags = ["automanaged"], tags = ["automanaged"],
) )

2
pkg/registry/extensions/podsecuritypolicy/doc.go → pkg/registry/policy/podsecuritypolicy/doc.go
View File

@ -16,4 +16,4 @@ limitations under the License.
// Package podsecuritypolicy provides Registry interface and its REST // Package podsecuritypolicy provides Registry interface and its REST
// implementation for storing PodSecurityPolicy api objects. // implementation for storing PodSecurityPolicy api objects.
package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy" package podsecuritypolicy // import "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"

5
pkg/registry/extensions/podsecuritypolicy/storage/BUILD → pkg/registry/policy/podsecuritypolicy/storage/BUILD
View File

@ -27,14 +27,13 @@ go_test(
go_library( go_library(
name = "go_default_library", name = "go_default_library",
srcs = ["storage.go"], srcs = ["storage.go"],
importpath = "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage", importpath = "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage",
deps = [ deps = [
"//pkg/apis/policy:go_default_library", "//pkg/apis/policy:go_default_library",
"//pkg/printers:go_default_library", "//pkg/printers:go_default_library",
"//pkg/printers/internalversion:go_default_library", "//pkg/printers/internalversion:go_default_library",
"//pkg/printers/storage:go_default_library", "//pkg/printers/storage:go_default_library",
"//pkg/registry/extensions/podsecuritypolicy:go_default_library", "//pkg/registry/policy/podsecuritypolicy:go_default_library",
"//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library",

5
pkg/registry/extensions/podsecuritypolicy/storage/storage.go → pkg/registry/policy/podsecuritypolicy/storage/storage.go
View File

@ -17,7 +17,6 @@ limitations under the License.
package storage package storage
import ( import (
extensions "k8s.io/api/extensions/v1beta1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apiserver/pkg/registry/generic" "k8s.io/apiserver/pkg/registry/generic"
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
@ -25,7 +24,7 @@ import (
"k8s.io/kubernetes/pkg/printers" "k8s.io/kubernetes/pkg/printers"
printersinternal "k8s.io/kubernetes/pkg/printers/internalversion" printersinternal "k8s.io/kubernetes/pkg/printers/internalversion"
printerstorage "k8s.io/kubernetes/pkg/printers/storage" printerstorage "k8s.io/kubernetes/pkg/printers/storage"
"k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy" "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy"
) )
// REST implements a RESTStorage for PodSecurityPolicies. // REST implements a RESTStorage for PodSecurityPolicies.
@ -38,7 +37,7 @@ func NewREST(optsGetter generic.RESTOptionsGetter) *REST {
store := &genericregistry.Store{ store := &genericregistry.Store{
NewFunc: func() runtime.Object { return &policy.PodSecurityPolicy{} }, NewFunc: func() runtime.Object { return &policy.PodSecurityPolicy{} },
NewListFunc: func() runtime.Object { return &policy.PodSecurityPolicyList{} }, NewListFunc: func() runtime.Object { return &policy.PodSecurityPolicyList{} },
DefaultQualifiedResource: extensions.Resource("podsecuritypolicies"), DefaultQualifiedResource: policy.Resource("podsecuritypolicies"),
CreateStrategy: podsecuritypolicy.Strategy, CreateStrategy: podsecuritypolicy.Strategy,
UpdateStrategy: podsecuritypolicy.Strategy, UpdateStrategy: podsecuritypolicy.Strategy,

0
pkg/registry/extensions/podsecuritypolicy/storage/storage_test.go → pkg/registry/policy/podsecuritypolicy/storage/storage_test.go
View File

0
pkg/registry/extensions/podsecuritypolicy/strategy.go → pkg/registry/policy/podsecuritypolicy/strategy.go
View File

2
pkg/registry/policy/rest/BUILD
View File

@ -12,8 +12,8 @@ go_library(
deps = [ deps = [
"//pkg/api/legacyscheme:go_default_library", "//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/policy:go_default_library", "//pkg/apis/policy:go_default_library",
"//pkg/registry/extensions/podsecuritypolicy/storage:go_default_library",
"//pkg/registry/policy/poddisruptionbudget/storage:go_default_library", "//pkg/registry/policy/poddisruptionbudget/storage:go_default_library",
"//pkg/registry/policy/podsecuritypolicy/storage:go_default_library",
"//vendor/k8s.io/api/policy/v1beta1:go_default_library", "//vendor/k8s.io/api/policy/v1beta1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
"//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",

2
pkg/registry/policy/rest/storage_policy.go
View File

@ -24,8 +24,8 @@ import (
serverstorage "k8s.io/apiserver/pkg/server/storage" serverstorage "k8s.io/apiserver/pkg/server/storage"
"k8s.io/kubernetes/pkg/api/legacyscheme" "k8s.io/kubernetes/pkg/api/legacyscheme"
"k8s.io/kubernetes/pkg/apis/policy" "k8s.io/kubernetes/pkg/apis/policy"
pspstore "k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage"
poddisruptionbudgetstore "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage" poddisruptionbudgetstore "k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage"
pspstore "k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage"
) )
type RESTStorageProvider struct{} type RESTStorageProvider struct{}

2
test/integration/etcd/etcd_storage_path_test.go
View File

@ -262,6 +262,7 @@ var etcdStorageData = map[schema.GroupVersionResource]struct {
gvr("extensions", "v1beta1", "podsecuritypolicies"): { gvr("extensions", "v1beta1", "podsecuritypolicies"): {
stub: `{"metadata": {"name": "psp1"}, "spec": {"fsGroup": {"rule": "RunAsAny"}, "privileged": true, "runAsUser": {"rule": "RunAsAny"}, "seLinux": {"rule": "MustRunAs"}, "supplementalGroups": {"rule": "RunAsAny"}}}`, stub: `{"metadata": {"name": "psp1"}, "spec": {"fsGroup": {"rule": "RunAsAny"}, "privileged": true, "runAsUser": {"rule": "RunAsAny"}, "seLinux": {"rule": "MustRunAs"}, "supplementalGroups": {"rule": "RunAsAny"}}}`,
expectedEtcdPath: "/registry/podsecuritypolicy/psp1", expectedEtcdPath: "/registry/podsecuritypolicy/psp1",
expectedGVK: gvkP("policy", "v1beta1", "PodSecurityPolicy"),
}, },
gvr("extensions", "v1beta1", "ingresses"): { gvr("extensions", "v1beta1", "ingresses"): {
stub: `{"metadata": {"name": "ingress1"}, "spec": {"backend": {"serviceName": "service", "servicePort": 5000}}}`, stub: `{"metadata": {"name": "ingress1"}, "spec": {"backend": {"serviceName": "service", "servicePort": 5000}}}`,
@ -299,7 +300,6 @@ var etcdStorageData = map[schema.GroupVersionResource]struct {
gvr("policy", "v1beta1", "podsecuritypolicies"): { gvr("policy", "v1beta1", "podsecuritypolicies"): {
stub: `{"metadata": {"name": "psp2"}, "spec": {"fsGroup": {"rule": "RunAsAny"}, "privileged": true, "runAsUser": {"rule": "RunAsAny"}, "seLinux": {"rule": "MustRunAs"}, "supplementalGroups": {"rule": "RunAsAny"}}}`, stub: `{"metadata": {"name": "psp2"}, "spec": {"fsGroup": {"rule": "RunAsAny"}, "privileged": true, "runAsUser": {"rule": "RunAsAny"}, "seLinux": {"rule": "MustRunAs"}, "supplementalGroups": {"rule": "RunAsAny"}}}`,
expectedEtcdPath: "/registry/podsecuritypolicy/psp2", expectedEtcdPath: "/registry/podsecuritypolicy/psp2",
expectedGVK: gvkP("extensions", "v1beta1", "PodSecurityPolicy"),
}, },
// -- // --

2
test/test_owners.csv
View File

@ -749,12 +749,12 @@ k8s.io/kubernetes/pkg/registry/extensions/deployment,dchen1107,1,
k8s.io/kubernetes/pkg/registry/extensions/deployment/storage,timothysc,1, k8s.io/kubernetes/pkg/registry/extensions/deployment/storage,timothysc,1,
k8s.io/kubernetes/pkg/registry/extensions/ingress,apelisse,1, k8s.io/kubernetes/pkg/registry/extensions/ingress,apelisse,1,
k8s.io/kubernetes/pkg/registry/extensions/ingress/storage,luxas,1, k8s.io/kubernetes/pkg/registry/extensions/ingress/storage,luxas,1,
k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage,dchen1107,1,
k8s.io/kubernetes/pkg/registry/extensions/replicaset,rrati,0, k8s.io/kubernetes/pkg/registry/extensions/replicaset,rrati,0,
k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage,wojtek-t,1, k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage,wojtek-t,1,
k8s.io/kubernetes/pkg/registry/extensions/rest,rrati,0, k8s.io/kubernetes/pkg/registry/extensions/rest,rrati,0,
k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget,Q-Lee,1, k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget,Q-Lee,1,
k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage,dchen1107,1, k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage,dchen1107,1,
k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage,dchen1107,1,
k8s.io/kubernetes/pkg/registry/rbac/reconciliation,roberthbailey,1, k8s.io/kubernetes/pkg/registry/rbac/reconciliation,roberthbailey,1,
k8s.io/kubernetes/pkg/registry/rbac/validation,rkouj,0, k8s.io/kubernetes/pkg/registry/rbac/validation,rkouj,0,
k8s.io/kubernetes/pkg/registry/storage/storageclass,brendandburns,1, k8s.io/kubernetes/pkg/registry/storage/storageclass,brendandburns,1,

1 name owner auto-assigned sig
749 k8s.io/kubernetes/pkg/registry/extensions/deployment/storage timothysc 1
750 k8s.io/kubernetes/pkg/registry/extensions/ingress apelisse 1
751 k8s.io/kubernetes/pkg/registry/extensions/ingress/storage luxas 1
k8s.io/kubernetes/pkg/registry/extensions/podsecuritypolicy/storage dchen1107 1
752 k8s.io/kubernetes/pkg/registry/extensions/replicaset rrati 0
753 k8s.io/kubernetes/pkg/registry/extensions/replicaset/storage wojtek-t 1
754 k8s.io/kubernetes/pkg/registry/extensions/rest rrati 0
755 k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget Q-Lee 1
756 k8s.io/kubernetes/pkg/registry/policy/poddisruptionbudget/storage dchen1107 1
757 k8s.io/kubernetes/pkg/registry/policy/podsecuritypolicy/storage dchen1107 1
758 k8s.io/kubernetes/pkg/registry/rbac/reconciliation roberthbailey 1
759 k8s.io/kubernetes/pkg/registry/rbac/validation rkouj 0
760 k8s.io/kubernetes/pkg/registry/storage/storageclass brendandburns 1