feat: add ruleset api and new oci api by oliverbaehler · Pull Request #1844 · projectcapsule/capsule

oliverbaehler · 2026-01-22T16:28:57Z

By default a rule is applied to all namespaces within a Tenant. However you can select a subset of namespaces to apply the rule on, by using a namespaceSelector. This selector works the same way as a standard Kubernetes label selector:

---
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: solar
spec:
  ...
  rules:
    # Matches all Namespaces and enforces the rule for all of them
    - enforce:
        registries:
        -  url: "harbor/v2/customer-registry/.*"
           policy: [ "IfNotPresent" ]

    # Select a subset of namespaces (enviornment=prod) to allow further registries
    - namespaceSelector:
        matchExpressions:
          - key: env
            operator: In
            values: ["prod"]
      enforce:    
        registries:
         -  url: "harbor/v2/prod-registry/.*"
            policy: [ "IfNotPresent" ]

Note that rules are combined together. In the above example, all namespaces within the solar tenant will be enforced to use images from harbor/v2/customer-registry/, while namespaces labeled with env=prod will also be allowed to pull images from harbor/v2/prod-registry/.

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

Svarrogh1337

LGTM

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

oliverbaehler added 15 commits December 10, 2025 06:50

fix(controller): decode old object for delete requests

9d887cd

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: modernize golang

221e0e8

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: modernize golang

052660e

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: modernize golang

7c418d0

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

Merge branch 'main' of github.com:projectcapsule/capsule

7db5048

Merge branch 'main' of github.com:projectcapsule/capsule

98f9add

Merge branch 'main' of github.com:projectcapsule/capsule

f448bdf

Merge branch 'main' of github.com:projectcapsule/capsule

033e098

Merge branch 'main' of github.com:projectcapsule/capsule

21cd932

Merge branch 'main' of github.com:projectcapsule/capsule

1e28f1b

fix(config): remove usergroups default

668c847

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

fix(config): remove usergroups default

5b05b17

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

sec(GHSA-2ww6-hf35-mfjm): intercept namespace subresource

2327f9c

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

1cc70ee

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

3c17c8f

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

oliverbaehler force-pushed the feat/oci-registry branch from aa6652b to 3c17c8f Compare January 22, 2026 16:40

oliverbaehler added 8 commits January 22, 2026 17:41

chore: conflicts

3203d4d

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

b41cbdf

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

b926322

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

98c1732

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

7747ade

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

44e27bc

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

d771a15

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

17544df

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

Svarrogh1337 approved these changes Jan 23, 2026

View reviewed changes

oliverbaehler added 5 commits January 23, 2026 20:38

chore: conflicts

3cce446

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

a671091

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

chore: conflicts

b622023

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

174d884

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

f41a3f3

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

oliverbaehler added 4 commits January 27, 2026 09:27

feat(api): add rulestatus api

548803e

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

50c04c2

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

820f6b5

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

feat(api): add rulestatus api

45531a5

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>

oliverbaehler merged commit a6b830b into projectcapsule:main Jan 27, 2026
15 of 20 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: add ruleset api and new oci api#1844

feat: add ruleset api and new oci api#1844
oliverbaehler merged 32 commits intoprojectcapsule:mainfrom
oliverbaehler:feat/oci-registry

oliverbaehler commented Jan 22, 2026 •

edited

Loading

Uh oh!

Svarrogh1337 left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

oliverbaehler commented Jan 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Svarrogh1337 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

oliverbaehler commented Jan 22, 2026 •

edited

Loading