Skip to content

feat: add ruleset api and new oci api #1844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
oliverbaehler merged 32 commits into from
Jan 27, 2026
Merged

feat: add ruleset api and new oci api #1844

oliverbaehler merged 32 commits into from
Jan 27, 2026

Conversation

@oliverbaehler
Copy link
Collaborator

@oliverbaehler oliverbaehler commented Jan 22, 2026
edited
Loading

By default a rule is applied to all namespaces within a Tenant. However you can select a subset of namespaces to apply the rule on, by using a namespaceSelector. This selector works the same way as a standard Kubernetes label selector:

---
apiVersion: capsule.clastix.io/v1beta2
kind: Tenant
metadata:
  name: solar
spec:
  ...
  rules:
    # Matches all Namespaces and enforces the rule for all of them
    - enforce:
        registries:
        -  url: "harbor/v2/customer-registry/.*"
           policy: [ "IfNotPresent" ]

    # Select a subset of namespaces (enviornment=prod) to allow further registries
    - namespaceSelector:
        matchExpressions:
          - key: env
            operator: In
            values: ["prod"]
      enforce:    
        registries:
         -  url: "harbor/v2/prod-registry/.*"
            policy: [ "IfNotPresent" ]

Note that rules are combined together. In the above example, all namespaces within the solar tenant will be enforced to use images from harbor/v2/customer-registry/, while namespaces labeled with env=prod will also be allowed to pull images from harbor/v2/prod-registry/.

@oliverbaehler
fix(controller): decode old object for delete requests
9d887cd 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: modernize golang
221e0e8 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: modernize golang
052660e 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: modernize golang
7c418d0 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
7db5048
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
98f9add
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
f448bdf
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
033e098
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
21cd932
@oliverbaehler
Merge branch 'main' of github.com:projectcapsule/capsule
1e28f1b
@oliverbaehler
fix(config): remove usergroups default
668c847 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
fix(config): remove usergroups default
5b05b17 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
sec(GHSA-2ww6-hf35-mfjm): intercept namespace subresource
2327f9c 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
1cc70ee 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
3c17c8f 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
3203d4d 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
b41cbdf 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
b926322 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
98c1732 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
7747ade 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
44e27bc 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
d771a15 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
17544df 
Signed-off-by: Oliver Bähler <[email protected]>
Svarrogh1337
Svarrogh1337 approved these changes Jan 23, 2026
View reviewed changes
Copy link
Collaborator

@Svarrogh1337 Svarrogh1337 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@oliverbaehler
chore: conflicts
3cce446 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
a671091 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
chore: conflicts
b622023 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
174d884 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
f41a3f3 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
548803e 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
50c04c2 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
820f6b5 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler
feat(api): add rulestatus api
45531a5 
Signed-off-by: Oliver Bähler <[email protected]>
@oliverbaehler oliverbaehler merged commit a6b830b into projectcapsule:main Jan 27, 2026
15 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Svarrogh1337 Svarrogh1337 Svarrogh1337 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@oliverbaehler @Svarrogh1337