mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-28 10:28:36 +00:00
Code Activity

chore: enable policy exceptions by default (#8545)

Browse source 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
Mariam Fahmy 2023-09-27 20:40:13 +03:00 committed by GitHub
parent 482c243517
commit b80963374f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -13,6 +13,7 @@
- Added `--aggregateReports` flag for reports controller to enable/disable aggregated reports (default value is `true`).
- Added `--policyReports` flag for reports controller to enable/disable policy reports (default value is `true`).
- Renamed CLI flag `--compact` to `--detailed-results` (and changed default value from `true` to `false`).
- Changed the default value of `--enablePolicyException` from `false` to `true`.
## v1.10.0

2
charts/kyverno/README.md
View file

@ -308,7 +308,7 @@ The chart values are organised per component.
| features.logging.format | string | `"text"` | Logging format |
| features.logging.verbosity | int | `2` | Logging verbosity |
| features.omitEvents.eventTypes | list | `[]` | Events which should not be emitted (possible values `PolicyViolation`, `PolicyApplied`, `PolicyError`, and `PolicySkipped`) |
| features.policyExceptions.enabled | bool | `false` | Enables the feature |
| features.policyExceptions.enabled | bool | `true` | Enables the feature |
| features.policyExceptions.namespace | string | `""` | Restrict policy exceptions to a single namespace |
| features.protectManagedResources.enabled | bool | `false` | Enables the feature |
| features.registryClient.allowInsecure | bool | `false` | Allow insecure registry |

2
charts/kyverno/values.yaml
View file

@ -425,7 +425,7 @@ features:
# - PolicySkipped
policyExceptions:
# -- Enables the feature
enabled: false
enabled: true
# -- Restrict policy exceptions to a single namespace
namespace: ''
protectManagedResources:

2
cmd/internal/flag.go
View file

@ -89,7 +89,7 @@ func initKubeconfigFlags(qps float64, burst int) {
func initPolicyExceptionsFlags() {
flag.StringVar(&exceptionNamespace, "exceptionNamespace", "", "Configure the namespace to accept PolicyExceptions.")
flag.BoolVar(&enablePolicyException, "enablePolicyException", false, "Enable PolicyException feature.")
flag.BoolVar(&enablePolicyException, "enablePolicyException", true, "Enable PolicyException feature.")
}
func initConfigMapCachingFlags() {

6
config/install-latest-testing.yaml
View file

@ -42328,7 +42328,7 @@ spec:
- --generateValidatingAdmissionPolicy=false
- --loggingFormat=text
- --v=2
- --enablePolicyException=false
- --enablePolicyException=true
- --protectManagedResources=false
- --allowInsecureRegistry=false
- --registryCredentialHelpers=default,google,amazon,azure,github
@ -42474,7 +42474,7 @@ spec:
- --enableDeferredLoading=true
- --loggingFormat=text
- --v=2
- --enablePolicyException=false
- --enablePolicyException=true
env:
- name: KYVERNO_SERVICEACCOUNT_NAME
value: kyverno-background-controller
@ -42711,7 +42711,7 @@ spec:
- --enableDeferredLoading=true
- --loggingFormat=text
- --v=2
- --enablePolicyException=false
- --enablePolicyException=true
- --reportsChunkSize=1000
- --allowInsecureRegistry=false
- --registryCredentialHelpers=default,google,amazon,azure,github