mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity

Release 1.5.8 (#3090)

Browse source 
* Fix CLI test/apply when any/all use namespaceSelector (#3050)

* Fix CLI test/apply when any/all use namespaceSelector
Fixes #3047

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* gofmt fix

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* tag v1.5.8

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
This commit is contained in:
shuting 2022-01-27 02:08:58 +08:00 committed by GitHub
parent 03ba19e985
commit f9eb85db26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 161 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,3 +1,7 @@
## v1.5.8
## Bug Fixes
- Kyverno CLI test and apply both fail when using `namespaceSelector` under `match.any` or `exclude.any` #3047
## v1.5.7 ## v1.5.7
## Bug Fixes ## Bug Fixes

4
charts/kyverno-policies/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
name: kyverno-policies name: kyverno-policies
version: v2.1.9 version: v2.1.10
appVersion: v1.5.7 appVersion: v1.5.8
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management Policies description: Kubernetes Native Policy Management Policies
keywords: keywords:

4
charts/kyverno/Chart.yaml
View file

@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
name: kyverno name: kyverno
version: v2.1.9 version: v2.1.10
appVersion: v1.5.7 appVersion: v1.5.8
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management description: Kubernetes Native Policy Management
keywords: keywords:

14
charts/kyverno/templates/crds.yaml
View file

@ -12,7 +12,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicies.kyverno.io name: clusterpolicies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -1313,7 +1313,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicyreports.wgpolicyk8s.io name: clusterpolicyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -1806,7 +1806,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterreportchangerequests.kyverno.io name: clusterreportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -2299,7 +2299,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: generaterequests.kyverno.io name: generaterequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -2480,7 +2480,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policies.kyverno.io name: policies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -3781,7 +3781,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policyreports.wgpolicyk8s.io name: policyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -4274,7 +4274,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: reportchangerequests.kyverno.io name: reportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io

66
definitions/install.yaml
View file

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicies.kyverno.io name: clusterpolicies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -2074,7 +2074,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicyreports.wgpolicyk8s.io name: clusterpolicyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -2755,7 +2755,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterreportchangerequests.kyverno.io name: clusterreportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -3436,7 +3436,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: generaterequests.kyverno.io name: generaterequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -3632,7 +3632,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policies.kyverno.io name: policies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -5685,7 +5685,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policyreports.wgpolicyk8s.io name: policyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -6364,7 +6364,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: reportchangerequests.kyverno.io name: reportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -7043,7 +7043,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-service-account name: kyverno-service-account
namespace: kyverno namespace: kyverno
--- ---
@ -7057,7 +7057,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies name: kyverno:admin-policies
rules: rules:
@ -7079,7 +7079,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport name: kyverno:admin-policyreport
rules: rules:
@ -7101,7 +7101,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest name: kyverno:admin-reportchangerequest
rules: rules:
@ -7123,7 +7123,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:customresources name: kyverno:customresources
rules: rules:
- apiGroups: - apiGroups:
@ -7169,7 +7169,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:generatecontroller name: kyverno:generatecontroller
rules: rules:
- apiGroups: - apiGroups:
@ -7204,7 +7204,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:leaderelection name: kyverno:leaderelection
rules: rules:
- apiGroups: - apiGroups:
@ -7228,7 +7228,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:policycontroller name: kyverno:policycontroller
rules: rules:
- apiGroups: - apiGroups:
@ -7251,7 +7251,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:userinfo name: kyverno:userinfo
rules: rules:
- apiGroups: - apiGroups:
@ -7277,7 +7277,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:webhook name: kyverno:webhook
rules: rules:
- apiGroups: - apiGroups:
@ -7329,7 +7329,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:customresources name: kyverno:customresources
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7350,7 +7350,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:generatecontroller name: kyverno:generatecontroller
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7371,7 +7371,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:leaderelection name: kyverno:leaderelection
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7392,7 +7392,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:policycontroller name: kyverno:policycontroller
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7413,7 +7413,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:userinfo name: kyverno:userinfo
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7434,7 +7434,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:webhook name: kyverno:webhook
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7459,7 +7459,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
--- ---
@ -7476,7 +7476,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-metrics name: kyverno-metrics
namespace: kyverno namespace: kyverno
--- ---
@ -7490,7 +7490,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-svc name: kyverno-svc
namespace: kyverno namespace: kyverno
spec: spec:
@ -7512,7 +7512,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-svc-metrics name: kyverno-svc-metrics
namespace: kyverno namespace: kyverno
spec: spec:
@ -7534,7 +7534,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
spec: spec:
@ -7557,7 +7557,7 @@ spec:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
spec: spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
@ -7586,7 +7586,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: KYVERNO_SVC - name: KYVERNO_SVC
value: kyverno-svc value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.5.7 image: ghcr.io/kyverno/kyverno:v1.5.8
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
@ -7638,7 +7638,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: ghcr.io/kyverno/kyvernopre:v1.5.7 image: ghcr.io/kyverno/kyvernopre:v1.5.8
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kyverno-pre name: kyverno-pre
resources: resources:
@ -7670,7 +7670,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
spec: spec:

66
definitions/release/install.yaml
View file

@ -8,7 +8,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
@ -23,7 +23,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicies.kyverno.io name: clusterpolicies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -2074,7 +2074,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterpolicyreports.wgpolicyk8s.io name: clusterpolicyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -2755,7 +2755,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: clusterreportchangerequests.kyverno.io name: clusterreportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -3436,7 +3436,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: generaterequests.kyverno.io name: generaterequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -3632,7 +3632,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policies.kyverno.io name: policies.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -5685,7 +5685,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: policyreports.wgpolicyk8s.io name: policyreports.wgpolicyk8s.io
spec: spec:
group: wgpolicyk8s.io group: wgpolicyk8s.io
@ -6364,7 +6364,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: reportchangerequests.kyverno.io name: reportchangerequests.kyverno.io
spec: spec:
group: kyverno.io group: kyverno.io
@ -7043,7 +7043,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-service-account name: kyverno-service-account
namespace: kyverno namespace: kyverno
--- ---
@ -7057,7 +7057,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies name: kyverno:admin-policies
rules: rules:
@ -7079,7 +7079,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport name: kyverno:admin-policyreport
rules: rules:
@ -7101,7 +7101,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest name: kyverno:admin-reportchangerequest
rules: rules:
@ -7123,7 +7123,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:customresources name: kyverno:customresources
rules: rules:
- apiGroups: - apiGroups:
@ -7169,7 +7169,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:generatecontroller name: kyverno:generatecontroller
rules: rules:
- apiGroups: - apiGroups:
@ -7204,7 +7204,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:leaderelection name: kyverno:leaderelection
rules: rules:
- apiGroups: - apiGroups:
@ -7228,7 +7228,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:policycontroller name: kyverno:policycontroller
rules: rules:
- apiGroups: - apiGroups:
@ -7251,7 +7251,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:userinfo name: kyverno:userinfo
rules: rules:
- apiGroups: - apiGroups:
@ -7277,7 +7277,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:webhook name: kyverno:webhook
rules: rules:
- apiGroups: - apiGroups:
@ -7329,7 +7329,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:customresources name: kyverno:customresources
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7350,7 +7350,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:generatecontroller name: kyverno:generatecontroller
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7371,7 +7371,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:leaderelection name: kyverno:leaderelection
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7392,7 +7392,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:policycontroller name: kyverno:policycontroller
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7413,7 +7413,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:userinfo name: kyverno:userinfo
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7434,7 +7434,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno:webhook name: kyverno:webhook
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
@ -7459,7 +7459,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
--- ---
@ -7476,7 +7476,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-metrics name: kyverno-metrics
namespace: kyverno namespace: kyverno
--- ---
@ -7490,7 +7490,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-svc name: kyverno-svc
namespace: kyverno namespace: kyverno
spec: spec:
@ -7512,7 +7512,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno-svc-metrics name: kyverno-svc-metrics
namespace: kyverno namespace: kyverno
spec: spec:
@ -7534,7 +7534,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
spec: spec:
@ -7557,7 +7557,7 @@ spec:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
spec: spec:
affinity: affinity:
podAntiAffinity: podAntiAffinity:
@ -7586,7 +7586,7 @@ spec:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: KYVERNO_SVC - name: KYVERNO_SVC
value: kyverno-svc value: kyverno-svc
image: ghcr.io/kyverno/kyverno:v1.5.7 image: ghcr.io/kyverno/kyverno:v1.5.8
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
failureThreshold: 2 failureThreshold: 2
@ -7638,7 +7638,7 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: ghcr.io/kyverno/kyvernopre:v1.5.7 image: ghcr.io/kyverno/kyvernopre:v1.5.8
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: kyverno-pre name: kyverno-pre
resources: resources:
@ -7670,7 +7670,7 @@ metadata:
app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/managed-by: Kustomize
app.kubernetes.io/name: kyverno app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno app.kubernetes.io/part-of: kyverno
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
name: kyverno name: kyverno
namespace: kyverno namespace: kyverno
spec: spec:

4
definitions/release/kustomization.yaml
View file

@ -9,6 +9,6 @@ transformers:
images: images:
- name: ghcr.io/kyverno/kyverno - name: ghcr.io/kyverno/kyverno
newTag: v1.5.7 newTag: v1.5.8
- name: ghcr.io/kyverno/kyvernopre - name: ghcr.io/kyverno/kyvernopre
newTag: v1.5.7 newTag: v1.5.8

2
definitions/release/labels.yaml
View file

@ -4,7 +4,7 @@ kind: LabelTransformer
metadata: metadata:
name: labelTransformer name: labelTransformer
labels: labels:
app.kubernetes.io/version: v1.5.7 app.kubernetes.io/version: v1.5.8
fieldSpecs: fieldSpecs:
- path: metadata/labels - path: metadata/labels
create: true create: true

25
pkg/kyverno/common/common.go
View file

@ -450,12 +450,37 @@ func ApplyPolicyOnResource(policy *v1.ClusterPolicy, resource *unstructured.Unst
} }
policyWithNamespaceSelector := false policyWithNamespaceSelector := false
OuterLoop:
for _, p := range policy.Spec.Rules { for _, p := range policy.Spec.Rules {
if p.MatchResources.ResourceDescription.NamespaceSelector != nil || if p.MatchResources.ResourceDescription.NamespaceSelector != nil ||
p.ExcludeResources.ResourceDescription.NamespaceSelector != nil { p.ExcludeResources.ResourceDescription.NamespaceSelector != nil {
policyWithNamespaceSelector = true policyWithNamespaceSelector = true
break break
} }
for _, m := range p.MatchResources.Any {
if m.ResourceDescription.NamespaceSelector != nil {
policyWithNamespaceSelector = true
break OuterLoop
}
}
for _, m := range p.MatchResources.All {
if m.ResourceDescription.NamespaceSelector != nil {
policyWithNamespaceSelector = true
break OuterLoop
}
}
for _, e := range p.ExcludeResources.Any {
if e.ResourceDescription.NamespaceSelector != nil {
policyWithNamespaceSelector = true
break OuterLoop
}
}
for _, e := range p.ExcludeResources.All {
if e.ResourceDescription.NamespaceSelector != nil {
policyWithNamespaceSelector = true
break OuterLoop
}
}
} }
if policyWithNamespaceSelector { if policyWithNamespaceSelector {

25
test/cli/test/any-namespaceSelector/policy.yaml Normal file
View file

@ -0,0 +1,25 @@
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: enforce-pod-name
spec:
validationFailureAction: audit
background: true
rules:
- name: validate-name
match:
any:
- resources:
kinds:
- Pod
namespaceSelector:
matchExpressions:
- key: foo.com/managed-state
operator: In
values:
- managed
validate:
message: "The Pod must end with -nginx"
pattern:
metadata:
name: "*-nginx"

9
test/cli/test/any-namespaceSelector/resource.yaml Normal file
View file

@ -0,0 +1,9 @@
kind: Pod
apiVersion: v1
metadata:
name: test-nginx
namespace: test1
spec:
containers:
- name: nginx
image: nginx:latest

14
test/cli/test/any-namespaceSelector/test.yaml Normal file
View file

@ -0,0 +1,14 @@
---
name: enforce-pod-name
policies:
- policy.yaml
resources:
- resource.yaml
variables: value.yaml
results:
- policy: enforce-pod-name
rule: validate-name
resource: test-nginx
kind: Pod
namespace: test1
result: pass

4
test/cli/test/any-namespaceSelector/value.yaml Normal file
View file

@ -0,0 +1,4 @@
namespaceSelector:
- name: test1
labels:
foo.com/managed-state: managed