kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

Author	SHA1	Message	Date
shuting	23a1df0d7b	Cherry-pick #4233 (#4236 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-07-20 22:22:15 +05:30
Anutosh Bhat	81c699b4a5	Removed confusing output message for the apply and replaced no of policies by no of policy rules count in the output message (#4229 ) Signed-off-by: anutosh491 <andersonbhat491@gmail.com>	2022-07-19 16:28:09 +05:30
Vyankatesh Kudtarkar	612b7fdff2	fix kyverno cli policy-report typo (#4224 ) - fix kyverno cli policy report typo - add shorthand for policy-report flag Signed-off-by: Vyankatesh vyankateshkd@gmail.com	2022-07-18 07:12:19 +00:00
Meha Bhalodiya	06460c0e68	feat: improve flag message for disableMetricsExport (#4194 ) * feat: improve flag message for disableMetricsExport Signed-off-by: Meha Bhalodiya <mehabhalodiya@gmail.com> * update description Signed-off-by: Meha Bhalodiya <mehabhalodiya@gmail.com>	2022-07-15 01:07:45 +08:00
Vyankatesh Kudtarkar	e71493e5cc	Make method public (#4207 ) * npmctl chnages * revert commit * remove comment	2022-07-13 13:37:51 -07:00
Tathagata Paul	3e2894b6fa	feat: Opentelemetry support for metrics and traces (#3910 ) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-11 17:49:47 +00:00
vivek kumar sahu	a37901425f	return helpful error message on invalid patched resources. (#4129 ) Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-06 13:24:28 +05:30
Prateek Pandey	9226873e68	feat: split policy report per policy bases (#4147 ) * feat: split policy report per policy bases Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add policy name as a handler key Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * update merge change request logic Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * handle the delete resource update on policy report Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add splitPolicyReport feature gate Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * delete old reports if splitPolicyReport feature enable Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * use trim policyname as label and create name Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix change request result Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-06-28 15:27:57 +00:00
shuting	77fb10a430	Clean up RCRs if the count exceeds the threshold (#4148 ) * Clean up RCRs if the count exceeds the limit Signed-off-by: ShutingZhao <shuting@nirmata.com> * Sets reports to inactive on resourceExhausted error Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add a container flag changeRequestLimit Signed-off-by: ShutingZhao <shuting@nirmata.com> * Skip generating RCRs if resourceExhausted error occurs Signed-off-by: ShutingZhao <shuting@nirmata.com> * set default RCR limit to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update log messages and CHANGELOG.md Signed-off-by: ShutingZhao <shuting@nirmata.com> * Address review comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Extract mapper to a separate file Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-28 06:18:57 +00:00
shuting	cd2d89bf55	Wait for informers' cache to be synced before starting controllers (#4155 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-28 04:55:52 +00:00
shuting	1c329ea65f	Use kyverno namespace informer to list pods while processing URs (#4156 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-27 12:44:42 +08:00
Tathagata Paul	16f8620993	added resource lists for test cli (#4082 ) Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>	2022-06-20 06:38:13 +00:00
vivek kumar sahu	051b0751e0	set test.namespace value implict as resource namespace until and unless explict value is added (#4100 ) Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2022-06-15 17:59:13 +05:30
Jim Bugwadia	c3be689851	remove TUF initialization from main (#4098 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-06-10 00:52:12 -07:00
vivek kumar sahu	7e79403324	Updated jp command flags and also added URL for help. (#4084 ) * Updated jp command flags and also added URL for help. Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Update cmd/cli/kubectl-kyverno/jp/jp_command.go Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-06-07 06:19:44 +00:00
Prateek Nandle	70175ae5e8	Print for failed test cases (#4048 ) Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-06-02 17:31:46 +00:00
Batuhan Apaydın	e756ae522a	chore(dockerfile): use buildx features for cross-compilation (#4023 ) * chore(dockerfile): use buildx features for cross-compilation Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * feat(kyverno): main container image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-06-01 20:35:02 +08:00
Charles-Edouard Brétéché	dae3dad027	refactor: used typed admission request in ur (#4022 ) * refactor: add policy event listener in ur controller (#4012) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit `cd1fa030ee`) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Handle the error properly Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2022-05-29 07:27:14 +00:00
Shubham Nazare	165c5d9fc3	feat: Extend CLI to cover generate policies (#3456 ) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 14:26:22 +00:00
vivek kumar sahu	fbbe57f5e1	Request operation value by default to CREATE (#3894 ) * set by default request.operation to CREATE Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 13:59:53 +00:00
Anton Popovichenko	afc9a56d33	Feature: Add support for allowing insecure registries. (#3983 ) Now you can work with self signed registries by updating your deployment with adding `--allowInsecureRegistry` to the `args` field. Signed-off-by: Anton Popovichenko <anton.popovichenko@mendix.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-25 11:03:36 +02:00
Charles-Edouard Brétéché	73fdbd3e76	refactor: ur cleaner controller (#3974 ) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: interface and logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: remove useless Control and ControlInterface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: use GetObjectWithTombstone helper Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: reoder methods Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: is not found check Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: move check in reconcile code Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: stop mutating cached resource in ur controller (#4003) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit `dac733755b`) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-24 13:30:00 +00:00
Charles-Edouard Brétéché	88f769cb39	fix: init container gr copy (#3995 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-23 17:57:19 +02:00
Charles-Edouard Brétéché	caa769fb1d	refactor: clean updaterequest generator (#3949 ) * refactor: clean updaterequest generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: clean updaterequest generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-23 22:39:12 +08:00
Charles-Edouard Brétéché	c1df363a0e	fix: release ur when handler pod is gone (#3973 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-20 17:43:00 +08:00
Charles-Edouard Brétéché	1936d86623	fix: move ur controller filtering in reconciler (#3964 ) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-20 00:06:56 +08:00
Charles-Edouard Brétéché	c988d519b4	fix: mark ur retry on conflict (#3961 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-18 06:07:13 +00:00
Charles-Edouard Brétéché	41a3f6c388	chore: make kyverno informers and listers import aliases consistent (#3958 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make clients import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kube informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kyverno informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-18 04:02:31 +00:00
Charles-Edouard Brétéché	5243763674	chore: make dclient import aliases consistent (#3951 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché	666bcb3c15	chore: make k8s api import aliases consistent (#3950 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	c12f94d6d4	chore: enble gci linter (#3930 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-17 07:56:48 +02:00
Charles-Edouard Brétéché	53adf904d6	refactor: separate policy cache and controller (#3925 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 18:36:19 +02:00
Charles-Edouard Brétéché	c112aaefa1	refactor: separate resource mutation/validation handlers from server (#3908 ) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * separate resource mutation from server code Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 22:36:21 +08:00
Charles-Edouard Brétéché	70954b9995	refactor: policy cache (#3919 ) * refactor: simplify policy cache Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: policy cache Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * remove update and add policies map Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-16 07:56:16 +00:00
Dhaval Shah	4d0d719735	fix: gosec G304 file inclusion error (#3916 ) Part of KubeCon EU 2022 Bugbash Signed-off-by: Dhaval Shah <30974879+dhavalgshah@users.noreply.github.com>	2022-05-14 16:40:04 +00:00
Charles-Edouard Brétéché	87ac548563	refactor: separate policy mutation/validation handlers from server (#3905 ) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-13 07:33:20 +02:00
Charles-Edouard Brétéché	526876452e	fix: docker build (#3907 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-12 22:24:25 +01:00
Charles-Edouard Brétéché	97cf1b3e95	feat: gracefull certificates rotation support (#3890 ) * refactor: remove deployment hash on certs secrets Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add label on kyverno webhooks Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: implement update ca bundle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * test: set very low validity and expiration intervals Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: writing secret Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add renew ca Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * decouple ca and tls validity duration Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactored code, everything is in place to finalize implementation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * use real validity periods Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-12 14:07:25 +00:00
Charles-Edouard Brétéché	c15ad0c520	chore: remove ca-certificates from our repository (#3859 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-12 11:41:45 +00:00
Jim Bugwadia	36affff4b7	Timeout and init (#3893 ) * increase timeout to 30s to match webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initialize Fulcio roots at startup Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add TUF root Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make helm-gen Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-12 10:55:14 +08:00
Vyankatesh Kudtarkar	31928c9507	Fix subject match selector issue in cli (#3887 ) * Fix subject match selector issue in cli * remove space * code refactoring	2022-05-11 15:21:13 +00:00
Charles-Edouard Brétéché	8f825bb040	refactor: remove deployment hash on certs secrets (#3886 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 16:58:14 +02:00
Charles-Edouard Brétéché	747f4128ef	chore: enable noctx linter (#3888 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 17:34:40 +05:30
Charles-Edouard Brétéché	c2602d8181	refactor: cleanup tls package (#3854 ) * refactor: init certs with certs renewer directly Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: cleanup tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché	2064a69b8a	refactor: make config vars private (#3823 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché	f508e9a0b8	chore: add unconvert linter (#3867 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 20:28:45 +01:00
Charles-Edouard Brétéché	97e5e64fd4	chore: enable whitespace linter (#3864 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-10 17:01:29 +00:00
Charles-Edouard Brétéché	bfc4290285	chore: enable more linters (#3862 ) * chore: enable deadcode and unused linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: enable more linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 21:20:04 +05:30

... 13 14 15 16 17 ...

981 commits