mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
6680 commits 15 branches 540 tags 276 MiB
Commit graph

6680 commits

This branch
This branch
All branches
Author SHA1 Message Date
gcp-cherry-pick-bot[bot]
3aa662accc
fix: delete VAPs in case Kyverno policies can't be translated (#8887) (#9019) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-11-27 07:15:45 +00:00
gcp-cherry-pick-bot[bot]
53fa22bc74
fix: block mutation only when failurePolicy is set to fail (#8952) (#8986) 
* fix: only block mutation when failurePolicy is set
to fail



* feat: kuttl test



* fix: add else check



* fix: update defaulting ns label policy's failure policy to be fail

based on readme, this test has nothing to do with failurePolicy and resource should not be blocked in case of ignore failurePolicy



* fix: there is another



* fix: update policy



* nit



* feat: add logs



* Update pkg/webhooks/resource/mutation/mutation.go



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2023-11-22 17:30:15 +00:00
gcp-cherry-pick-bot[bot]
c86039d460
fix: update KeysAreMissing() to ignore negations in resource (#8953) (#8982) 
* fix: update KeysAreMissing() to ignore negations in resource

KeysAreMissing() checks if a key is missing in a resource, since a negation should not be present in the resource, it should not count as a missing key



* feat: add tests



* fix: pod is supposed to fail



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-11-22 13:53:00 +00:00
gcp-cherry-pick-bot[bot]
26c89504bc
feat: add checks for max response size in API Call (#8957) (#8971) 
* feat: add checks for max response size in API Call GET request



* fix: tests



* fix: added changes suggested by jim



* cleanup



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2023-11-21 11:18:12 +00:00
gcp-cherry-pick-bot[bot]
3093210d4d
Revert "fix(chart): only create ServiceMonitor if cluster supports it (#7926)" (#8913) (#8931) 
This reverts commit 590dce5830.

This will ensure servicemonitor can be enabled with ArgoCD which doesn't support querying API capabilities

Fixes #8891

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-11-16 16:12:23 +00:00
gcp-cherry-pick-bot[bot]
c6050e2a28
correct typo in README for Kyverno 1.10+ (#8911) (#8927) 
Signed-off-by: Peter Jakubis <balonik32@gmail.com>
Co-authored-by: Peter Jakubis <balonik@users.noreply.github.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
 2023-11-16 13:22:11 +00:00
gcp-cherry-pick-bot[bot]
68e60ffc72
Add policyKind option to kyverno-policies chart (#8827) (#8923) 
Fixes #4317 #8568

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-11-16 18:14:36 +08:00
Vishal Choudhary
c9f802e87f
chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0 (#8893) (#8897) 
* chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0



* feat: bump other otel deps



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2023-11-13 15:26:37 +00:00
gcp-cherry-pick-bot[bot]
1fc15cca49
Close reponse right after succesful request (#8894) (#8896) 
Signed-off-by: AdamKorcz <adam@adalogics.com>
Co-authored-by: AdamKorcz <44787359+AdamKorcz@users.noreply.github.com>
 2023-11-13 14:51:01 +00:00
gcp-cherry-pick-bot[bot]
208ac97bd7
Reduced verbosity of admission request filter INFO log message (#8712) (#8882) 
* Reduced verbosity of admission request filter INFO log message



* Changed the verbosity level to 4



---------

Signed-off-by: satyazzz123 <beherasatyajit716@gmail.com>
Signed-off-by: Satyajit Behera <105061492+satyazzz123@users.noreply.github.com>
Co-authored-by: Satyajit Behera <105061492+satyazzz123@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-11-13 14:04:54 +08:00
shuting
a411fe6377
release 1.11.0 (#8874) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-10 16:59:42 +08:00
shuting
3ea6f18c84
release 1.11.0-rc.8 (#8869) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-09 15:43:07 +00:00
shuting
0517ca7c52
bump cosign 2.2.1 (#8868) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-09 14:57:10 +00:00
shuting
3abb8058c9
release v1.11.0-rc.7 (#8841) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-06 15:06:53 +00:00
shuting
062ec65d11
bump bump google.golang.org/grpc from 1.58.2 to 1.59.0 (#8839) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-06 14:23:21 +00:00
shuting
df3f436edc
release v1.11.0-rc.6 (#8836) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-06 12:15:21 +00:00
gcp-cherry-pick-bot[bot]
52b1ccf1c9
fix: generate policy fails if triggered resource name exceeds 63 characters limit (#8466) (#8835) 
* fix: generate label resource name character length issue



* add source label



* modify newUR function



* fix



* improve readability



* remove generate source name label



* Revert changes



* update ResourceSpec



* add URGenerateResourceUIDLabel



* make codegen crds all



* make codegen client all



* add GenerateSourceUIDLabel



* modify comment



* make codegen crds all



* make codegen-docs-all



* make codegen-all



* set trigger uid



* add uid in transform()



* add name label



* fix: use resource name labels along with its UID



* fix: use the resource name label only if its uid label isn't set



* fix



* add kuttl tests



* fix: delete the trigger resource in the test



* fix: delete the source in the kuttl test



* add generate trigger uid label



* modify TriggerInfo function



* populate uid field for new update requests



* populate new ur spec with uid



* handle downstream resources cleanup



* populate uid of ur status



* fetch triggers by the UID label



* label triggers



* fetch trigger by comparing UID



* fetch cloneList downstream resource by UID



* update test names



* remove trigger name label assertions from kuttl tests



* add unit name selector



* add sleep



* assert events on failures



* rename tests



---------

Signed-off-by: Chandan-DK <chandandk468@gmail.com>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Chandan-DK <chandandk468@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-11-06 11:26:39 +00:00
shuting
1144e2454b
release v1.11.0-rc.5 (#8823) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-11-03 03:46:19 +00:00
gcp-cherry-pick-bot[bot]
a44c43b301
feat: update descriptions of image verify cache flags (#8770) (#8822) 
* feat: update descriptions of image verify cache flags



* Update cmd/internal/flag.go




* Update cmd/internal/flag.go




* Update cmd/internal/flag.go




* feat: update description of imageVerifyCacheEnabled



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-11-02 16:50:06 +00:00
gcp-cherry-pick-bot[bot]
2ede6e874a
Changes to correctly run delete operation in kyverno11beta4 (#8786) (#8820) 
* Changes to correctly run delete operation in kyverno11beta4






* Update test/cli/test/deny-pod-deletion/deny-pod-deletion.yaml




* Update test/cli/test/deny-pod-deletion/deny-pod-deletion.yaml




* Add README.md for new test



* Correct policy.yaml



* Add new lines in test files



* Correct kyverno-test file



* Correct values.yaml



* Correct test files



* Add new test



---------

Signed-off-by: Anushka Mittal <anushka@nirmata.com>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: anushkamittal2001 <anushka@nirmata.com>
Signed-off-by: Anushka Mittal <138426011+anushkamittal2001@users.noreply.github.com>
Co-authored-by: Anushka Mittal <138426011+anushkamittal2001@users.noreply.github.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-11-02 21:31:23 +08:00
gcp-cherry-pick-bot[bot]
3de7c54a86
fix: display a message when the controller has no permissions for VAPs (#8776) (#8814) 
* fix: display a message when the controller has no permissions for VAPs



* fix: add a warning when a Kyverno policy is created



---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-11-01 14:40:20 +00:00
shuting
ef90f0b07a
chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.0 (#8809) (#8810) 
Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.4.0 to 2.6.0.
- [Release notes](https://github.com/helm/chart-testing-action/releases)
- [Commits](e878887317...b43128a8b2)

---
updated-dependencies:
- dependency-name: helm/chart-testing-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-01 15:14:10 +05:30
gcp-cherry-pick-bot[bot]
37353487ec
fix: display helm warnings together (#8784) (#8805) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-11-01 04:47:53 +00:00
gcp-cherry-pick-bot[bot]
24f8b877b6
fix: generate events for scanning VAPs in reports controller (#8783) (#8804) 
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-11-01 04:15:23 +00:00
gcp-cherry-pick-bot[bot]
0a98200abd
chore: upgrade docker/docker to v24.0.7 (#8793) (#8797) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-31 09:16:00 +00:00
gcp-cherry-pick-bot[bot]
ff407b7d78
add VAP and VAPB to admission controller ClusterRole (#8768) (#8794) 
* add VAP and VAPB to admission controller ClusterRole



* make conditional



* remove manual additions



---------

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: chipzoller <chipzoller@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-10-31 07:57:11 +00:00
gcp-cherry-pick-bot[bot]
e792e87e97
feat: update verify images types with better descriptions (#8779) (#8791) 
* feat: update verify images types with better descriptions



* feat: revert cert and certchain



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2023-10-31 05:30:26 +00:00
gcp-cherry-pick-bot[bot]
e4b5322c48
fix: rename vap logging name to ValidatingAdmissionPolicy (#8785) (#8788) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-30 18:02:29 +00:00
gcp-cherry-pick-bot[bot]
e1b476c88e
fix: print the number of VAPs being applied to the resources in test command (#8778) (#8782) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-30 15:03:34 +00:00
gcp-cherry-pick-bot[bot]
babb39c905
fix: grafana dashboard to support replicas (#8751) (#8759) 
Signed-off-by: Alex Kennedy <alexzanderkennedy@gmail.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: Alex Kennedy <alexzanderkennedy@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-10-27 09:01:38 +00:00
gcp-cherry-pick-bot[bot]
8b60e37ff1
Revert "add secrets name in background-controller's role (#8721)" (#8752) (#8757) 
This reverts commit 580c02ce76.

Co-authored-by: shuting <shuting@nirmata.com>
 2023-10-27 08:20:51 +00:00
Vishal Choudhary
4c9f5b8f28
feat: disable validate maintainer for helm gha (#8747) (#8748) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-26 13:34:53 +00:00
gcp-cherry-pick-bot[bot]
d25b07c930
fix: revert maintainers in helm charts (#8737) (#8746) 
* fix: revert maintainers in helm charts



* feat: codegnen



* fix: revert helm release changes



---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-26 11:38:01 +00:00
shuting
526d4895b7
fix: fetch correct branch name in helm-release workflow (#8744) (#8745) 
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: shuting <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-26 09:30:29 +00:00
Vishal Choudhary
f9fccbd0bf
fix: replace base_ref with ref_name in helm test GHA (#8735) (#8736) 
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-25 14:35:24 +00:00
Vishal Choudhary
407ffa79de
fix: dynamically get branch name in helm test (#8732) (#8734) 
* fix: dynamically get branch name in helm test



* fix: add env variable branch name



* fix: use head ref



* cleanup: remove debug statements



---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-25 11:09:41 +00:00
shuting
023ac8635a
release v1.11.0-rc.4 (#8723) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-10-24 10:54:21 +00:00
gcp-cherry-pick-bot[bot]
662a254520
add secrets name in background-controller's role (#8721) (#8722) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-10-24 09:48:17 +00:00
shuting
573d589c49
cherry-pick 8707 (#8717) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-24 04:30:54 +00:00
Vishal Choudhary
b321490e7b
[Helm] AdmissionReport cleanup job tag bump (#8708) (#8714) 
* update chart metadata



* bump tag



* adjust name



* do not validate maintainers



* feat: update codegen



* feat: update codegen



* feat: update kubeversion in helm template



---------

Signed-off-by: chipzoller <chipzoller@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: chipzoller <chipzoller@gmail.com>
 2023-10-23 15:36:21 +00:00
gcp-cherry-pick-bot[bot]
0e0bef1ebe
fix: add permissions to secrets for background controller role (#8690) (#8715) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-23 22:53:02 +08:00
shuting
899a9f0a3a
release v1.11.0-rc.3 (#8706) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2023-10-20 10:42:45 +00:00
shuting
de673f07e6
feat: generate events for CEL policies that generate VAPs (#8564) (#8705) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-20 09:48:30 +00:00
shuting
452392c05b
fix typo (#8666) (#8704) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-20 11:57:48 +03:00
gcp-cherry-pick-bot[bot]
c3db00b154
feat: fix outdated description of imageregistrycredentials (#8688) (#8699) 
* feat: fix outdated description of imageregistrycredentials



* feat: generate crd



---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2023-10-20 12:30:54 +08:00
gcp-cherry-pick-bot[bot]
2212201553
fix: add codegen-cli-crds target to codegen-crds-all (#8692) (#8695) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-19 15:42:03 +00:00
gcp-cherry-pick-bot[bot]
6fcf2bc22b
feat: Implement global values for image registry in Kyverno Helm chart (#8625) (#8694) 
* feat: Add image registry to global values



* Fix indentation



* Update documentation



---------

Signed-off-by: Franco <franco@giantswarm.io>
Co-authored-by: Franco Hielpos <48300215+fhielpos@users.noreply.github.com>
 2023-10-19 14:30:17 +00:00
gcp-cherry-pick-bot[bot]
cf65fc2f48
fix: allow cleanup controller to update the policy status (#8681) (#8684) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-19 15:16:46 +08:00
gcp-cherry-pick-bot[bot]
2c570e007e
remove duplicated log messages (#8673) (#8676) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2023-10-18 11:49:38 +08:00
gcp-cherry-pick-bot[bot]
28c504a3c1
feat: add support for days in ttl labels (#8660) (#8662) 
Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
 2023-10-16 13:58:04 +00:00