mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00
Code Activity
7833 commits 18 branches 550 tags 286 MiB
Commit graph

7833 commits

This branch
This branch
All branches
Author SHA1 Message Date
shuting
22c853e863
release kyverno chart 3.3.7 (#12152) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-12 10:47:32 +00:00
gcp-cherry-pick-bot[bot]
26bed29e94
Add helm changelog for reports-server related fix (#12144) (#12151) 
* Add helm changelog for reports-server related fix



* Remove old changelog entries



---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
Co-authored-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2025-02-12 10:07:15 +00:00
gcp-cherry-pick-bot[bot]
a63f338a37
Don't fail disabling reports CRDs when sanitychecks is disabled (for use with reports-server) (#12129) (#12142) 
Co-authored-by: Rafael da Fonseca <rsafonseca@gmail.com>
 2025-02-11 14:39:47 +00:00
shuting
c6e3bcddee
release v1.13.4 (#12126) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-08 06:25:55 +00:00
shuting
50213f108b
Revert "replace ghcr.io to reg.kyverno.io (#12031) (#12106)" (#12125) 
This reverts commit 81276a8b80.
 2025-02-08 05:05:52 +00:00
Andrew J. Brown
b72d9e0782
chore(deps): bump go dependencies to fix CVEs (#12119) 
Signed-off-by: Andrew Brown <andrew.brown@wealthsimple.com>
 2025-02-07 06:53:47 +00:00
shuting
425ff9dff6
feat: release v1.13.3 (#12105) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-06 18:56:16 +08:00
shuting
81276a8b80
replace ghcr.io to reg.kyverno.io (#12031) (#12106) 
Signed-off-by: Amit Tiwari <amit.tiwari@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Amit Tiwari <amit.tiwari@nirmata.com>
 2025-02-06 09:21:11 +00:00
Andrew J. Brown
c2525ec135
chore: bump golang.org/x/net to 0.33.0 for release-1.13 (#12040) 
---------

Signed-off-by: Andrew Brown <andrew.brown@wealthsimple.com>
 2025-01-31 08:04:55 +00:00
gcp-cherry-pick-bot[bot]
fd5698b5e7
Fix default value for apiCall context (#11733) (#11988) 
* chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (#11712)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.29.0 to 0.30.0.
- [Commits](https://github.com/golang/crypto/compare/v0.29.0...v0.30.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...





* add test for apiCall default value



* move fallback to default into fetch function



* Update pkg/engine/apicall/apiCall.go

improved log message text




* Update pkg/engine/apicall/apiCall.go




* address comments



---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Johann Schley <johann.schley@swisscom.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Johann Schley <65346790+oujonny@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Johann Schley <johann.schley@swisscom.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2025-01-24 08:51:07 +00:00
gcp-cherry-pick-bot[bot]
896c7d15c5
log non fatal parsing errors (#11932) (#11949) 
* log non fatal parsing errors



* log at the error level



* add check for nil



* add check for nil



---------

Signed-off-by: Your Name <you@example.com>
Co-authored-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-01-20 08:05:08 +00:00
gcp-cherry-pick-bot[bot]
d581e9ad79
feat: update annotations of kyverno images (#11935) (#11938) 
* feat: update annotations of kyverno images



* Update Makefile



* Update Makefile



* Update Makefile



* Update Makefile



* Update Makefile



* Update Makefile



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2025-01-16 07:17:17 +00:00
shuting
60a9f24d0b
chore: bump opa 0.68.0 (#11786) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-01-09 13:21:51 +00:00
gcp-cherry-pick-bot[bot]
6f533d335e
fix(reports-controller): add a flag to disable reports sanity checks (#11867) (#11875) 
* fix(reports-controller): remove crd sanity check



* feat: add a flag to disable reports sanity checks



* feat: add changelog



---------

Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: raffis <raffael.sahli@doodle.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-01-09 10:20:15 +00:00
gcp-cherry-pick-bot[bot]
285b5e4d55
remove policy exception dependancy from globalcontext and add some tests (#11788) (#11854) 
Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-01-06 16:23:41 +08:00
gcp-cherry-pick-bot[bot]
0316f004dd
fix global context error message logic error (#11815) (#11853) 
following same file line 91 and github.com/kyverno/kyverno/pkg/globalcontext/store#35

the proper handling should be `!ok`

Signed-off-by: Damien Degois <damien@degois.info>
Co-authored-by: Damien Degois <damien@degois.info>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-01-03 13:53:51 +00:00
gcp-cherry-pick-bot[bot]
e14c67caf3
Fix: Policy with failureActionOverrides not applying desired failure actions in desired namespaces (#11811) (#11850) 
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
Co-authored-by: Sandesh More <34198712+sandeshlmore@users.noreply.github.com>
Co-authored-by: sandesh more <samore@purestorage.com>
 2025-01-03 13:30:49 +00:00
gcp-cherry-pick-bot[bot]
1d7e4e65ef
fix panic when rules are empty (#11821) (#11848) 
Signed-off-by: MUzairS15 <muzair.shaikh810@gmail.com>
Co-authored-by: Mohd Uzair <muzair.shaikh810@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-01-03 10:57:34 +00:00
gcp-cherry-pick-bot[bot]
71aea7fdfc
Fix panic in background controller when updating Generate rule (#11835) (#11846) 
Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
Co-authored-by: Rokibul Hasan <mdrokibulhasan18@gmail.com>
 2025-01-03 09:09:50 +00:00
gcp-cherry-pick-bot[bot]
3a0370070c
fix: [Helm] mergeOverwrite overwrites nested objects #11536 (#11584) (#11797) 
Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
Co-authored-by: abhashsolanki18 <157798417+abhashsolanki18@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-30 13:19:25 +00:00
gcp-cherry-pick-bot[bot]
20f82ad749
fix: remove extra line in configmsp (#11762) (#11776) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-20 16:06:28 +00:00
shuting
682156389f
chore: bump python to 3.13.1 (#11801) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-12-20 15:36:03 +00:00
gcp-cherry-pick-bot[bot]
8e9ee969e1
fix: update chainsaw test apply timeout to 30s (cherry-pick #11794) (#11802) 
* fix: update chainsaw test apply timeout to 30s (#11794)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: cleanup

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2024-12-20 11:57:20 +00:00
gcp-cherry-pick-bot[bot]
142c62fd89
fix: copy all the fields of public keys when splitting (#11770) (#11798) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2024-12-20 10:41:14 +00:00
gcp-cherry-pick-bot[bot]
2376daaa82
fix: exemption error caused by convertChecks function (#11780) (#11787) 
Signed-off-by: Liang Deng <ytdengliang@gmail.com>
Co-authored-by: Liang Deng <ytdengliang@gmail.com>
 2024-12-20 10:22:05 +00:00
shuting
2cd7f2c247
fix: pin sigstore (#11777) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-12-20 08:43:33 +00:00
gcp-cherry-pick-bot[bot]
f63f7bca6a
fix: revert default background scan interval to 1h (#11754) (#11756) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-12 23:09:16 +00:00
shuting
42f1713852
chore: bump golang.org/x/crypto 0.31.0 (#11753) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-12-12 08:30:22 +00:00
shuting
a96b1a4794
release 1.13.2 (#11736) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-12-10 09:37:07 +01:00
shuting
e7e25c93d4
release 1.13.2-rc.1 (#11713) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2024-12-05 15:02:33 +00:00
gcp-cherry-pick-bot[bot]
ab2371885d
fix: properly verify precondition in old object validation (#11644) (#11705) 
* fix: properly verify precondition in old object validation



* fix: tests



* fix: assert bug



* fix: properly update the values



---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-05 13:38:01 +00:00
gcp-cherry-pick-bot[bot]
a61058bd0b
fix: add metrics-server Helm repo (#11717) (#11718) 
* fix: add metrics-server Helm repo



* fix: update metrcis-server Helm repo



* fix: update metrcis-server Helm repo



---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-05 10:13:26 +00:00
Vishal Choudhary
05488bb3da
add allowExistingViolations option in policy chart (#11656) (#11720) 
Until now it was not possible to set the allowExistingViolations for predefined policies in the policies chart. By default it should be set to , identical to how it is set up in the CRDs. Not only does this now allow users to set the config according to their needs, but this also solves a problem with ArgoCD. As the CRDs set it to true, but the template does not specifically declare the field, ArgoCD falls into a constant sync loop of trying to remove the field.

Signed-off-by: ProbstenHias <matthias.weilinger@gmx.de>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Matthias Weilinger <matthias.weilinger@gmx.de>
 2024-12-05 09:52:15 +00:00
gcp-cherry-pick-bot[bot]
96421c3903
fix(readme): add changelog for spec.validate[*].allowExistingViolations field in kyverno chart (#11714) (#11719) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
 2024-12-05 09:22:12 +00:00
gcp-cherry-pick-bot[bot]
ab79afeccf
feat: Show textual diff when generate test fails (#11674) (#11704) 
* feat: Show textual diff when generate test fails



* Tweak verbosity level for diff output



* Display a rich diff of the expected and actual resources with --detailed-results



---------

Signed-off-by: Tomas Aschan <tomasl@spotify.com>
Co-authored-by: Tomas Aschan <1550920+tomasaschan@users.noreply.github.com>
 2024-12-04 06:53:24 +00:00
gcp-cherry-pick-bot[bot]
fee0fadccc
fix: api call chainsaw tests (#11682) (#11696) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-12-03 08:32:03 +00:00
gcp-cherry-pick-bot[bot]
8e354a30cf
fix: check the patchedResources in kyverno-test (#11686) (#11695) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2024-12-03 08:04:45 +00:00
gcp-cherry-pick-bot[bot]
75a6e8bed1
Print generate output cli (#11634) (#11678) 
* refactor: Configure the policy processor to print generated resources

Refactor printMutatedOutput to printOutput which prints mutate or generate resources to a file or standard output
Introduce processGenerateResponse which extracts generated resources from the policy response and passes them to printOutput



* chore: Update flag description to specify mutated and generated resources



* chore: Run codegen



---------

Signed-off-by: aerosouund <aerosound161@gmail.com>
Co-authored-by: Ammar Yasser <aerosound161@gmail.com>
 2024-11-27 11:21:36 +00:00
gcp-cherry-pick-bot[bot]
8e0cb30230
fix(chart): global image registry bug in 3.3.3 (#11604) (#11672) 
Signed-off-by: Patrik Votoček <patrik@votocek.cz>
Co-authored-by: Patrik Votoček <patrik@votocek.cz>
 2024-11-27 05:04:27 +00:00
Ammar Yasser
5ea618a1f6
chore: Add a new field in the test results CRD to specify patched resources (#11297) (#11673) 
* chore: Add a new field in the test results CRD to specify patched resources

- The currently existing PatchedResource field has a misleading name, leading to users believing that
it can only take a yaml containing a single resource. Another field with proper naming is added until this field is removed completely.
- Generate the new CRD from the struct.



* Update cmd/cli/kubectl-kyverno/apis/v1alpha1/test_result.go



* chore: use more chainsaw step templates (#11296)



* chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#11298)

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](aaa42aa062...971e284b60)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...




* chore: use more chainsaw step templates (#11300)



* chore: use more chainsaw step templates (#11303)



---------

Signed-off-by: aerosouund <aerosound161@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-26 22:53:05 +08:00
gcp-cherry-pick-bot[bot]
60692dde9f
fix: add conversion function in Helm template (#11651) (#11666) 
* fix: add conversion function in Helm template



* fix: retain object as is



* fix: json format



* fix: code-gen



---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-26 06:33:49 +00:00
gcp-cherry-pick-bot[bot]
01e4c30a1b
fix(policy chart): fix the merging of policyExclude customizations to avoid wrong overrides (#11653) (#11663) 
Signed-off-by: Caio Begotti <caiobegotti@gmail.com>
Co-authored-by: Caio Begotti <caiobegotti@gmail.com>
 2024-11-25 15:11:48 +00:00
gcp-cherry-pick-bot[bot]
ce4dc53f56
fix: Open the mutated resources file in append mode to allow additions to it (#11619) (#11633) 
Signed-off-by: ammar <ammar.yasser@vodafone.com>
Co-authored-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: ammar <ammar.yasser@vodafone.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-21 09:05:24 +00:00
gcp-cherry-pick-bot[bot]
09a73f0016
Context vars with labelselector (#11608) (#11631) 
* refactor: Treat all of the target spec as a single object while replacing variables

Serialize it into a map string interface then back to a target seletor before returning



* test: Add scenario for variables in the label selector test



* Fix: Capitalize error message




* Fix: Adjust error message specification to mention target rather than selector




* fix: Pass the target selector only during variable replacement



---------

Signed-off-by: aerosouund <aerosound161@gmail.com>
Signed-off-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: Ammar Yasser <aerosound161@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-21 07:31:10 +00:00
gcp-cherry-pick-bot[bot]
269c35768b
fix: return nil error when trigger resource not found for a subresouces (#11594) (#11627) 
* fix: return nil error when trigger resource not found for a subresource kind



* chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.0 (#11597)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](b9fd7d16f6...968872560f)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...




* chore(deps): bump sigs.k8s.io/structured-merge-diff/v4 (#11596)

Bumps [sigs.k8s.io/structured-merge-diff/v4](https://github.com/kubernetes-sigs/structured-merge-diff) from 4.4.1 to 4.4.3.
- [Release notes](https://github.com/kubernetes-sigs/structured-merge-diff/releases)
- [Changelog](https://github.com/kubernetes-sigs/structured-merge-diff/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/structured-merge-diff/compare/v4.4.1...v4.4.3)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/structured-merge-diff/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...




* fix: use generate name for background scan reports (#11586)




* chore(deps): bump github/codeql-action from 3.27.3 to 3.27.4 (#11598)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.3 to 3.27.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](396bb3e453...ea9e4e3799)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...




* feat(ci): test upgrade conformance (#11498)




* add chainsaw tests

* add kubectl-evict to githubpath

* add readme

---------

Signed-off-by: Nishanth Reddy <nishanth.reddy@doordash.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
Co-authored-by: Nishanth Reddy <nishanth.reddy@doordash.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>
 2024-11-20 09:38:20 +00:00
gcp-cherry-pick-bot[bot]
465e582657
fix(background-controller): reduce logging for URs (#11616) (#11617) 
Signed-off-by: Frederic Mereu <frederic.mereu@gaming1.com>
Co-authored-by: Frederic M <43849398+fad3t@users.noreply.github.com>
 2024-11-19 07:30:30 +00:00
gcp-cherry-pick-bot[bot]
4bf6712d10
fix: use ephemeralreportsfor reports controller in helm (#11600) (#11614) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-18 14:36:04 +00:00
gcp-cherry-pick-bot[bot]
61080f80dd
fix: use generate name for background scan reports (#11586) (#11599) 
Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2024-11-15 11:53:03 +00:00
gcp-cherry-pick-bot[bot]
bf48ede740
Add missing error check (#11587) (#11590) 
Signed-off-by: Tomas Aschan <tomasl@spotify.com>
Co-authored-by: Tomas Aschan <1550920+tomasaschan@users.noreply.github.com>
 2024-11-15 09:57:30 +00:00
gcp-cherry-pick-bot[bot]
8fccb9107f
fix: update explicit webhook based on the policy type (#11580) (#11581) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2024-11-15 07:14:53 +00:00