mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
4349 commits 15 branches 540 tags 276 MiB
Commit graph

4349 commits

This branch
This branch
All branches
Author SHA1 Message Date
Prateek Pandey
9304d5b101
bump golang 1.18.5 version digest in Dockerfile (#4413) (#4876) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-10-11 13:54:52 +00:00
shuting
6e430a7ca7
Tag v1.7.5 (#4874) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-10-11 12:52:12 +00:00
Prateek Pandey
925d5fcddd
update cosign and other dependencies (#4873) 
* update Cosign

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update Golang -> 1.18.x

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix make install-controller-gen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix flag init

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* comment out test - runs successfully locally, fails in PR

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* reinstate test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix crds generate and controller-gen version

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-10-11 12:15:23 +00:00
Prateek Pandey
d6a72d4412
fix: update github action to use current workflow path (#4705) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-09-26 15:49:08 +00:00
Prateek Pandey
416f445f9d
tag v1.7.4 (#4698) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
 2022-09-26 14:17:22 +00:00
gcp-cherry-pick-bot[bot]
6fadda155e
fix: incorrect namespace in report controller (#4637) (#4688) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>

Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-09-26 10:08:33 +00:00
Vyankatesh Kudtarkar
f2dde173ce
Fix issue for wildcard versions (#4670) (#4674) 
* Fix wildcard issue

Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>

* Delete res.yaml

Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>

Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>

Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>
 2022-09-26 09:36:50 +00:00
shuting
f2b63cef77
Cherry-pick #4398 - bump cosign to 1.11.0 (#4399) 
bump cosign version to 1.11.0 (#4398)

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-08-24 16:02:37 +00:00
shuting
01394f3380
Release v1.7.3 (#4394) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-08-24 13:28:47 +00:00
Vyankatesh Kudtarkar
fd347bead9
Fix deprecated api policy issue (#4349) (#4350) 2022-08-18 06:35:32 +00:00
vivek kumar sahu
4e0180622a
precondition failure will skip rule independent of audit or enforce mode (#4163) (#4296) 
Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2022-08-04 14:20:00 +08:00
shuting
420ac57541
tag v1.7.2 (#4261) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-07-25 10:56:56 +05:30
Prateek Pandey
4d685c798f
Use non-blocking channel send for UpdateWebhookChan (#4204) (#4247) 
If the channel send is blocked then there is already an
update queued, and there is no point waiting to queue
another one.

In profiling, the channel send in monitor.go has been
seen to "leak" goroutines as the channel is not being
read from fast enough, but the root cause is not known.

Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk>

Co-authored-by: Thomas Hartland <11710676+tghartland@users.noreply.github.com>
 2022-07-21 14:07:56 +00:00
shuting
a7cf6e7c05
Release v1.7.2-rc2 (#4246) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-07-21 10:42:18 +00:00
Prateek Pandey
886cb6effe
fix split policyreport name with background scan (#4237) (#4245) 
- fix split policyreport name with background scan
- fix the label selector initialising
- refactor the generatePolicyName func

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-07-21 09:49:24 +00:00
Vyankatesh Kudtarkar
d1ec34b97f
fix check depreciated api issue (#4243) (#4244) 2022-07-21 14:14:08 +08:00
Vyankatesh Kudtarkar
8da95f5f39
fix kyverno cli policy-report typo (#4224) (#4232) 
- fix kyverno cli policy report typo 
- add shorthand for policy-report flag

Signed-off-by: Vyankatesh vyankateshkd@gmail.com
 2022-07-20 04:56:54 +00:00
shuting
4954cab7d6
Limit queued events (#4233) 
- add event queue limit
- update change log

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-07-20 09:58:06 +05:30
Jim Bugwadia
30df3d2de1
update cosign to v1.9.0 (#4231) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-07-19 17:54:12 +08:00
Thomas Hartland
101ba33020
Only set up logging context if it will be used (#4213) 
This change is applied in two areas in the admission
handler that had high heap allocations seen in profiling.

Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-07-14 15:44:13 +08:00
Prateek Pandey
812ff9a8ba
use the unstructured list instead of interface type (#4211) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-07-12 15:10:56 +00:00
Byron Ibarra
f0c0000746
Fix UpdateRequest labeling (#4199) 
Co-authored-by: Byron Ibarra V <bibarrav@falabella.cl>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-07-12 18:40:05 +05:30
Jim Bugwadia
531355adce
Release 1.7 (#4200) 
* cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove TUF initialization from main (#4098)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix imageVerify validation checks and conversion logic (#4038)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* release event memory (#4138)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* fix merge of image verify and mutate patches

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix patch join

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle embedded strings with spaces

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-07-10 20:00:00 -07:00
Vyankatesh Kudtarkar
0cb9b9c248
external.metrics.k8s.io/v1beta1 issue (#4182) 
Signed-off-by: Vyankatesh vyankateshkd@gmail.com

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-07-01 05:05:15 +00:00
Prateek Pandey
3b607807de
delete policy reports on policy deletion (#4174) (#4175) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-07-01 04:41:05 +00:00
shuting
ebb3ebd0a3
tag v1.7.2-rc1 (#4167) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 17:57:58 +00:00
Prateek Pandey
2ad7da76b4
feat: split policy report per policy bases (#4147) (#4166) 
* feat: split policy report per policy bases

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add policy name as a handler key

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* update merge change request logic

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* handle the delete resource update on policy report

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add splitPolicyReport feature gate

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* delete old reports if splitPolicyReport feature enable

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* use trim policyname as label and create name

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix change request result

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-28 16:32:52 +00:00
shuting
4aff3de0fe
Re-implement #4159 (#4165) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 09:54:22 +00:00
shuting
1ca2f3ce1d
Cherry pick #4155 (#4164) 
* Re-implement #4155

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Address https://github.com/kyverno/kyverno/pull/4162 comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 09:27:34 +00:00
shuting
4ba30ee140 Cherry-pick #4148 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 16:21:53 +08:00
shuting
b652b4855c Use kyverno namespace informer to list pods while processing URs (#4156) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 16:21:53 +08:00
Jim Bugwadia
6be50399bd
Cherry-pick #4138 to 1.7 (#4160) 
* cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove TUF initialization from main (#4098)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix imageVerify validation checks and conversion logic (#4038)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* release event memory (#4138)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-28 11:56:45 +08:00
Prateek Pandey
db440c1b10
fix: use dev tag for init container local build target (#4141) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-21 10:30:49 +05:30
shuting
060b12d2a2
tag v1.7.1 (#4132) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-17 09:49:23 +00:00
ShutingZhao
b666bedd83 fix build failures 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-17 13:17:57 +05:30
Charles-Edouard Brétéché
40fb652c8a fix: bool fields in image verification types (#4053) 
* refactor: add policy event listener in ur controller (#4012)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit cd1fa030ee)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: bool fields in image verification types

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-17 13:17:57 +05:30
Charles-Edouard Brétéché
fc5a5eaae3 cherry-pick #4013 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-17 13:17:57 +05:30
Jim Bugwadia
c97f0f062e
Release 1.7 (#4130) 
* cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove TUF initialization from main (#4098)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix imageVerify validation checks and conversion logic (#4038)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-16 21:47:08 -07:00
Prateek Pandey
55f26601c7
fix: use policyName key to get the policy name (#4113) 
In case of namespace policy `ur.spec.policy`
contains namespace/policy-name combinations, hence
can't be used to set the policy name label.

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-17 00:56:54 +08:00
Batuhan Apaydın
db154f9df3
chore(dockerfile): use buildx features for cross-compilation (#4023) (#4123) 
* chore(dockerfile): use buildx features for cross-compilation

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat(kyverno): main container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: shuting <shuting@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-06-16 09:53:43 +00:00
vivek kumar sahu
0fe8dcb3b6
Updated jp command flags and also added URL for help. (#4122) 
Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2022-06-16 17:29:47 +08:00
Prateek Pandey
65a812db4c
fix: handle nil ur while retry (#4109) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-15 17:57:15 +08:00
Jim Bugwadia
5baa956e11
Release 1.7 (#4099) 
* cherry-pick fix attestation checks https://github.com/kyverno/kyverno/pull/3999

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove TUF initialization from main (#4098)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-06-10 10:40:47 +01:00
shuting
6589fd2137
Bump Charts version to 2.5.0 (#4092) 
* bump chart versions to v2.4.2

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Update "make gen-helm"

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Bump chart to v2.5.0

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* bump chart to 2.5.0

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-09 09:57:53 -04:00
shuting
2acb161c5b
bump chart versions to v2.4.2 (#4089) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-07 14:11:12 -04:00
shuting
29f54396e2
cherry-pick #4079 (#4088) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: treydock <tdockendorf@osc.edu>
 2022-06-07 16:01:30 +00:00
shuting
72b7b304f4
Remove s390X (#4063) (#4064) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-03 08:57:38 +00:00
shuting
673a1c0318
Bump charts version to 2.4.1 (#4061) 
* Fix handling of kyverno-policies version check when port in image tag (#4042)

* Fix handling of kyverno-policies version check when port in image tag
Fixes #4031

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Add release notes for chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix release notes and use splitList

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Ensure preconditions are present with default values (#4046)

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Bump charts version

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: treydock <tdockendorf@osc.edu>
 2022-06-03 06:52:34 +00:00
treydock
e3b792bfc0 Ensure preconditions are present with default values (#4046) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-03 11:31:38 +05:30
treydock
09c138fb6b Fix handling of kyverno-policies version check when port in image tag (#4042) 
* Fix handling of kyverno-policies version check when port in image tag
Fixes #4031

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Add release notes for chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix release notes and use splitList

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-03 11:31:38 +05:30