mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4300 commits 16 branches 550 tags 288 MiB
Commit graph

384 commits

Author SHA1 Message Date
treydock
c8e5750c4f
Ensure Helm chart networkpolicy is valid by default (#2827) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: shuting <shutting06@gmail.com>
 2021-12-15 21:43:05 +08:00
Jim Bugwadia
a3efcc80ac
add permissions for Kyverno deployment update (#2830) 
* add permissions for Kyverno deployment update

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove quotes

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-12-13 14:38:13 -08:00
Jim Bugwadia
b17e76493e
tighten and clarify Kyverno roles and permissions (#2799) 
* update roles and rolebindings

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert label and fix perms

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update role

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* restrict role

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix whitespace

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests and roles

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* update tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove ingress extensions/v1beta1

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix chart

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix role

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* tighten and clarify Kyverno roles and permissions

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fake commit to trigger workflows

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert tests and update test role

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add newlines

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove update role

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove invalid param

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* cleanup roles in Helm templates

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* remove `mutate` cluster role binding

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-12-10 04:34:06 +00:00
Vyankatesh Kudtarkar
b7767d79d3
change cluster role labels (#2776) 
* change cluster role labels

* change cluster role label value

* fix cluster role label issue

* fix comment
 2021-12-02 15:52:34 +05:30
Igor Urazov
9e10eef422
Don't check for Prom Operator apiVersion (#2723) 
`.Capabilities.APIVersions.Has` function has limitations when running with
`helm template`, which is common step in multiple CD tools. In order to
properly resolve `Capabilities.APIVersions` `helm template` has to run
with `--validate` option and connect to cluster that has Prom Operator
CRDs installed.

As this template is opt-in and user has to set value to enable this,
apiVersion check doesn't provide much value and can be removed.

Signed-off-by: Ihor Urazov <iurazov@healthjoy.com>
 2021-11-23 15:12:43 -05:00
Vyankatesh Kudtarkar
fa95132806
Fix: Hard-coded ClusterRoleName in OwnerRef breaks (#2718) 
* fix hardcoded clusterrole name

* Fix label
 2021-11-16 19:32:42 +08:00
Kumar Mallikarjuna
17e671bf53
Remove redundant PDB (#2598) 
* Remove field podDisruptionBudget.enabled

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Update CHANGELOG.md

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Update CRDs

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Update CHANGELOG to 1.5.2-rc1

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Remove enabled flag

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>
 2021-11-09 09:15:28 -08:00
Jim Bugwadia
50cb1859c3
add keyless verification (#2677) 
* add keyless verification

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* run make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter warning

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* wrap error with details

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-11-04 23:26:22 -07:00
shuting
04189e450c
bump chart version to release fix for https://github.com/kyverno/kyverno/pull/2655 (#2672) 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-11-03 16:15:01 -04:00
treydock
6c46ffffd9
Allow Helm CRD management to be disabled (#2655) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-11-01 19:21:10 -07:00
Bricktop
b53ec25ca5
Make whitespace consistent in various helm charts (#2619) 
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-10-28 23:11:30 -07:00
Anushka Mittal
08a3087100
New operators (#2543) 
* added anyin operator

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* allin, anynotin, allnotin added

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* added operator handler info

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* fixes typos and variable names

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* reusing code from in.go in new operators

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* Added more test cases for new operators

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* updated openapiv3schema

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* matching logic

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* added deprecated tag for In and NotIn

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-26 17:29:42 -07:00
shuting
3aa6d8d42f
update image tag to "lates" in main branch (#2601) 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-26 17:27:27 -07:00
Jim Bugwadia
3aeca943c7
update versions (#2581) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-25 19:43:42 -07:00
vivek kumar sahu
a1f21c747f
from policy/v1beta1 to policy/v1 (#2561) 
* from policy/v1beta1  to policy/v1

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* replace "policy/v1beta1" by "policy/v1"

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2021-10-25 12:37:00 +05:30
Chip Zoller
64cb5d7d41
Helm README updates with values (#2548) 
* add platform to bug template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Helm value updates

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2021-10-18 22:49:40 -07:00
ShutingZhao
eddd258a40 release v1.5.0-rc1 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-07 16:04:08 -07:00
shuting
9dc2c2b4bf
Bugfixes - handle verifyImage rules for webhooks configurations (#2501) 
* dynamic webhooks for verifyImages rule

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add namespace env to the initContainer

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add debug log

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update operator schema validation tag

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* set policy to ready if auto-update-webhook disabled

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-07 13:50:30 -07:00
Jim Bugwadia
0bb35aa302 merge main 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 10:51:43 -07:00
Anushka Mittal
3914c513a8
Changing flag names for consistency (#2467) 
* changing flag names for consistency

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* changes for backward compatibility

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* updated the CHANGELOG.md

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 10:32:48 -07:00
Jim Bugwadia
7c57ac24e6 update CRDs 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 00:58:45 -07:00
shuting
b10947b975
Dynamic webhooks (#2425) 
* support k8s 1.22, update admissionregistration.k8s.io/v1beta1  to admissionregistration.k8s.io/v1

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add failurePolicy to policy spec; - fix typo

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add schema validation for failurePolicy; - add a printer column

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* set default failure policy to fail if not defined

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* resolve conflicts

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix missing type for printerColumn

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* refactor policy controller

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add webhook config manager

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - build webhook objects per policy update; - add fail webhook to default webhook configurations

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix panic on policy update

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - set default webhook configs rule to empty; - handle policy deletion

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* reset webhook config if policies with a specific failurePolicy are cleaned up

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* handle wildcard pocliy

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update default webhook timeout to 10s

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* cleanups

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* added webhook informer to re-create it immediately if missing

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update tag webhookTimeoutSeconds description

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix e2e tests

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix linter issue

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* correct metric endpoint

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add pol.generate.kind to webhooks

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-05 00:15:09 -07:00
Kumar Mallikarjuna
aba2e58f09
Added PodDisruptionBudget in kustomize & helm (Rebased) (#2463) 
* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* changed for comments

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* Updating minAvailable

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Removed redundant lines

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: Christopher Haar <christopher@DKBs-MBP.localdomain>
Co-authored-by: Christopher Haar <chhaar30@googlemail.com>
 2021-10-04 22:39:24 -07:00
Kumar Mallikarjuna
b7c8368569
Adding deprecation warning for any and all (Rebased) (#2466) 
* added deprecation warning for any and all

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* Updated schemas

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-10-04 11:57:39 -07:00
Jim Bugwadia
705e029ff0
Merge pull request #2443 from JimBugwadia/feature/foreach_validate 
Feature/foreach validate
 2021-10-04 00:05:36 -07:00
Jim Bugwadia
8b7d404ea2 generate CRDs and validate handling of skip/error 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-02 18:29:25 -07:00
Pooja Singh
c32002837d
supporting request object for generate policies (#2455) 
* supporting request object for generate policies

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated naming for operation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* run make kustomize-crd

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-01 11:39:29 -07:00
shuting
af944b9cd5
Add new fields webhookTimeoutSeconds and failurePolicy to the policy Spec (#2456) 
* add tag WebhookTimeoutSeconds to policy spec

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add spec.failurePolicy

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-09-29 20:53:34 -07:00
Anushka Mittal
dc6694029c
Update anti-affinity to the soft limit (#2441) 2021-09-28 14:00:49 -07:00
Naman Lakhwani
63f5c09297
NetworkPolicy: from should be an array of objects (#2423) 2021-09-24 11:22:57 -07:00
ShutingZhao
ee10ab66b0 update policy.status subresource 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-09-23 16:13:27 -07:00
treydock
e1daf2085d
Switch Helm CRDs back to kyverno chart and move Policies to dedicated chart (#2357) 
* Switch Helm CRDs back to kyverno chart and move Policies to dedicate chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix policies chart labels

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Remove README items moved to kyverno-policies chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-09-22 13:56:10 -07:00
Pooja Singh
adb785831f
fix | e2e test cases are failing with busybox image (#2422) 
* removing charts from push and pull ignore

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated tag replace logic

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* linting fix

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-09-21 13:07:46 -07:00
Ernesto R. C. Pereda
d6a6974a5f
Update README.md (#2419) 2021-09-21 11:41:22 -07:00
Sachin
7bb8d956d8
remove not consistent kyverno ConfigMap name (#2418) 
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
 2021-09-21 20:48:48 +05:30
Morgan Hoban
f52ea45331
allows for configuration of test image through chart values (#2410) 
Signed-off-by: Morgan Hoban <morgan.hoban@sage.com>
 2021-09-21 12:30:41 +05:30
Arsh Sharma
42d4948537
adding pod anti-affinity to Kyverno (#1985) 
* added for deployment.yaml

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added for helm

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* to be tested

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* removed not needed ends

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* made changes to pass the test

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* removed hard from values.yaml

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added condition to disable pod-affinity

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changed with to if condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small fix for trailing spaces

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small fix

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

Co-authored-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-09-20 15:52:46 +05:30
Jim Bugwadia
23af42dc92
allow alternate image repositories (#2393) 
* allow alternate image repositories

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* generate CRD YAMLs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-09-16 16:11:38 -07:00
Shuting Zhao
ec050241fc release v1.4.3 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-09-16 11:56:52 -07:00
Shuting Zhao
0660db94bd release v1.4.3-rc2 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-09-14 20:35:58 -07:00
Shuting Zhao
e6317da597 update kyverno-crds chart version 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-09-13 15:27:43 -07:00
Shuting Zhao
b3e529f817 release v1.4.3-rc1 2021-09-13 14:44:24 -07:00
Yashvardhan Kukreja
5fcd9b83d9
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-09-10 14:39:12 -07:00
Shuting Zhao
fd7e4735d7 add v1alpha1 CRDs schema back 2021-09-09 17:13:16 -07:00
Naman Lakhwani
dfd9a8d604
networkPolicy customization (#2334) 
* networkpolicy customization

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* allow configuring matchLabels, added metrics-port

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* check metricsService.create

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2021-09-08 18:21:56 -07:00
Frank Jogeleit
c522343c03
Update PolicyReport CRDs to wgpolicyk8s.io/v1alpha2 (#1825) 2021-08-21 10:35:17 -07:00
Vineeth Reddy
c7dbbe4924
updated kyverno deployment strategy (#2006) 
* updated kyverno deployment strategy

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* update helm chart

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* minor changes

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* make updatestrategy configurable

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>
 2021-08-18 15:49:35 +05:30
treydock
45e95c2217
Make Kyverno CRDs a seperate Helm chart capable of being updated/deleted (#2218) 
* Make Kyverno CRDs a seperate Helm chart capable of being updated/deleted

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Make E2E tests work with new chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Seems Helm lint needs values.yaml

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Can't use ct install for the CRDs because will end up getting uninstalled after test

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Ensure helm release accounts for new CRD chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Update CRD chart versions

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Make CRD chart version match main kyverno chart version

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Bump chart versions

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-08-12 13:54:17 -07:00
Thomas Labarussias
7c96bd3e21
add value for override of namespace of serviceMonitor (#2258) 
* add value for override of namespace of serviceMonitor

Signed-off-by: Issif <issif+github@gadz.org>

* set version of chart to v2.0.1

Signed-off-by: Issif <issif+github@gadz.org>
 2021-08-12 13:14:21 -07:00
Shuting Zhao
fb6e0f18ea release v1.4.2 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-08-11 12:48:37 -07:00