mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
2991 commits 16 branches 550 tags 288 MiB
Commit graph

1661 commits

Author SHA1 Message Date
Jim Bugwadia
0be7903c47 fix tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-02 00:20:03 -08:00
Jim Bugwadia
2bb812aa2d redo changes reverted by merge 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-01 23:22:19 -08:00
Yashvardhan Kukreja
03c77e4145
feat: validation 'value' field under 'deny.conditions' in a rule object (#1510) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-01 13:27:16 -08:00
Jim Bugwadia
e8e3b93a5f
api server lookups (#1514) 
* initial commit for api server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial commit for API server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)

* Dockerfile refactored

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Adding non-root commands to docker images and enhanced the dockerfiles

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing base image to scratch

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Minor typo fix

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing dockerfiles to use /etc/passwd to use non-root user'

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert cli image name (#1507)

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)

* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix merge issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add nil check for API client

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2021-02-01 12:59:13 -08:00
shuting
c692263177
Refactor resourceCache; Reduce throttling requests (background controller) (#1500) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-29 17:38:23 -08:00
Pooja Singh
0396d5278e
added logic for generate policy with data (#1463) 
* added logic for generate policy with data

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* debuging data of configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed few print statements

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for pod

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for pod

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* restructured

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed println

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* function rename

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed comment

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* extract annotation and label

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* extract annotation and label from updated target resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-01-27 10:11:22 -08:00
Jim Bugwadia
05da4190f8
handle discovery errors for metrics API group (#1494) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-24 11:34:02 -08:00
shuting
e54776ee7e
Bug fix - namespace is not returned properly (#1491) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-22 17:56:41 -08:00
shuting
62a4a3a7da
Reduce throttling - skip sending API request for filtered resources (#1489) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-21 18:58:53 -08:00
shuting
d82f19be4e
Feature/fix dev mode execution (#1477) 
* add serverIP to X.509 certificate SANs

* disable webhook monitor in debug mode

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-20 15:25:27 -08:00
shuting
3bc386955e
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) 
* ignore certain paths when generates JSON patches

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove extra comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix https://github.com/kyverno/kyverno/issues/1339

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* resolve PR comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-19 11:08:06 -08:00
Jim Bugwadia
f93e3020e1
support nested JMESPATH var substitution (#1471) 2021-01-14 10:46:51 -08:00
shuting
27e2b9abd5
Fix mutation panic (#1462) 
* fix #1454

* - add unit tests; - rename method
 2021-01-08 16:45:39 -08:00
shuting
e7a04b9138
Fix memory leak - remove item from the cache once done (audit handler) (#1459) 
* remove entry from audit handler

* fix test
 2021-01-07 16:26:59 -08:00
Jim Bugwadia
ff246a81a1
Merge pull request #1458 from kyverno/1457_wildcard_anchors 
handle anchors for wildcard annotations
 2021-01-07 11:57:21 -08:00
shuting
3908808e7a
Rename filterK8Resources to filterK8sResources (#1452) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources
 2021-01-07 11:27:50 -08:00
Jim Bugwadia
3a4592ca3b handle anchors for wildcard annotations 2021-01-07 11:24:38 -08:00
lengrongfu
fab777cdd5
add logging for policy creation and deletion events (#1445) 
* add logging for policy creation and deletion events

* update log message

* update log message kind type

Co-authored-by: lengrongfu <lengrongfu@baidu.com>
 2021-01-06 20:34:01 -08:00
shuting
52d091c5a3
Improve / clean up code (#1444) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages
 2021-01-06 16:32:02 -08:00
shuting
35aa3149c8
Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441) 2021-01-04 23:17:17 -08:00
Pooja Singh
9397a2f157
Merge pull request #1440 from NoSkillGirl/bug/generate_refactoring 
Bug/generate refactoring
 2021-01-04 23:10:25 +05:30
NoSkillGirl
b4f473ec23 added crypto package 2021-01-04 19:10:36 +05:30
NoSkillGirl
e67747260b generate refactorings 2021-01-04 15:19:06 +05:30
NoSkillGirl
df009cb2d4 remove resource details from log for log level higher than 3 2021-01-04 12:33:00 +05:30
Shuting Zhao
3fc4562e1b set CRD controller to reconcile every 15 mins 2021-01-03 00:14:27 -08:00
Jim Bugwadia
68474a9dd2 skip validation patterns for delete requests 2021-01-02 01:10:14 -08:00
NoSkillGirl
887fa10049 added source label logic to validate policy 2020-12-30 12:10:41 +05:30
NoSkillGirl
bbb5dc01a7 added error handling 2020-12-30 02:38:27 +05:30
NoSkillGirl
aa12d99096 retrying GR update 2020-12-30 02:04:10 +05:30
NoSkillGirl
fabe9ee8aa added update logic in ResourceMutation 2020-12-30 00:12:36 +05:30
NoSkillGirl
c66e2a7058 adding label to clone source 2020-12-29 18:04:20 +05:30
NoSkillGirl
1412b922f7 folder structure refactoring 2020-12-29 16:47:54 +05:30
NoSkillGirl
c98240d5dc making sure older labels are not removed 2020-12-29 16:36:43 +05:30
NoSkillGirl
dfaeaa7f8e add lables update fix 2020-12-29 16:35:48 +05:30
NoSkillGirl
9913af0253 adding GR for older GR's 2020-12-29 15:35:12 +05:30
NoSkillGirl
eef15dff89 changed synchronize label 2020-12-29 00:05:29 +05:30
NoSkillGirl
430184add4 updated comment 2020-12-28 13:28:26 +05:30
NoSkillGirl
ed868652ae removing goroutine 2020-12-24 18:45:46 +05:30
NoSkillGirl
bf7356d8f6 fixed updation of clone source 2020-12-24 18:39:23 +05:30
NoSkillGirl
371b79fc36 small fix 2020-12-24 12:41:54 +05:30
NoSkillGirl
0a84225dff goroutine added for GR 2020-12-24 12:29:28 +05:30
NoSkillGirl
ddc17d1983 fixed syntax error 2020-12-24 12:28:32 +05:30
NoSkillGirl
068ec5922f changed label prefix 2020-12-24 12:28:32 +05:30
NoSkillGirl
56c89eb320 fixing labels 2020-12-24 12:28:32 +05:30
NoSkillGirl
a2f3709985 corrected label 2020-12-24 12:28:32 +05:30
NoSkillGirl
53e2e38cd3 enqueing gr on getting deleted 2020-12-24 12:28:32 +05:30
Jim Bugwadia
58feb4f0ae
Merge pull request #1417 from kyverno/1337_match_old_resource 
update validation logic
 2020-12-23 19:01:15 -08:00
Jim Bugwadia
d3a65a0b2a fix patch resource in response 2020-12-23 18:51:07 -08:00
Jim Bugwadia
204c1f79fb fix validate response 2020-12-23 18:46:12 -08:00
shuting
2fc3b3b998
Fixes 1410 strategic merge patch (#1414) 
* fixes #1410

* fix unit test

* re-initialize worker immediately on failure
 2020-12-23 17:48:00 -08:00