mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-10 01:46:55 +00:00
Code Activity
4484 commits 19 branches 550 tags 292 MiB
Commit graph

64 commits

Author SHA1 Message Date
Anutosh Bhat
d92e16526f
Added appropriate logging levels to log.Info() calls wherever necessary (#4341) 
* Added appropriate logging levels to log.Info() calls wherever necessary

Signed-off-by: anutosh491 <andersonbhat491@gmail.com>

* Changed logging levels to 2

Signed-off-by: anutosh491 <andersonbhat491@gmail.com>

Signed-off-by: anutosh491 <andersonbhat491@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-08-18 13:24:59 +00:00
Dylan Shepard
d10f9d1b5a
trivial typo update (#4291) 
Signed-off-by: Dylan Shepard <dylan@shepard.dev>
 2022-08-03 04:28:06 +00:00
Jim Bugwadia
943c3a1929
use failurePolicy to block or allow requests, on policy errors (#4183) 
* use failurePolicy to block or allow requests, on policy errors

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add warnings

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* codegen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add unit tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle network errors

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix title conversion

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix path in generated file

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix fake metrics

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add check for klog flag initialization

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* check for flag reinitialization

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* check for flag reinitialization

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix spelling

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix flag init

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-08-02 20:24:02 +05:30
Guilhem Lettron
96999f8995
fix: use only 1 kubernetes client (#4256) 
Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-07-25 13:49:51 +08:00
Prateek Pandey
3f1997c0e8
fix split policyreport name with background scan (#4237) 
- fix split policyreport name with background scan
- fix the label selector initialising
- refactor the generatePolicyName func

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-07-21 14:31:42 +05:30
Charles-Edouard Brétéché
dae3dad027
refactor: used typed admission request in ur (#4022) 
* refactor: add policy event listener in ur controller (#4012)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit cd1fa030ee)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: used typed admission request in ur

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: used typed admission request in ur

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* Handle the error properly

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
 2022-05-29 07:27:14 +00:00
Charles-Edouard Brétéché
88f769cb39
fix: init container gr copy (#3995) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-23 17:57:19 +02:00
Charles-Edouard Brétéché
1936d86623
fix: move ur controller filtering in reconciler (#3964) 
* fix: move ur controller filtering in reconciler

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: mark ur retry on conflict

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: test data

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: add filter back in update ur handler

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: added some logs about attempts and increased backoff

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: reconciliation logic

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: Test_Generate_Synchronize_Flag

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: small nits

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-20 00:06:56 +08:00
Charles-Edouard Brétéché
5243763674
chore: make dclient import aliases consistent (#3951) 
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make dclient api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché
666bcb3c15
chore: make k8s api import aliases consistent (#3950) 
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché
5aaf2d8770
chore: make kyverno api import aliases consistent (#3939) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché
0099ef54ad
chore: enable gofmt and gofumpt linters (#3931) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché
8f825bb040
refactor: remove deployment hash on certs secrets (#3886) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-11 16:58:14 +02:00
Charles-Edouard Brétéché
c2602d8181
refactor: cleanup tls package (#3854) 
* refactor: init certs with certs renewer directly

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cleanup tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché
2064a69b8a
refactor: make config vars private (#3823) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché
bfc4290285
chore: enable more linters (#3862) 
* chore: enable deadcode and unused linters

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: enable more linters

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-10 21:20:04 +05:30
Charles-Edouard Brétéché
cea7a7e11e
fix: golangci-lint warnings in cmd (#3843) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-09 16:55:35 +00:00
Charles-Edouard Brétéché
4d08354498
fix: remove kubeconfig (#3802) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-05 10:12:43 +00:00
Prateek Nandle
5be6a4e2b0
removed kubeconfig flags (#3744) 
Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 21:11:21 +02:00
Charles-Edouard Brétéché
0a783bdc7d
chore: remove useless util NewKubeClient (#3795) 2022-05-04 13:14:17 +01:00
Charles-Edouard Brétéché
52d1b642d6
refactor: dclient package logger (#3778) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 08:24:30 +00:00
Charles-Edouard Brétéché
c79223393b
refactor: dclient package (#3775) 
* refactor: replace clientset by inteface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: dclient package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché
6e07acdd87
refactor: replace clientset by inteface (#3774) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 20:30:07 +00:00
Charles-Edouard Brétéché
80abda568e
fix: logger call depth (#3759) 
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-02 15:49:39 +00:00
Jim Bugwadia
e92623b015
Use inclusive language (#3738) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-04-29 17:29:18 +01:00
shuting
a4815f77c4
Convert GenerateRequest to UpdateRequest for backward compatibility (#3730) 
- Remove GenerateRequest Informer
 - Rename GenerateRequest to UpdateRequest in logs and vars
 - Fix initContainer leader election
 - Convert GenerateRequest to UpdateRequest in initContainer
 - Remove unused methods
 - Add printer column ruleType to UR


Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-29 16:35:49 +05:30
Charles-Edouard Brétéché
a6924a11ab
refactor: use typed k8s client in tls package (#3678) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-26 20:18:14 +00:00
Charles-Edouard Brétéché
c97af0094f
refactor: config package logger (#3683) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-26 21:55:24 +02:00
Charles-Edouard Brétéché
fe0ad3c68f
refactor: add os utils sub package (#3528) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-01 06:59:44 +00:00
Charles-Edouard Brétéché
5816144912
feat: use IsReady method (#3426) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-21 09:18:54 +00:00
Kumar Mallikarjuna
037a320fba
Added TLS annotation check in the initContainer (#2956) 
* Added TLS annotation check in the initContainer

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Error checks

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Refactor annotation addition code

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Strict error reporting

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Error handling for Secrets

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Updated error conditions

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>

* Update for nil error

Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>
 2022-01-11 08:47:24 +00:00
Frank Jogeleit
abb5bd2947
Add SelectorLabel to (Cluster)PolicyReporter resources (#2841) 
Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2021-12-17 05:03:52 +00:00
Sebastian Widmer
80664d339f
Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797) 
* Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits.

Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>

* Return error if QPS is higher than max value  of float32

Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>
 2021-12-08 14:03:07 +01:00
Kumar Mallikarjuna
254be4c1d3
Leader Election for initContainer (#2489) 
* Local build

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Leader Election for initContainer

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Lease deletion

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Use wrc client

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* log error out

Signed-off-by: ShutingZhao <shutting06@gmail.com>

Co-authored-by: ShutingZhao <shutting06@gmail.com>
 2021-10-06 16:12:07 -07:00
treydock
b460490984
Improve init container to use DeleteCollection to remove policy reports (#2477) 
* Improve init container to use DeleteCollection to remove policy reports

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Do not use go routine for each namespace

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-10-06 11:25:38 -07:00
Vineeth Reddy
6d2cb87370
change min support kubernetes version to 1.16 for kyverno 1.4 (#1935) 
* change min support kubernetes version to 1.16 for kyverno 1.4

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* migrate deployment to apps/v1

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>
 2021-06-08 13:14:28 -07:00
shuting
c816cf3d69
Add certificate renewer in webhook registration controller (#1692) 
* load TLS pair from existing secret, if applicable

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove Kyverno managed secrets during shutdown

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add certificate renewer; - re-structure certificate package

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* commit un-saved file

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* eliminate throttling requests while registering webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* disable webhook monitor (in old pod) during rolling update

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove webhook cleanup logic from init container

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update PR template

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update link to the website repo

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update repo name

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-16 11:31:04 -07:00
shuting
2f2d6c2e38
Upgrade client libraries to 0.20.2 (#1547) 
* upgrade clients to 0.20.2

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove debug log

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix unit tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix e2e test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-07 20:26:56 -08:00
Jim Bugwadia
05da4190f8
handle discovery errors for metrics API group (#1494) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-24 11:34:02 -08:00
shuting
62a4a3a7da
Reduce throttling - skip sending API request for filtered resources (#1489) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-21 18:58:53 -08:00
shuting
35aa3149c8
Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441) 2021-01-04 23:17:17 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
shuting
39421ca6e9
Reduce RCR throttling requests (#1376) 
* reduce RCR throtlling requests

* update logger in init container
 2020-12-09 09:29:52 -08:00
shuting
c1764a85d1
1370 clean up stale RCRs (#1373) 
* remove env "POLICY-TYPE"

* clean up resource in goroutine

* clean up stale RCRs on namespace deletion

* go vet

* clean up code
 2020-12-08 23:04:16 -08:00
shuting
630a9cc94c
Fix Kyverno crash when CRD is not installed (#1353) 
* ignore Kyverno CRDs existence check when server is not available

* clean up cluster / reportChangeRequest

* resolve PR comments
 2020-12-03 19:19:36 -08:00
shuting
2ec5a0fa42
1319 fix throttling (#1348) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

* improve naming

* add temp logs for troubleshooting

* cleanup logs

* apply generate policy to old & new resource in webhook

* cleanup log messages

* cleanup log messages

* cleanup log messages

* fix clean up of policy report in init container

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-12-01 12:30:08 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Jim Bugwadia
48b98bd17b
allow text after patch versions (#1230) 2020-11-02 22:14:36 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30