mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3033 commits 16 branches 550 tags 288 MiB
Commit graph

1685 commits

Author SHA1 Message Date
Pooja Singh
0de83ebe17
code improvement (#1567) 
* code improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added if conditions

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed unit test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-10 10:28:50 -08:00
Yashvardhan Kukreja
fe6652d9ca
fix: restricting empty value to pass through the validation checks (#1574) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-09 17:16:02 -08:00
Pooja Singh
4788085c4f
Panic fix in generation.go (#1563) 
* added if condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed test condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-09 10:34:57 -08:00
shuting
8dcfa185b1
Remove duplicate results' entries from policy report (#1559) 
* remove duplicate results' entries from policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* improve error reporting when removing duplicate result entries

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 14:42:17 -08:00
Pooja Singh
c148573d48
issue fixed (#1558) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-08 10:36:39 -08:00
Raj Babu Das
72eb5e3503
Adding support for applying git raw by kyverno cli (#1554) 
Signed-off-by: Raj Das <mail.rajdas@gmail.com>
 2021-02-08 10:08:06 -08:00
Yashvardhan Kukreja
d141f74015
performed cleanups (#1552) 2021-02-07 21:19:25 -08:00
shuting
2f2d6c2e38
Upgrade client libraries to 0.20.2 (#1547) 
* upgrade clients to 0.20.2

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove debug log

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix unit tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix e2e test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-07 20:26:56 -08:00
shuting
bd44dbff41
Reduce RCR Throttling (#1545) 
* buffer report change requests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix clusterReportChangeRequest

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* further reduce RCRs in background scan

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-07 19:46:50 -08:00
Yashvardhan Kukreja
6b3ab3fe23
added: generic NumericOperator to handle numeric operations for kyverno policies (#1536) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-05 19:49:23 -08:00
shuting
c42d545c20
Revert "Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527)" (#1548) 
This reverts commit 0487330b33.
 2021-02-05 19:34:15 -08:00
Raj Babu Das
0487330b33
Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527) 
* Adding feature to apply from http url

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding comment

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* formatting imports

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* removing fmt.print

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
 2021-02-05 18:42:39 -08:00
Max Goncharenko
536f364724
Add AND logical operator support (#1539) 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-02-05 17:52:31 -08:00
Jim Bugwadia
b91022d438
Merge pull request #1518 from kyverno/test_cli 
test command for kyverno
 2021-02-05 12:44:07 -08:00
shuting
6953aa86bc
compare policy status before actually update it (#1523) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:24 -08:00
shuting
39b27a16ed
Reduce throttling requests (GET) (#1522) 
* add resource lister to even handler

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* use lister to get Kyverno deployment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add lister for webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:10 -08:00
Jim Bugwadia
ba9d003774
update APICall docs (#1534) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-03 13:10:02 -08:00
Pooja Singh
32522e7827
namespace selector (#1532) 
* updated crd with namespace selector

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for validate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added condition in utils for namespace labels

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added function for extracting namespace label using lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added lister in generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* commented generate controller changes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in apply.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in generation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in mutation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label for validation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* using dynaminc informer

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-03 13:09:42 -08:00
vyankatesh_neualto
2f92b95015 #1513 [BUG] CLI Panic when assigning variables 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-03 18:27:45 +05:30
vyankatesh_neualto
18f20abbf9 fix engine.PolicyContext issue 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-02 20:02:07 +05:30
vyankyGH
27f9b4747a
Merge branch 'main' into test_cli 2021-02-02 18:57:05 +05:30
vyankatesh_neualto
ce9ab9ef69 adding kyverno test command with git support 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-02 18:45:38 +05:30
Jim Bugwadia
0be7903c47 fix tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-02 00:20:03 -08:00
Jim Bugwadia
2bb812aa2d redo changes reverted by merge 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-01 23:22:19 -08:00
vyankatesh_neualto
01ac9058d9 code indentation 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-02 09:25:22 +05:30
vyankatesh_neualto
7482c5c1fe initial commit for kyverno test command 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-02 09:25:22 +05:30
Yashvardhan Kukreja
03c77e4145
feat: validation 'value' field under 'deny.conditions' in a rule object (#1510) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-01 13:27:16 -08:00
Jim Bugwadia
e8e3b93a5f
api server lookups (#1514) 
* initial commit for api server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial commit for API server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)

* Dockerfile refactored

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Adding non-root commands to docker images and enhanced the dockerfiles

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing base image to scratch

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Minor typo fix

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing dockerfiles to use /etc/passwd to use non-root user'

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert cli image name (#1507)

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)

* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix merge issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add nil check for API client

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2021-02-01 12:59:13 -08:00
shuting
c692263177
Refactor resourceCache; Reduce throttling requests (background controller) (#1500) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-29 17:38:23 -08:00
Pooja Singh
0396d5278e
added logic for generate policy with data (#1463) 
* added logic for generate policy with data

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* debuging data of configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed few print statements

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for pod

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* logic for pod

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* restructured

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed println

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* function rename

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removed comment

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* extract annotation and label

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* extract annotation and label from updated target resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-01-27 10:11:22 -08:00
Jim Bugwadia
05da4190f8
handle discovery errors for metrics API group (#1494) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-24 11:34:02 -08:00
shuting
e54776ee7e
Bug fix - namespace is not returned properly (#1491) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-22 17:56:41 -08:00
shuting
62a4a3a7da
Reduce throttling - skip sending API request for filtered resources (#1489) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-21 18:58:53 -08:00
shuting
d82f19be4e
Feature/fix dev mode execution (#1477) 
* add serverIP to X.509 certificate SANs

* disable webhook monitor in debug mode

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2021-01-20 15:25:27 -08:00
shuting
3bc386955e
Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478) 
* ignore certain paths when generates JSON patches

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove extra comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix https://github.com/kyverno/kyverno/issues/1339

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* resolve PR comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-19 11:08:06 -08:00
Jim Bugwadia
f93e3020e1
support nested JMESPATH var substitution (#1471) 2021-01-14 10:46:51 -08:00
shuting
27e2b9abd5
Fix mutation panic (#1462) 
* fix #1454

* - add unit tests; - rename method
 2021-01-08 16:45:39 -08:00
shuting
e7a04b9138
Fix memory leak - remove item from the cache once done (audit handler) (#1459) 
* remove entry from audit handler

* fix test
 2021-01-07 16:26:59 -08:00
Jim Bugwadia
ff246a81a1
Merge pull request #1458 from kyverno/1457_wildcard_anchors 
handle anchors for wildcard annotations
 2021-01-07 11:57:21 -08:00
shuting
3908808e7a
Rename filterK8Resources to filterK8sResources (#1452) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources
 2021-01-07 11:27:50 -08:00
Jim Bugwadia
3a4592ca3b handle anchors for wildcard annotations 2021-01-07 11:24:38 -08:00
lengrongfu
fab777cdd5
add logging for policy creation and deletion events (#1445) 
* add logging for policy creation and deletion events

* update log message

* update log message kind type

Co-authored-by: lengrongfu <lengrongfu@baidu.com>
 2021-01-06 20:34:01 -08:00
shuting
52d091c5a3
Improve / clean up code (#1444) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages
 2021-01-06 16:32:02 -08:00
shuting
35aa3149c8
Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441) 2021-01-04 23:17:17 -08:00
Pooja Singh
9397a2f157
Merge pull request #1440 from NoSkillGirl/bug/generate_refactoring 
Bug/generate refactoring
 2021-01-04 23:10:25 +05:30
NoSkillGirl
b4f473ec23 added crypto package 2021-01-04 19:10:36 +05:30
NoSkillGirl
e67747260b generate refactorings 2021-01-04 15:19:06 +05:30
NoSkillGirl
df009cb2d4 remove resource details from log for log level higher than 3 2021-01-04 12:33:00 +05:30
Shuting Zhao
3fc4562e1b set CRD controller to reconcile every 15 mins 2021-01-03 00:14:27 -08:00
Jim Bugwadia
68474a9dd2 skip validation patterns for delete requests 2021-01-02 01:10:14 -08:00