kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Vyankatesh Kudtarkar	164885d087	Update Kyverno test command (#1608 ) * fix link (#1566) Signed-off-by: vyankatesh <vyankatesh@neualto.com> * update icon in chart.yaml Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * Adding default policies for restricted mode and adding notes to helm install (#1556) * Adding default policies for restricted mode, taking validationFailureAction from values.yaml and adding notes on helm install Signed-off-by: Raj Das <mail.rajdas@gmail.com> * Adding emoji Signed-off-by: Raj Das <mail.rajdas@gmail.com> * Update NOTES.txt * minor fix Signed-off-by: Raj Das <mail.rajdas@gmail.com> * adding to readme Signed-off-by: Raj Das <mail.rajdas@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * update links and formatting in PR template (#1573) * update links and formatting in PR template Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update policy submission request template Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * fix: restricting empty value to pass through the validation checks (#1574) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * Actually fix contributor link in PR template (#1575) * update links and formatting in PR template Signed-off-by: Chip Zoller <chipzoller@gmail.com> * update policy submission request template Signed-off-by: Chip Zoller <chipzoller@gmail.com> * actually fix contrib guidelines Signed-off-by: Chip Zoller <chipzoller@gmail.com> * actually fix contrib guidelines Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * code improvement (#1567) * code improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added if conditions Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed unit test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * feat(operators): support subset checking for in and notin (#1555) * feat(operators): support subset checking for in and notin Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * feat(operators): fixed NotIn function Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * panic fix (#1601) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> Signed-off-by: vyankatesh <vyankatesh@neualto.com> * update kyverno cli test cmd Signed-off-by: vyankatesh <vyankatesh@neualto.com> * code indentation Signed-off-by: vyankatesh <vyankatesh@neualto.com> * change help text Signed-off-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: Dekel <dekelb@users.noreply.github.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com> Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com> Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com> Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-02-17 11:30:41 -08:00
Jim Bugwadia	731474a9a2	rename context2 -> enginecontext (#1605 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-16 19:17:20 -08:00
Yashvardhan Kukreja	478f32b8b4	fix: allowed templatised values to be exempted from validation checks (#1599 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-02-16 13:06:07 -08:00
Pooja Singh	a21195f362	panic fix (#1609 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-16 12:48:04 -08:00
Pooja Singh	33ec907a09	panic fix (#1601 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-15 11:27:09 -08:00
Arsh Sharma	596bc9ba6f	feat(operators): support subset checking for in and notin (#1555 ) * feat(operators): support subset checking for in and notin Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * feat(operators): fixed NotIn function Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>	2021-02-10 13:05:36 -08:00
Pooja Singh	0de83ebe17	code improvement (#1567 ) * code improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added if conditions Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed unit test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-10 10:28:50 -08:00
Yashvardhan Kukreja	fe6652d9ca	fix: restricting empty value to pass through the validation checks (#1574 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-02-09 17:16:02 -08:00
Pooja Singh	4788085c4f	Panic fix in generation.go (#1563 ) * added if condition Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed test condition Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-09 10:34:57 -08:00
shuting	8dcfa185b1	Remove duplicate results' entries from policy report (#1559 ) * remove duplicate results' entries from policy report Signed-off-by: Shuting Zhao <shutting06@gmail.com> * improve error reporting when removing duplicate result entries Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-08 14:42:17 -08:00
Pooja Singh	c148573d48	issue fixed (#1558 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-08 10:36:39 -08:00
Raj Babu Das	72eb5e3503	Adding support for applying git raw by kyverno cli (#1554 ) Signed-off-by: Raj Das <mail.rajdas@gmail.com>	2021-02-08 10:08:06 -08:00
Yashvardhan Kukreja	d141f74015	performed cleanups (#1552 )	2021-02-07 21:19:25 -08:00
shuting	2f2d6c2e38	Upgrade client libraries to 0.20.2 (#1547 ) * upgrade clients to 0.20.2 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove debug log Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix e2e test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 20:26:56 -08:00
shuting	bd44dbff41	Reduce RCR Throttling (#1545 ) * buffer report change requests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix clusterReportChangeRequest Signed-off-by: Shuting Zhao <shutting06@gmail.com> * further reduce RCRs in background scan Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 19:46:50 -08:00
Yashvardhan Kukreja	6b3ab3fe23	added: generic NumericOperator to handle numeric operations for kyverno policies (#1536 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-02-05 19:49:23 -08:00
shuting	c42d545c20	Revert "Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527 )" (#1548 ) This reverts commit `0487330b33`.	2021-02-05 19:34:15 -08:00
Raj Babu Das	0487330b33	Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527 ) * Adding feature to apply from http url Signed-off-by: Raj Das <mail.rajdas@gmail.com> * Adding comment Signed-off-by: Raj Das <mail.rajdas@gmail.com> * formatting imports Signed-off-by: Raj Das <mail.rajdas@gmail.com> * removing fmt.print Signed-off-by: Raj Das <mail.rajdas@gmail.com>	2021-02-05 18:42:39 -08:00
Max Goncharenko	536f364724	Add AND logical operator support (#1539 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-02-05 17:52:31 -08:00
Jim Bugwadia	b91022d438	Merge pull request #1518 from kyverno/test_cli test command for kyverno	2021-02-05 12:44:07 -08:00
shuting	6953aa86bc	compare policy status before actually update it (#1523 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-05 09:58:24 -08:00
shuting	39b27a16ed	Reduce throttling requests (GET) (#1522 ) * add resource lister to even handler Signed-off-by: Shuting Zhao <shutting06@gmail.com> * use lister to get Kyverno deployment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add lister for webhook configs Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-05 09:58:10 -08:00
Jim Bugwadia	ba9d003774	update APICall docs (#1534 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-03 13:10:02 -08:00
Pooja Singh	32522e7827	namespace selector (#1532 ) * updated crd with namespace selector Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for validate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added condition in utils for namespace labels Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function for extracting namespace label using lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added lister in generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * commented generate controller changes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in apply.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in generation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in mutation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label for validation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * using dynaminc informer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-03 13:09:42 -08:00
vyankatesh_neualto	2f92b95015	#1513 [BUG] CLI Panic when assigning variables Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>	2021-02-03 18:27:45 +05:30
vyankatesh_neualto	18f20abbf9	fix engine.PolicyContext issue Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>	2021-02-02 20:02:07 +05:30
vyankyGH	27f9b4747a	Merge branch 'main' into test_cli	2021-02-02 18:57:05 +05:30
vyankatesh_neualto	ce9ab9ef69	adding kyverno test command with git support Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>	2021-02-02 18:45:38 +05:30
Jim Bugwadia	0be7903c47	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-02 00:20:03 -08:00
Jim Bugwadia	2bb812aa2d	redo changes reverted by merge Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-01 23:22:19 -08:00
vyankatesh_neualto	01ac9058d9	code indentation Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>	2021-02-02 09:25:22 +05:30
vyankatesh_neualto	7482c5c1fe	initial commit for kyverno test command Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>	2021-02-02 09:25:22 +05:30
Yashvardhan Kukreja	03c77e4145	feat: validation 'value' field under 'deny.conditions' in a rule object (#1510 ) Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-02-01 13:27:16 -08:00
Jim Bugwadia	e8e3b93a5f	api server lookups (#1514 ) * initial commit for api server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial commit for API server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495) * Dockerfile refactored Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Adding non-root commands to docker images and enhanced the dockerfiles Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing base image to scratch Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Minor typo fix Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing dockerfiles to use /etc/passwd to use non-root user' Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert cli image name (#1507) Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Refactor resourceCache; Reduce throttling requests (background controller) (#1500) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add nil check for API client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-02-01 12:59:13 -08:00
shuting	c692263177	Refactor resourceCache; Reduce throttling requests (background controller) (#1500 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-29 17:38:23 -08:00
Pooja Singh	0396d5278e	added logic for generate policy with data (#1463 ) * added logic for generate policy with data Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * debuging data of configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed few print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * restructured Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed println Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * function rename Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed comment Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label from updated target resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-01-27 10:11:22 -08:00
Jim Bugwadia	05da4190f8	handle discovery errors for metrics API group (#1494 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-01-24 11:34:02 -08:00
shuting	e54776ee7e	Bug fix - namespace is not returned properly (#1491 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-22 17:56:41 -08:00
shuting	62a4a3a7da	Reduce throttling - skip sending API request for filtered resources (#1489 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-21 18:58:53 -08:00
shuting	d82f19be4e	Feature/fix dev mode execution (#1477 ) * add serverIP to X.509 certificate SANs * disable webhook monitor in debug mode Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-01-20 15:25:27 -08:00
shuting	3bc386955e	Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478 ) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-19 11:08:06 -08:00
Jim Bugwadia	f93e3020e1	support nested JMESPATH var substitution (#1471 )	2021-01-14 10:46:51 -08:00
shuting	27e2b9abd5	Fix mutation panic (#1462 ) * fix #1454 * - add unit tests; - rename method	2021-01-08 16:45:39 -08:00
shuting	e7a04b9138	Fix memory leak - remove item from the cache once done (audit handler) (#1459 ) * remove entry from audit handler * fix test	2021-01-07 16:26:59 -08:00
Jim Bugwadia	ff246a81a1	Merge pull request #1458 from kyverno/1457_wildcard_anchors handle anchors for wildcard annotations	2021-01-07 11:57:21 -08:00
shuting	3908808e7a	Rename filterK8Resources to filterK8sResources (#1452 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages * rename filterK8Resources to filterK8sResources	2021-01-07 11:27:50 -08:00
Jim Bugwadia	3a4592ca3b	handle anchors for wildcard annotations	2021-01-07 11:24:38 -08:00
lengrongfu	fab777cdd5	add logging for policy creation and deletion events (#1445 ) * add logging for policy creation and deletion events * update log message * update log message kind type Co-authored-by: lengrongfu <lengrongfu@baidu.com>	2021-01-06 20:34:01 -08:00
shuting	52d091c5a3	Improve / clean up code (#1444 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages	2021-01-06 16:32:02 -08:00
shuting	35aa3149c8	Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441 )	2021-01-04 23:17:17 -08:00

1 2 3 4 5 ...

1691 commits