kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Kumar Mallikarjuna	94c60598af	Replaced status with message (#4315 ) Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-08-09 10:23:50 +05:30
aofekiko	b516aecb42	Changed resource names to plurals (#4312 ) Signed-off-by: aofekiko <aofekiko@gmail.com>	2022-08-08 13:54:01 +00:00
Jim Bugwadia	66c3b3b8d0	Fix pr image verify blocked (#4297 ) * update log levels Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not generate policy reports for blocked images Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-04 05:27:09 +00:00
Charles-Edouard Brétéché	421b490c56	feat: use tombstone helper (#4273 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-03 16:17:07 +00:00
Anutosh Bhat	663e7584ae	Tightened scope on apiGroups for Kyverno:events Clusterrole (#4292 ) Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-03 15:36:03 +00:00
Dylan Shepard	d10f9d1b5a	trivial typo update (#4291 ) Signed-off-by: Dylan Shepard <dylan@shepard.dev>	2022-08-03 04:28:06 +00:00
Jim Bugwadia	943c3a1929	use failurePolicy to block or allow requests, on policy errors (#4183 ) * use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 20:24:02 +05:30
Jim Bugwadia	6fa8a97583	update log levels (#4286 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 10:57:25 +05:30
Tobias Trabelsi	ba32121acb	added additional init and sidecar container config (#4283 ) Signed-off-by: Tobias Trabelsi <Lerentis@users.noreply.github.com>	2022-08-01 13:29:27 +00:00
Guilhem Lettron	b03e461f25	feat: auto optimize GOMAXPROCS (#4277 ) Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>	2022-07-29 23:59:47 +08:00
Jim Bugwadia	4aa0767728	add applyRules to control whether one or all rules are applied (#4196 ) * add ruleSelector Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix selector logic for skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change names Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generated paths Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add image variable to context when rule processing starts Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update generate rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-29 15:02:26 +08:00
vivek kumar sahu	03cec01fb5	feature: added new type of event, PolicySkipped (#4251 ) * feature: added new type of event, PolicySkipped Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * fix html docs Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-28 14:01:50 +08:00
shuting	750b4b106c	Reset policy status on termination (#4269 ) - reset policy status to false on termination - retry reconciling policies when .status.ready=false Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-07-27 14:15:06 +05:30
James Callahan	975a2a21fa	fix: use an absolute path in docker entrypoint (#4263 ) With a relative path, containers started with a different working directory will fail to find the entrypoint Fixes: #4252 Signed-off-by: James Callahan <jamescallahan@bitgo.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-26 07:16:01 +00:00
Tathagata Paul	9b41e2e017	Add shutdown methods for exporters and controllers (#4214 ) * add shutdown methods for exporters and controllers Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * remove shutdown exporter and add timeout in main.go Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * move ctx timeout to main Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * change variable order Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>	2022-07-25 09:25:26 +00:00
shuting	a190b6ed56	sync Helm versions (#4262 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-07-25 06:33:51 +00:00
Guilhem Lettron	96999f8995	fix: use only 1 kubernetes client (#4256 ) Signed-off-by: Guilhem Lettron <guilhem@barpilot.io> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-25 13:49:51 +08:00
Tuan Anh Tran	6136470f40	Add Techcombank to adopters (#4260 ) Signed-off-by: Tuan Anh Tran <me@tuananh.org>	2022-07-23 01:53:41 +00:00
Anutosh Bhat	be6cc1381f	Implementing flag to show all failing tests only through the test command (#4227 ) * fix kyverno cli policy-report typo (#4224) - fix kyverno cli policy report typo - add shorthand for policy-report flag Signed-off-by: Vyankatesh vyankateshkd@gmail.com Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Added flag for getting fail only tests Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Improve output message Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Updated flag name as per CamelCase Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-22 20:02:12 +05:30
Prateek Pandey	3f1997c0e8	fix split policyreport name with background scan (#4237 ) - fix split policyreport name with background scan - fix the label selector initialising - refactor the generatePolicyName func Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-07-21 14:31:42 +05:30
Batuhan Apaydın	9af9717f16	chore: use new distroless base image provided by distroless org (#4219 ) * chore: use new distroless base image provided by distroless org Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * chore: remove unnecessary user instruction Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-21 06:37:56 +00:00
Vyankatesh Kudtarkar	530e38a6f4	fix check depreciated api issue (#4243 )	2022-07-21 13:11:39 +08:00
shuting	23a1df0d7b	Cherry-pick #4233 (#4236 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-07-20 22:22:15 +05:30
shuting	7a2045bc11	Revert "fix: metrics with invalid validationMode (#4198 )" (#4241 ) This reverts commit `65c100566c`.	2022-07-20 15:22:03 +00:00
Ramón Berrutti	65c100566c	fix: metrics with invalid validationMode (#4198 ) Signed-off-by: Ramón Berrutti <ramonberrutti@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-20 09:06:15 +00:00
Anutosh Bhat	dafa27e928	Corrected description for UpdateRequest struct (#4215 ) * Corrected description for UpdateRequest struct Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Added changes for docs Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Added diff shown in verify generate tests Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-19 12:16:50 +00:00
Anutosh Bhat	81c699b4a5	Removed confusing output message for the apply and replaced no of policies by no of policy rules count in the output message (#4229 ) Signed-off-by: anutosh491 <andersonbhat491@gmail.com>	2022-07-19 16:28:09 +05:30
Vyankatesh Kudtarkar	612b7fdff2	fix kyverno cli policy-report typo (#4224 ) - fix kyverno cli policy report typo - add shorthand for policy-report flag Signed-off-by: Vyankatesh vyankateshkd@gmail.com	2022-07-18 07:12:19 +00:00
Meha Bhalodiya	06460c0e68	feat: improve flag message for disableMetricsExport (#4194 ) * feat: improve flag message for disableMetricsExport Signed-off-by: Meha Bhalodiya <mehabhalodiya@gmail.com> * update description Signed-off-by: Meha Bhalodiya <mehabhalodiya@gmail.com>	2022-07-15 01:07:45 +08:00
vivek kumar sahu	f6c131cfcc	precondition failure will skip rule independent of audit or enforce mode (#4163 ) * precondition fails will skip rule independent of audit or enforce mode Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * Added cli-test cases Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * small fix Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-14 09:35:27 +05:30
Vyankatesh Kudtarkar	e71493e5cc	Make method public (#4207 ) * npmctl chnages * revert commit * remove comment	2022-07-13 13:37:51 -07:00
Byron Ibarra	f8a79be9a5	Fix UpdateRequest labeling (from pull #4199 ) (#4212 ) Signed-off-by: Byron Ibarra V <bibarrav@falabella.cl>	2022-07-13 03:08:15 +05:30
Prateek Pandey	c0cc4b781c	use the unstructured list instead of interface type (#4210 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-07-12 15:07:40 +00:00
Tathagata Paul	3e2894b6fa	feat: Opentelemetry support for metrics and traces (#3910 ) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-11 17:49:47 +00:00
Thomas Hartland	6e9609409b	Use non-blocking channel send for UpdateWebhookChan (#4204 ) If the channel send is blocked then there is already an update queued, and there is no point waiting to queue another one. In profiling, the channel send in monitor.go has been seen to "leak" goroutines as the channel is not being read from fast enough, but the root cause is not known. Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk>	2022-07-12 00:21:20 +08:00
Jim Bugwadia	58337716c8	Fix merging JSON patches (#4202 ) * fix merge of image verify and mutate patches Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update json patch merge logic Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-07-11 09:26:31 +05:30
Chris Bandy	0712022640	Resolve conflict introduced to contributing page (#4192 ) Sections were added and moved in `f67f145d90` and `d05a0759ca`, resulting in duplicate headers. Signed-off-by: Chris Bandy <bandy.chris@gmail.com>	2022-07-07 18:02:57 +00:00
vivek kumar sahu	a37901425f	return helpful error message on invalid patched resources. (#4129 ) Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-07-06 13:24:28 +05:30
Batuhan Apaydın	d05a0759ca	docs(contributing): add how to cherry-pick section (#4127 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>	2022-07-05 15:55:55 -07:00
Charles-Edouard Brétéché	24e96884c5	refactor: finish refactoring generate e2e tests (#4090 ) * refactor: generate e2e GeneratePolicyDeletionforCloneTests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: generate e2e test GenerateNetworkPolicyOnNamespaceWithoutLabelTests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: cleanup Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * finish refactoring tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: is not found Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor expectations part 1 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: repeat update on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-05 23:34:09 +08:00
Charles-Edouard Brétéché	210a709bb3	feat: policy status for autogen rules (#4173 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-07-03 15:09:18 -07:00
Charles-Edouard Brétéché	b29207f585	fix: use official controller-gen (#4171 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-07-01 15:25:59 +00:00
Vyankatesh Kudtarkar	12693e1a9c	fix external.metrics.k8s.io/v1beta1 issue (#4139 ) * fix external.metrics.k8s.io/v1beta1 issue * update find resource discovery method * revert validate.go * revert chnages * update discovery method * fix error handler issue * add logger support	2022-07-01 03:00:05 +00:00
Joe Bowbeer	606b2cb946	fix: add seccompProfile (#4178 ) Signed-off-by: Joe Bowbeer <joe.bowbeer@gmail.com>	2022-07-01 01:47:19 +00:00
Charles-Edouard Brétéché	27e5772986	fix: add more verify images e2e test for bool fields (#4172 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-06-30 21:36:28 +02:00
Prateek Pandey	808e6ae8b7	delete policy reports on policy deletion (#4174 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-06-30 15:45:02 +00:00
Charles-Edouard Brétéché	89c7432069	chore: add myself into owners (#4170 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-06-29 22:45:16 +02:00
Prateek Pandey	9226873e68	feat: split policy report per policy bases (#4147 ) * feat: split policy report per policy bases Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add policy name as a handler key Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * update merge change request logic Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * handle the delete resource update on policy report Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * add splitPolicyReport feature gate Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * delete old reports if splitPolicyReport feature enable Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * use trim policyname as label and create name Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * fix change request result Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-06-28 15:27:57 +00:00
shuting	77fb10a430	Clean up RCRs if the count exceeds the threshold (#4148 ) * Clean up RCRs if the count exceeds the limit Signed-off-by: ShutingZhao <shuting@nirmata.com> * Sets reports to inactive on resourceExhausted error Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add a container flag changeRequestLimit Signed-off-by: ShutingZhao <shuting@nirmata.com> * Skip generating RCRs if resourceExhausted error occurs Signed-off-by: ShutingZhao <shuting@nirmata.com> * set default RCR limit to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update log messages and CHANGELOG.md Signed-off-by: ShutingZhao <shuting@nirmata.com> * Address review comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Extract mapper to a separate file Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-28 06:18:57 +00:00
shuting	cd2d89bf55	Wait for informers' cache to be synced before starting controllers (#4155 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-28 04:55:52 +00:00

... 2 3 4 5 6 ...

4611 commits