mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
4611 commits 15 branches 540 tags 276 MiB
Commit graph

4611 commits

This branch
This branch
All branches
Author SHA1 Message Date
shuting
47b1266503
- Disable events generation on DELETE; - Reduce event generation retry from 10 to 3 (#4159) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 11:58:23 +08:00
shuting
1c329ea65f
Use kyverno namespace informer to list pods while processing URs (#4156) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-27 12:44:42 +08:00
Chip Zoller
fbde1fbcbe
Template updates (#4150) 
* add chipzoller to CODEOWNERS

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update version drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add explanation section

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-23 13:33:22 +00:00
Jim Bugwadia
b68f4ba679
release event memory (#4138) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-23 00:37:46 +08:00
Prateek Pandey
a14cab0947
fix: use dev tag for init container local build target (#4142) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-21 10:30:22 +05:30
Tathagata Paul
16f8620993
added resource lists for test cli (#4082) 
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
 2022-06-20 06:38:13 +00:00
Jim Bugwadia
f67f145d90
update contributing guide (#4119) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-06-20 06:13:39 +00:00
shuting
008b9ab48e
sync release versions (#4133) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-17 09:30:06 +00:00
Furkan Türkal
af3da5e19a
bump cosign to 1.9.1 to fix fulcio panic (#4117) 
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>

Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-06-16 16:03:22 +00:00
Prateek Pandey
02b806deee
fix: use policyName key to get the policy name (#4114) 
In case of namespace policy `ur.spec.policy`
contains namespace/policy-name combinations, hence
can't be used to set the policy name label.

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-06-16 11:23:37 +00:00
Jim Bugwadia
bc1b051b90
fix imageVerify validation checks and conversion logic (#4038) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-15 17:13:36 -07:00
Andrew Bulford
11942560c3
fix: Stop incorrect any block condition logging (#4107) 
Previously the "no condition passed for 'any' block" would be logged for
all `any` blocks because the log line always occurs, even if conditions
are found.

Co-authored-by: Samuel Torres <samuel.torres@form3.tech>
Signed-off-by: Andrew Bulford <andrew.bulford@form3.tech>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-06-15 15:39:24 +00:00
vivek kumar sahu
051b0751e0
set test.namespace value implict as resource namespace until and unless explict value is added (#4100) 
Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2022-06-15 17:59:13 +05:30
Jim Bugwadia
c3be689851
remove TUF initialization from main (#4098) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-06-10 00:52:12 -07:00
treydock
7f4f6d14fd
Update CODEOWNERS to include treydock (#4097) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2022-06-09 14:38:50 +00:00
Charles-Edouard Brétéché
e1db7c9814
feat: add e2e framework and verify image new test (#4094) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-06-09 21:58:07 +08:00
Chip Zoller
91ce9f9abd
add chipzoller to CODEOWNERS (#4096) 
Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-09 04:08:10 +00:00
Charles-Edouard Brétéché
e3c39f1da1
refactor: generate e2e GeneratePolicyDeletionforCloneTests (#4071) 
* refactor: generate e2e GeneratePolicyDeletionforCloneTests

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: unit test

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: remove resourceExpectation type

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-06-07 23:35:44 +08:00
treydock
660e8f34f9
Exclude Kyverno namespace by default (#4079) 
* Exclude Kyverno namespace by default
Fixes #4075

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2022-06-07 12:55:27 +00:00
Batuhan Apaydın
a064a1960e
docs(chart): fix deadlink in NOTES.txt (#4085) 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
 2022-06-07 08:03:48 +01:00
vivek kumar sahu
7e79403324
Updated jp command flags and also added URL for help. (#4084) 
* Updated jp command flags and also added URL for help.

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Update cmd/cli/kubectl-kyverno/jp/jp_command.go

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-06-07 06:19:44 +00:00
Chip Zoller
d1f0671fee
update drop-downs (#4081) 
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2022-06-06 23:54:35 +08:00
Charles-Edouard Brétéché
0b7b2458eb
refactor: generate e2e tests (#4068) 
* refactor: use t.Cleanup in e2e tests

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: generate e2e tests

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* helpers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-06-03 21:08:27 +02:00
Charles-Edouard Brétéché
fe3c12628c
refactor: use t.Cleanup in e2e tests (#4067) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-06-03 19:08:33 +05:30
shuting
fac190462b
Remove s390X (#4063) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-03 08:11:12 +00:00
Charles-Edouard Brétéché
24cdc59f78
fix: add missing release notes in helm chart (#4057) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-06-03 05:48:28 +00:00
Charles-Edouard Brétéché
1786cb8bc8
fix: bool fields in image verification types (#4053) 
* refactor: add policy event listener in ur controller (#4012)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit cd1fa030ee)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: bool fields in image verification types

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-06-02 12:05:23 -07:00
Prateek Nandle
70175ae5e8
Print for failed test cases (#4048) 
Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-02 17:31:46 +00:00
shuting
d30778eab6
Sync v1.7.0 release manifests (#4051) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-02 11:20:33 +00:00
Prateek Pandey
0d44003386
refactor: bump KIND version to use v1.24.0 k8s release (#3877) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-06-01 14:39:55 +00:00
Charles-Edouard Brétéché
9e9e119f83
feat: add aggregated cluster role support (#3845) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-06-01 13:05:52 +00:00
Batuhan Apaydın
e756ae522a
chore(dockerfile): use buildx features for cross-compilation (#4023) 
* chore(dockerfile): use buildx features for cross-compilation

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat(kyverno): main container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-06-01 20:35:02 +08:00
treydock
ee46e9ed19
Ensure preconditions are present with default values (#4046) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2022-05-31 20:39:06 +00:00
treydock
566eae7d94
Fix handling of kyverno-policies version check when port in image tag (#4042) 
* Fix handling of kyverno-policies version check when port in image tag
Fixes #4031

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Add release notes for chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix release notes and use splitList

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2022-05-31 15:02:19 +00:00
Vyankatesh Kudtarkar
18ae9c7d6d
fix policy typo (#4039) 2022-05-31 06:28:02 +00:00
shuting
8260820a16
Fix labels with invalid charrs (#4034) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-30 05:21:08 +00:00
Charles-Edouard Brétéché
dae3dad027
refactor: used typed admission request in ur (#4022) 
* refactor: add policy event listener in ur controller (#4012)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit cd1fa030ee)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: used typed admission request in ur

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: used typed admission request in ur

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* Handle the error properly

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
 2022-05-29 07:27:14 +00:00
Vyankatesh Kudtarkar
7245c92dcf
fix vulnerable (#4027) 2022-05-26 04:19:00 +00:00
Shubham Nazare
165c5d9fc3
feat: Extend CLI to cover generate policies (#3456) 
- Change in namespace for test-generate example
- Change cloneResource to cloneSourceResource
- Add support for namespaced Policy and fix log messages
- Add test-generate in Makefile and an example of namespaced Policy
- Fix namespaced policy issue and add comments
- Refactor according to new generate controller
- Add json tag to GeneratedResource field of RuleResponse struct

Signed-off-by: Shubham Nazare <shubham4443@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-25 14:26:22 +00:00
vivek kumar sahu
fbbe57f5e1
Request operation value by default to CREATE (#3894) 
* set  by default  request.operation to CREATE

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* Added test cases

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-25 13:59:53 +00:00
Anton Popovichenko
afc9a56d33
Feature: Add support for allowing insecure registries. (#3983) 
Now you can work with self signed registries by updating your deployment with adding `--allowInsecureRegistry` to the `args` field.

Signed-off-by: Anton Popovichenko <anton.popovichenko@mendix.com>

Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-25 11:03:36 +02:00
Charles-Edouard Brétéché
4a6d5f7864
refactor: move policy deletion code from policy controller to ur controller (#4013) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-24 21:05:11 +02:00
Charles-Edouard Brétéché
74f5f30e3b
fix: bypass policy mutation if autogen internals enabled (#4007) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-24 17:37:01 +00:00
Charles-Edouard Brétéché
3a3556919f
fix: use background helper in ur generator (#4009) 
* fix: stop mutating cached resource in ur controller (#4003)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit dac733755b)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: use background helper in ur generator

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-24 16:58:45 +00:00
Charles-Edouard Brétéché
2e91d233c0
fix: remove update ur status in generator (#4008) 
* fix: stop mutating cached resource in ur controller (#4003)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit dac733755b)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: remove update ur status in generator

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-25 00:31:56 +08:00
Charles-Edouard Brétéché
cd1fa030ee
refactor: add policy event listener in ur controller (#4012) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-24 22:41:17 +08:00
Charles-Edouard Brétéché
b967d7388b
chore: remove unused ur errors (#4011) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-05-24 13:59:12 +00:00
Charles-Edouard Brétéché
73fdbd3e76
refactor: ur cleaner controller (#3974) 
* fix: move ur controller filtering in reconciler

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: mark ur retry on conflict

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: test data

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: add filter back in update ur handler

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: added some logs about attempts and increased backoff

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: reconciliation logic

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: Test_Generate_Synchronize_Flag

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: small nits

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: interface and logger

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: remove useless Control and ControlInterface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: use GetObjectWithTombstone helper

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: reoder methods

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: is not found check

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: move check in reconcile code

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: stop mutating cached resource in ur controller (#4003)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
(cherry picked from commit dac733755b)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-24 13:30:00 +00:00
Vyankatesh Kudtarkar
bea0b794d5
add validation check to ensure the annotations quoted (#3976) 2022-05-24 12:45:23 +00:00
shuting
85b486eb27
Support @ for mutate targets (#3998) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-05-24 17:49:36 +05:30