kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

Author	SHA1	Message	Date
Frank Jogeleit	c522343c03	Update PolicyReport CRDs to wgpolicyk8s.io/v1alpha2 (#1825 )	2021-08-21 10:35:17 -07:00
Jim Bugwadia	003c865ab9	deprecate policy status (#2136 ) * deprecate policy status Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove policy status tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-07-14 12:18:59 -07:00
shuting	104cd310e8	Cleanup Report Change Requests (#2134 ) * clean up RCRs if retry fails Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup report change request when background scan starts Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add verb deletecollection to ClusterRole kyverno:customresources Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-07-14 09:57:16 -07:00
Valentin Velkov	63f4c9a884	Configurable success events on policies & resources. Generating failure events on policies by default. (#1939 ) * Remove unused event.Reason const Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate failure events on policies Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate success events on policy Signed-off-by: Velkov <valentin.velkov@sap.com> * Introduce 'generateSuccessEvents' flag Signed-off-by: Velkov <valentin.velkov@sap.com> * Unit tests & chart fix Signed-off-by: Velkov <valentin.velkov@sap.com>	2021-06-29 14:43:11 -07:00
Arsh Sharma	86045fc02c	adding support for policies.kyverno.io/scored annotation (#1976 ) * initial commit Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * added debug statements Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * fixed report Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * removed code for debugging Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * newline fix Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * fix default case Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-06-21 18:37:20 -07:00
shuting	e9a972a362	feat: HA (#1931 ) * Fix Dev setup * webhook monitor - start webhook monitor in main process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leaderelection Signed-off-by: Jim Bugwadia <jim@nirmata.com> * - add isLeader; - update to use configmap lock Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add initialization method - add methods to get attributes Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove newContext in runLeaderElection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to GenerateController Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add leader election to generate cleanup controller Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Gracefully drain request * HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920) * enable leader election for webhook register Signed-off-by: Shuting Zhao <shutting06@gmail.com> * extract certManager to its own process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * leader election for cert manager Signed-off-by: Shuting Zhao <shutting06@gmail.com> * certManager - init certs by the leader Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy report controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * rebuild leader election config Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start informers in leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start policy informers in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * enable leader election in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * move eventHandler to the leader election start method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add clusterrole leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixed generate flow (#1936) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * - init separate kubeclient for leaderelection - fix webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup Kyverno managed resources on stopLeading Signed-off-by: Shuting Zhao <shutting06@gmail.com> * tag v1.4.0-beta1 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix cleanup process on Kyverno stops Signed-off-by: Shuting Zhao <shutting06@gmail.com> * bump kind to 0.11.0, k8s v1.21 (#1980) Co-authored-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>	2021-06-08 12:37:19 -07:00
Frank Jogeleit	0e3e42ea33	Fix Typo in builder method names (#1798 ) Signed-off-by: Frank Jogeleit <fj@move-elevator.de>	2021-04-13 16:41:07 -07:00
Frank Jogeleit	072d9f7951	Add Support for policies.kyverno.io/severity annotation (#1763 ) Signed-off-by: Frank Jogeleit <fj@move-elevator.de>	2021-04-07 14:56:27 -07:00
shuting	fd9acf21a7	Auto-recover policy report (#1730 ) * auto-recover policy report Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add flag background-scan to tune this interval Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup webhook configurations when Kyverno deployment is deleted Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reconcile policy reports if Kyverno Configmap changes Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-25 12:28:03 -07:00
shuting	6fc349716c	Switch to use annotations to store resource info in cluster/reportChangeRequest (#1625 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes #1480 * store resource name and kind in (c)rcr's annotation	2021-02-19 09:09:41 -08:00
shuting	8dcfa185b1	Remove duplicate results' entries from policy report (#1559 ) * remove duplicate results' entries from policy report Signed-off-by: Shuting Zhao <shutting06@gmail.com> * improve error reporting when removing duplicate result entries Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-08 14:42:17 -08:00
shuting	bd44dbff41	Reduce RCR Throttling (#1545 ) * buffer report change requests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix clusterReportChangeRequest Signed-off-by: Shuting Zhao <shutting06@gmail.com> * further reduce RCRs in background scan Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 19:46:50 -08:00
shuting	c692263177	Refactor resourceCache; Reduce throttling requests (background controller) (#1500 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-29 17:38:23 -08:00
shuting	62a4a3a7da	Reduce throttling - skip sending API request for filtered resources (#1489 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-21 18:58:53 -08:00
shuting	3908808e7a	Rename filterK8Resources to filterK8sResources (#1452 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages * rename filterK8Resources to filterK8sResources	2021-01-07 11:27:50 -08:00
shuting	52d091c5a3	Improve / clean up code (#1444 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages	2021-01-06 16:32:02 -08:00
shuting	35aa3149c8	Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441 )	2021-01-04 23:17:17 -08:00
Jim Bugwadia	68474a9dd2	skip validation patterns for delete requests	2021-01-02 01:10:14 -08:00
Jim Bugwadia	58feb4f0ae	Merge pull request #1417 from kyverno/1337_match_old_resource update validation logic	2020-12-23 19:01:15 -08:00
shuting	2fc3b3b998	Fixes 1410 strategic merge patch (#1414 ) * fixes #1410 * fix unit test * re-initialize worker immediately on failure	2020-12-23 17:48:00 -08:00
Jim Bugwadia	e2f10c6f83	update validation logic	2020-12-23 15:10:07 -08:00
shuting	3c5f9f8888	1398 - Reduce RCR throttling requests (#1406 ) * reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR * - refactor policy controller; - fix RCR issue * - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests * update CRD schema * fix typo	2020-12-21 11:04:19 -08:00
shuting	39421ca6e9	Reduce RCR throttling requests (#1376 ) * reduce RCR throtlling requests * update logger in init container	2020-12-09 09:29:52 -08:00
shuting	c1764a85d1	1370 clean up stale RCRs (#1373 ) * remove env "POLICY-TYPE" * clean up resource in goroutine * clean up stale RCRs on namespace deletion * go vet * clean up code	2020-12-08 23:04:16 -08:00
shuting	624b481df3	Fix 1351 - policy report (#1359 ) * ignore Kyverno CRDs existence check when server is not available * clean up cluster / reportChangeRequest * resolve PR comments * - fixes #1351; - clean up code * fo fmt	2020-12-04 10:04:46 -08:00
shuting	2ec5a0fa42	1319 fix throttling (#1348 ) * fix policy status and generate controller issues * shorten ACTION column name * update logs * improve naming * add temp logs for troubleshooting * cleanup logs * apply generate policy to old & new resource in webhook * cleanup log messages * cleanup log messages * cleanup log messages * fix clean up of policy report in init container Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-12-01 12:30:08 -08:00
Jim Bugwadia	2344b2c305	1319 fix throttling (#1341 ) * fix policy status and generate controller issues * shorten ACTION column name * update logs Co-authored-by: Shuting Zhao <shutting06@gmail.com>	2020-11-30 11:22:20 -08:00
Jim Bugwadia	ec95724e97	update webhook registration and monitor (#1318 ) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks	2020-11-26 16:07:06 -08:00
Shuting Zhao	f3e6e597cd	set policy report no more than 63 charactors	2020-11-20 13:32:16 -08:00
Shuting Zhao	2d8092d97c	fixes https://github.com/kyverno/kyverno/issues/1238	2020-11-18 14:31:43 -08:00
Shuting Zhao	b9fb926ddb	fixes for golint ./...	2020-11-17 13:07:30 -08:00
Shuting Zhao	63e11c205d	remove namespace check in policy validation	2020-11-16 13:02:45 -08:00
Shuting Zhao	943935ee1b	properly deserialize anyPattern	2020-11-13 16:25:51 -08:00
Shuting Zhao	5c38aab03d	temporary check in the types for referencing	2020-11-12 16:44:14 -08:00
Shuting Zhao	58bc63e1ad	remove policy violation from types.go	2020-11-11 15:50:17 -08:00
Shuting Zhao	2292bf860b	update policyreport group to wgpolicyk8s.io	2020-11-11 15:09:07 -08:00
shuting	5e07ecc5f3	Add Policy Report (#1229 ) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-11-09 11:26:12 -08:00

37 commits