kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
Mohan B E	f60deecdce	Feature/namespaced policy 280 (#1058 ) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole	2020-08-19 09:07:23 -07:00
shuting	db342d0ece	Improvements in webhook (#1057 ) * remove empty flag * format code * revert change in install.yaml * - skip mutation for a deleting resource - add debug log * format code * revert change in install.yaml * - skip mutation for a deleting resource - add debug log	2020-08-17 11:17:07 -07:00
shuting	d6062fdd47	Add go fmt (#1055 ) * remove empty flag * format code * revert change in install.yaml	2020-08-14 12:21:06 -07:00
Yuvraj	73840e3c5f	configrable rules added (#1017 ) * configrable rules added * fix exclude group logic from code * flag added in yaml * exclude username added * exclude username added * config interface implimented * configure exclude username * get role ref * test case fixed * panic fix * move from interface to slice * exclude added in mutate * trim strings * configmap changes added * kustomize changes for configmap * k8s resources added	2020-08-07 17:09:24 -07:00
shuting	39de46fe39	983 kustomize support (#1026 ) * prototype - strategic merge patch * add end to end test * add engine strategic merge patch support * set webhook reinvocationPolicy to IfNeeded * refactor engine mutate code * support JMESPath in strategic merge patch * implement patchesJson6902 * update doc * resolve pr comments	2020-08-05 09:11:23 -07:00
evalsocket	629267c40a	policy group change	2020-07-15 17:19:20 -07:00
evalsocket	37e3c08476	policy name added in labels	2020-07-15 14:30:00 -07:00
shuting	67f7ed0ed3	Bug fix: perform OR across types in UserInfo (#992 ) * remove policy name cache entry on policy DELETE * buugfix: perform OR in userInfo match * add function description	2020-07-14 20:23:30 -07:00
Yuvraj	2d11d4a695	Error message update (#988 ) * error message update	2020-07-15 01:20:34 +05:30
Yuvraj	4535f43283	Added Synchronize flag in Generate Request (#980 ) * fix Synchronize flag issue	2020-07-14 02:12:11 +05:30
evalsocket	c319add062	used raw object	2020-07-10 17:01:48 -07:00
evalsocket	a64789c59d	code fixes	2020-07-10 16:59:17 -07:00
evalsocket	8cf5cd70fe	remove log	2020-07-10 15:43:49 -07:00
evalsocket	26ae7e2052	merge master changes	2020-07-10 15:25:05 -07:00
evalsocket	014db64ed2	validation added for deny request for generated resource	2020-07-10 11:48:27 -07:00
shuting	87fa77fbcc	965 add validate audit handler (#967 ) * store policy names cache to reduce lookup time * add validate audit handler * fix #958, remove auto-gen annotation on Pod * formatting code * update processTime to readable format * #586, add back unit test * update logging info * remove unused interface * handle generate policy in a single thread in weboook * resolve pr comments	2020-07-09 11:48:34 -07:00
Yuvraj	85d2ac9f84	added validation log	2020-07-09 05:48:35 -07:00
Yuvraj	b708770be1	added label for synchronize	2020-07-08 14:22:32 -07:00
Yuvraj	604dc395d8	check added for kyverno managed resource	2020-07-08 06:18:18 -07:00
shuting	ed52bd3d9f	Add policy cache based on policyType (#960 ) * add policy cache based on policyType * fetch policy from cache in webhook * add unit test for policy cache * update log for exclude resources filter * skip webhook mutation on DELETE operation * remove duplicate k8s version check * add description	2020-07-02 12:49:10 -07:00
shuting	da943325fe	Ignore auto-gen annotation on Pod when processing DENY rule (#944 ) * ignore auto-gen annotation on Pod when processing DENY rule * remove unused code	2020-06-24 10:26:04 -07:00
Yuvraj	01724d63cf	Synchronize data for generated resources (#933 ) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>	2020-06-23 07:19:43 +05:30
Shuting Zhao	a1d7816c10	fix violation updates when there's no change	2020-06-01 19:37:48 -07:00
Yuvraj	74db840b25	Added readiness and liveness prob (#874 ) * Added readiness and liveness prob * typo fix * port number fixed * fixed the image name	2020-05-26 18:03:32 -07:00
Jim Bugwadia	838d02c475	Bugfix/659 support wildcards for namespaces (#871 ) * - support wildcards for namespaces * do not annotate resource, unless policy is an autogen policy * close HTTP body * improve messages * remove policy store Policy store was not fully implemented and simply provided a way to list all polices and get a policy by name, which can be done via standard client-go interfaces. We need to revisit and design a better PolicyStore that provides fast lookups for matching policies based on names, namespaces, etc. * handle wildcard namespaces in background processing * fix unit tests 1) remove platform dependent path usage 2) remove policy store * add test case for mutate with wildcard namespaces	2020-05-26 10:36:56 -07:00
Shuting Zhao	2dda3e2a42	pr fix	2020-05-21 08:29:35 -07:00
Shuting Zhao	e1bdfbce27	update log	2020-05-20 17:08:30 -07:00
Shuting Zhao	bda81f0b93	- fix variable scope - debug log	2020-05-20 13:43:12 -07:00
Shuting Zhao	9eb2534d63	- fix pending delete for denying deletion rule - revert timeoutHandler - update log level	2020-05-19 00:14:23 -07:00
Shuting Zhao	0e803ae532	fix DENY pending for DELETE request	2020-05-18 20:01:20 -07:00
Shuting Zhao	962b8f9865	Fix bug	2020-05-18 18:30:39 -07:00
Shuting Zhao	416f5ecc00	Merge branch 'master' into 744_deny_requests # Conflicts: # pkg/utils/util.go # pkg/webhooks/server.go	2020-05-18 18:05:22 -07:00
Shuting Zhao	7348eda222	Fix convert resource with DELETION request	2020-05-18 17:11:08 -07:00
Yuvraj	277402ba4c	Feature - Add checks for k8s version when Kyverno starts (#831 ) * Added k8s version check for mutating and validating' * version check adde * middelware added * formate * Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check * Fixed test cases * Removed log * Update kubernetes version check * Added check for mutate and validate * Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14 * Update return object AdmissionResponse * fixed condition for skiping mutation * Handle condition for skip feature in case of kubernetes version 1.14.2	2020-05-18 17:00:52 -07:00
Shuting Zhao	ad4f06f22d	Merge branch 'master' into 744_deny_requests # Conflicts: # pkg/webhooks/mutation.go # pkg/webhooks/server.go # pkg/webhooks/validation.go	2020-05-18 12:32:42 -07:00
Jim Bugwadia	8c4c98d1a4	Merge pull request #855 from nirmata/bugfix/fixes_791_792_832 Bugfix/fixes 791 792 832	2020-05-17 19:30:11 -07:00
Jim Bugwadia	304c75403e	- skip resource schema validation when no mutate rules are applied - cleanup webhook registration logic and logs	2020-05-17 14:37:05 -07:00
Shuting Zhao	eec21ea5ca	Rename function	2020-05-16 21:24:37 -07:00
Shuting Zhao	ddf89b4803	- fix 811; - suppress log	2020-05-15 13:11:28 -07:00
shravan	43d412039c	744 relocating logic	2020-05-07 23:11:04 +05:30
shravan	717e42dd0b	744 ignoring resources with deletionTimestamp	2020-05-07 23:04:15 +05:30
shravan	5ec300a12d	744 added tests	2020-05-07 02:35:24 +05:30
shravan	ab8664d6ca	resolving merge conflicts	2020-05-05 21:01:58 +05:30
shravan	b0c7cdbc81	744 save commit	2020-05-05 19:19:47 +05:30
shravan	0932e9a147	664 tested prototype	2020-04-27 18:38:03 +05:30
shravan	7dc7420ad9	744 policy validation skip	2020-04-23 01:05:00 +05:30
shravan	7a3f0012a9	744 untested prototype	2020-04-22 20:15:16 +05:30
shravan	83ecd95945	744 added all request values to context	2020-04-15 21:17:14 +05:30
shravan	4cb44bce09	744 save commit	2020-04-14 19:06:48 +05:30
shravan	2451756651	744 tested prototype	2020-04-10 23:24:54 +05:30

1 2 3 4 5

201 commits