mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 23:46:56 +00:00
Code Activity
3648 commits 16 branches 550 tags 287 MiB
Commit graph

3648 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jim Bugwadia
1c0a303106 fix merge error 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 22:48:56 -07:00
Jim Bugwadia
7c761b4bc9 Merge branch 'main' into feature/foreach_mutate 2021-10-06 22:45:03 -07:00
Jim Bugwadia
4c63442028 separate MutateResourceWithImageInfo from buildContext and add comments 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 22:19:47 -07:00
Jim Bugwadia
ed93a9bddf
Merge pull request #2487 from JimBugwadia/feature/cosign_attest 
Feature/cosign attest
 2021-10-06 22:10:03 -07:00
Jim Bugwadia
683543d8e2 fmt 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 22:05:28 -07:00
Jim Bugwadia
fa1816d605 fix tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 21:50:26 -07:00
Jim Bugwadia
b9d4ee6876 fix tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 18:31:20 -07:00
Vyankatesh Kudtarkar
05a0737184
Fix Autogen issue for any/all block and new rule foreach (#2471) 
* Fix Autogen issue for any/all block and Support gvk in match kind block

* remove log and fix test

* Fix issues

* Fix cronjob issue

* Fix autogen for Foreach

* Fix autogen for For each

* Fix for each issue

* adding missing assignements

* Update autogen for foreach rule
 2021-10-06 16:19:55 -07:00
Pooja Singh
ac5929fc7a
added validation for generte resource (#2484) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-06 16:18:28 -07:00
Kumar Mallikarjuna
254be4c1d3
Leader Election for initContainer (#2489) 
* Local build

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Leader Election for initContainer

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Lease deletion

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Use wrc client

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* log error out

Signed-off-by: ShutingZhao <shutting06@gmail.com>

Co-authored-by: ShutingZhao <shutting06@gmail.com>
 2021-10-06 16:12:07 -07:00
Anushka Mittal
efe0c28f6b
Fixes port names in flags (#2490) 
* fixed port names in flags

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* minor fixes

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 14:41:07 -07:00
treydock
b460490984
Improve init container to use DeleteCollection to remove policy reports (#2477) 
* Improve init container to use DeleteCollection to remove policy reports

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Do not use go routine for each namespace

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-10-06 11:25:38 -07:00
shuting
c2751828d1
update the flag to "autoUpdateWebhooks" (#2482) 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-06 11:24:51 -07:00
Jim Bugwadia
676bd5f4be fmt 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 11:18:36 -07:00
Jim Bugwadia
0bb35aa302 merge main 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 10:51:43 -07:00
Anushka Mittal
3914c513a8
Changing flag names for consistency (#2467) 
* changing flag names for consistency

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* changes for backward compatibility

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* updated the CHANGELOG.md

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 10:32:48 -07:00
Anushka Mittal
7963263776
Adding log statements in context.go (#2483) 
* adding logs in context.go

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* minor modifications

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 10:29:28 -07:00
Jim Bugwadia
619ee6ac61 fix loop 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 09:55:23 -07:00
Jim Bugwadia
7c57ac24e6 update CRDs 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-06 00:58:45 -07:00
Jim Bugwadia
90edc69dcf merge and update 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-05 22:42:42 -07:00
Shubham Palriwala
ae4fb488bf
fix: sign kyverno-cli (#2480) 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
 2021-10-05 22:28:40 -07:00
shuting
b7473b018b
update deepcopy methods for types.fo (#2478) 2021-10-05 16:57:10 -07:00
Jim Bugwadia
04a7e5703c
Merge pull request #2438 from ShubhamPalriwala/sign-and-generate-sbom 
Sign images and generate and sign SBOM
 2021-10-05 14:49:58 -07:00
Jim Bugwadia
8437582622
Merge branch 'main' into sign-and-generate-sbom 2021-10-05 14:49:06 -07:00
Jim Bugwadia
b849341aee
Merge pull request #2472 from ShubhamPalriwala/scan-with-trivy 
Scan Kyverno images on build
 2021-10-05 14:46:45 -07:00
Shubham Palriwala
38f3eac4d7
Merge branch 'kyverno:main' into scan-with-trivy 2021-10-05 22:52:31 +05:30
Pooja Singh
ca62172b6f
Merge pull request #2462 from NoSkillGirl/feat/support_mutate_in_cli 
Kyverno CLI | Support mutate policies for `test` command
 2021-10-05 21:27:31 +05:30
ShubhamPalriwala
92ca609c7c ci: scan kyverno-image on each build 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
 2021-10-05 16:38:55 +05:30
NoSkillGirl
364174d372 removed print statements 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 14:57:48 +05:30
shuting
b10947b975
Dynamic webhooks (#2425) 
* support k8s 1.22, update admissionregistration.k8s.io/v1beta1  to admissionregistration.k8s.io/v1

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add failurePolicy to policy spec; - fix typo

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add schema validation for failurePolicy; - add a printer column

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* set default failure policy to fail if not defined

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* resolve conflicts

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix missing type for printerColumn

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* refactor policy controller

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add webhook config manager

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - build webhook objects per policy update; - add fail webhook to default webhook configurations

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix panic on policy update

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - set default webhook configs rule to empty; - handle policy deletion

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* reset webhook config if policies with a specific failurePolicy are cleaned up

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* handle wildcard pocliy

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update default webhook timeout to 10s

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* cleanups

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* added webhook informer to re-create it immediately if missing

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update tag webhookTimeoutSeconds description

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix e2e tests

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix linter issue

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* correct metric endpoint

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add pol.generate.kind to webhooks

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-05 00:15:09 -07:00
NoSkillGirl
98f756fcdd change test case as master branch 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 12:42:23 +05:30
NoSkillGirl
0614c2db1f fixed rule pointer 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 12:39:58 +05:30
NoSkillGirl
5ca33ce902 Merge branch 'main' of github.com:kyverno/kyverno into feat/support_mutate_in_cli 2021-10-05 12:23:34 +05:30
NoSkillGirl
a2e106a87a fixed global variable test cases 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
8e0ac567e1 fixed test-validate-image-tag-ignore test case 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
7b94a7477b panic fix 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
1bf48c54a8 improving if condition 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
f4e9543b40 updated apply policy on resource function 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
vivek kumar sahu
ae6f6c327f Added Code to support the test command for mutate policy (#2279) 
* Added test-e2e-local in the Makefile
* Added a proper Indentation
* Added 3 more fields
* Added getPolicyResourceFullPath function
* Updating the patchedResource path to full path
* Converts Namespaced policy to ClusterPolicy
* Added GetPatchedResourceFromPath function
* Added GetPatchedResource function
* Checks for namespaced-policy from policy name provided bu user
* Generalizing resultKey for both validate and mutate. Also added kind field to this key
* Added Type field to PolicySpec
* To handle mutate case when resource and patchedResource are equal
* fetch patchResource from path provided by user and compare it with engine patchedResource
* generating result by comparing patchedResource
* Added kind to resultKey
* Handles namespaced policy results
* Skip is required
* Added []*response.EngineResponse return type in ApplyPolicyOnResource function
* namespaced policy only surpasses resources having same namespace as policy
* apply command will print the patchedResource whereas test will not
* passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case
* default namespace will printed in the output table if no namespace is being provided by the user
* Added e2e test for mutate policy and also examples for both type of policies
* Created a separate function to get resultKey
* Changes in the resultKey for validate case
* Added help description for test command in the cli
* fixes code for more test cases
* fixes code to support more cases and also added resources for e2e-test
* some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc.
* Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice.
* Added kind in the result section of test.yaml for all test-cases
* engineResponse will handle different types of response
* GetPatchedResource() uses GetResource function to fetch patched resource

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2021-10-05 11:11:54 +05:30
Kumar Mallikarjuna
aba2e58f09
Added PodDisruptionBudget in kustomize & helm (Rebased) (#2463) 
* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* changed for comments

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* Updating minAvailable

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Removed redundant lines

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: Christopher Haar <christopher@DKBs-MBP.localdomain>
Co-authored-by: Christopher Haar <chhaar30@googlemail.com>
 2021-10-04 22:39:24 -07:00
Vyankatesh Kudtarkar
9541d2be3e
Validate GVK while installing policy & Fix any/all matching logic (#2458) 
* Handle case-sensitive GVK & Fix any/all matching logic

* Fix any/all matching logic in the background controller

* fix cli issue

* fix any all issue

* add exclude block

* add validation for exclude block

* fix exclude issue
 2021-10-04 12:00:57 -07:00
Kumar Mallikarjuna
b7c8368569
Adding deprecation warning for any and all (Rebased) (#2466) 
* added deprecation warning for any and all

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* Updated schemas

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-10-04 11:57:39 -07:00
Jim Bugwadia
705e029ff0
Merge pull request #2443 from JimBugwadia/feature/foreach_validate 
Feature/foreach validate
 2021-10-04 00:05:36 -07:00
Jim Bugwadia
94335d58c9 fix golangci-lint issues 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:39:55 -07:00
Jim Bugwadia
6cf9fdd502 fix compile errors 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:23:45 -07:00
Jim Bugwadia
ee6aafa7bb fix linter issues 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:07:40 -07:00
Jim Bugwadia
529a3509d5 fix deployment-missing-labels test 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 22:36:06 -07:00
Jim Bugwadia
c9ec282764 format 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 04:00:06 -07:00
Jim Bugwadia
77ae92e784 improve messages 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 03:28:58 -07:00
Jim Bugwadia
731ffde0e7 fix messages and tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 03:15:22 -07:00