kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	9fde4fd6a1	Multiple keys (#3636 ) * fix autogen check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * allow multiple keys and fix root/intermediate certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make issuer/subject optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * enable CTLog options Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix split Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename CTLog -> Rekor Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * api/kyverno/v1/image_verification_test.go Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-22 07:10:02 +00:00
Charles-Edouard Brétéché	571e4a36ad	fix: prevent installing chart with 2 replicas (#3647 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-21 19:19:47 +00:00
Charles-Edouard Brétéché	3ce643032f	fix: print helm install warnings (#3648 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-21 13:46:27 -04:00
Charles-Edouard Brétéché	ee021f2ddd	chore: warn if kube version is too old in helm notes (#3650 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-21 18:50:28 +02:00
Charles-Edouard Brétéché	0b717bcecc	chore: add artifacthub operator and prerelease annotations (#3649 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-21 18:29:54 +02:00
Charles-Edouard Brétéché	12bbca2477	Remove helm mode setting (#3628 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-20 14:33:10 +00:00
treydock	d936c0a5b4	Allow defining imagePullSecrets (#3633 ) * Allow defining imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use dict for imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Simplify how imagePullSecrets is defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-04-20 00:01:06 +02:00
Jim Bugwadia	3b1a1acd9a	Image verify attestors (#3614 ) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-19 08:35:12 -07:00
treydock	1cfc80d32a	Allow kyverno-policies to have preconditions defined (#3606 ) * Allow kyverno-policies to have preconditions defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix docs Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-04-18 17:59:47 +00:00
Prateek Nandle	a0d3f31851	updating version in Chart.yaml (#3618 ) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-18 15:37:18 +00:00
Sambhav Kothari	ec4e4ba452	Add support for custom image extractors (#3596 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-14 09:08:30 -07:00
Jim Bugwadia	f11cec73a8	fix imageVerify rule conversion (#3583 )	2022-04-12 10:03:34 +08:00
Jim Bugwadia	0f186afb3e	update imageVerify schema (#3574 ) * update imageVerify schema Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change nested/recursive types to apiextv1.JSON Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix message Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-11 16:47:27 +01:00
Ricardo Rosales	aba9c6ca95	Create `poddisruptionbudget.yaml` when `mode=ha` (#3536 ) Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Ricardo Rosales <728243+missingcharacter@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-04 23:02:05 +08:00
Charles-Edouard Brétéché	b4cf89e57f	feat: add webhooks object selector support (#3413 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 23:09:44 +08:00
treydock	8e8e7803ee	add missing namespace to role and rolebinding (#3389 ) (#3429 ) (#3485 ) Signed-off-by: Dominik Ruf <dominikruf@gmail.com> Co-authored-by: treydock <tdockendorf@osc.edu> Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Dominik Ruf <dominikruf@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 08:39:11 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	f34d3c342d	refactor: add ValidationFailureAction to the api (#3451 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-23 08:59:41 +00:00
Abhi Kapoor	1b10f18086	Drop v1alpha1 PolicyReport CRD (#3437 ) * Drop v1alpha1 PolicyReport CRD Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Drop v1alpha1 kyverno package Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update Makefile to remove references for v1alpha1 Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update helm manifests Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com>	2022-03-22 17:08:25 +00:00
Charles-Edouard Brétéché	11bbb4f83e	refactor: replace ExcludeResources by MatchResources (#3444 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-22 14:24:40 +00:00
Sambhav Kothari	2239849f99	Fix incorrectly renamed file (#3443 ) Helm test files are not the same as kyverno test files. This should remain test.yaml. Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-22 09:41:42 +00:00
Aidan Delaney	4ec3b36f7f	Remove support for test.yaml (#3442 ) kyverno-test.yaml is now the only supported test file name Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>	2022-03-22 14:09:08 +05:30
Charles-Edouard Brétéché	30261b5235	feat: add conditions support (#3378 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 22:00:01 +08:00
Christian Kotzbauer	860253d6aa	[ImageVerify] Verify additional certificate-extensions (#3404 ) * feat: add additionalExtensions to keyless imageVerify Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * feat: regenerate code Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>	2022-03-17 08:42:12 +00:00
Charles-Edouard Brétéché	b0860ba177	fix: filter resources names with helm custom release name (#3361 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: ignore resources by helm chart Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-17 07:51:08 +00:00
Charles-Edouard Brétéché	9e623bbf6e	feat: add rules to status (#3376 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add rules to status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-15 14:49:16 +00:00
Charles-Edouard Brétéché	8d08250e07	feat: add autogen controllers to policy status (#3332 ) * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 23:51:29 +08:00
Charles-Edouard Brétéché	78239a2947	chore: gen helm crds from config crds (#3356 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 15:07:48 +00:00
Charles-Edouard Brétéché	2987647692	fix: configmap resource filters generated by helm does not account for namespace (#3358 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-09 02:04:25 +08:00
Prateek Nandle	666130bf6c	updated description field of foreach (#3157 ) Signed-off-by: Prateeknandle <prateeknandle@gmail.com>	2022-03-07 19:26:19 +05:30
Gasmi Christophe	e0503088ec	Update generate clusterrole (#3336 ) - Update clusterrole.yaml - Fix apigroup for resourcequota and limitrange Signed-off-by: Christophe Gasmi <rekcah78@gmail.com>	2022-03-07 12:57:57 +05:30
Charles-Edouard Brétéché	1dd745f9a9	fix: helm install docs (#3312 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 15:49:19 +00:00
Charles-Edouard Brétéché	fef7bb6f0f	fix: seccomp profile (#3313 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 14:40:40 +00:00
Charles-Edouard Brétéché	c84939df00	chore: drop helm v2 (#3311 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 08:50:39 -05:00
Charles-Edouard Brétéché	c13f7a4fea	feat: gen kyverno helm chart docs (#3309 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-25 13:25:21 -05:00
Charles-Edouard Brétéché	b7f6fc81db	feat: gen kyverno-policies helm chart docs (#3301 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-25 16:22:00 +00:00
José Hisse	c8a31ab16a	fix: helm chart broken when use generatecontrollerExtraResources (#3302 ) Signed-off-by: José Hisse <josehisse@gmail.com>	2022-02-25 07:35:34 +00:00
Charles-Edouard Brétéché	c79b66d3a3	feat: support background mode configuration in kyverno-policies chart (#3299 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-24 16:31:51 +00:00
Charles-Edouard Brétéché	447bafbed5	fix: comma separated lists in config (#3290 ) This PR fixes comma separated lists in config. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-23 16:15:44 +00:00
Ryan White	c13aeca7fa	Modify capabilities for compatibility with Pod Security (#3274 ) Kyverno manifests are incompatible with the restricted Pod Security Standards included with Kubernetes 1.22 and 1.23 because the Pod Security admission controller looks for "ALL" in securityContext.capabilities.drop, but does not accept "all". `1b741f89aa/policy/check_capabilities_restricted.go (L88)` Signed-off-by: Ryan White <ryan@alzabo.io>	2022-02-22 08:14:17 +00:00
Rahul Sawra	1f60aee4b9	add helm pre-delete hook which deletes all the webhooks (#3148 ) * add helm pre-delete hook for graceful uninstallation of webhooks Signed-off-by: rahulii <r.sawra@gmail.com> * remove white spaces Signed-off-by: rahulii <r.sawra@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-17 00:16:51 +08:00
shuting	a970953d51	Sync latest changes to release/install.yaml (#3239 ) * sync latest changes to release/install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> * bump chart versions Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-15 17:24:39 +00:00
shuting	1566d0d5fd	add aggregated role for generaterequest (#3240 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-15 16:15:10 +00:00
Adam Kosmin	5c91bb8217	Remove abstraction that doesn't work anyway (#3209 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-02-15 23:01:40 +08:00
Batuhan Apaydın	943fe2dd41	feat: ha mode support in helm chart (#3207 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: @necatican @f9n Signed-off-by: Emin Aktas <eminaktas34@gmail.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-15 15:57:23 +08:00
treydock	3f1a0bfd6c	Allow setting validationFailureActionOverrides for policies (#3201 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-02-09 16:24:35 +08:00
Batuhan Apaydın	9661ea8584	feat: fix app version in NOTES.txt (#3189 ) Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>	2022-02-07 15:00:08 -05:00
Sambhav Kothari	25c2ad11e4	Fix unused tagTest in helm chart tests (#3174 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-04 23:12:12 +00:00
treydock	4e0d8ca612	Update kyverno-policies chart with latest pod-security policies (#3126 ) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-04 14:47:36 +08:00
Abhinav Sinha	11311a15df	Filter kyverno resources instead of entire kyverno namespace (#3170 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-04 00:38:47 +00:00

... 7 8 9 10 11 ...

754 commits