kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Max Goncharenko	6d0ad5598e	Jmespath notfound error (#1907 ) * return err, if variable path could not be resolved Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed {{@}} behavior Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix json merge logic Signed-off-by: Max Goncharenko <kacejot@fex.net> * add e2e tests for Flux use case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-07-01 22:56:50 -07:00
Pooja Singh	cd9e596e7e	[Improvement] Kyverno should not delete downstream resources when a generate policy using the clone behavior has synchronize: true (#1880 ) * debuging issue Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * issue fixed Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * remove policy name in source resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed deletion of GR on source updation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function in common Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added generated resource list to the log Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-30 12:00:02 -07:00
Valentin Velkov	63f4c9a884	Configurable success events on policies & resources. Generating failure events on policies by default. (#1939 ) * Remove unused event.Reason const Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate failure events on policies Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate success events on policy Signed-off-by: Velkov <valentin.velkov@sap.com> * Introduce 'generateSuccessEvents' flag Signed-off-by: Velkov <valentin.velkov@sap.com> * Unit tests & chart fix Signed-off-by: Velkov <valentin.velkov@sap.com>	2021-06-29 14:43:11 -07:00
NoSkillGirl	09b1592f11	added loop for namespace Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-15 18:14:51 +05:30
shuting	6f07ea407f	Customize namespaceSelector of Webhookconfigurations (#2003 ) * customize namespaceSelector of webhook configurations from configMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update webhook configurations base on UPDATEs of Kyverno ConfigMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * register webhook configurations with the namespaceSelector from ConfigMap Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address golint comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * validate webhooks config format Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix NotDefined scenario Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-14 13:01:40 -07:00
Arsh Sharma	7e9be24d90	updating minio verison (#1956 )	2021-06-09 19:16:26 -07:00
shuting	e9a972a362	feat: HA (#1931 ) * Fix Dev setup * webhook monitor - start webhook monitor in main process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leaderelection Signed-off-by: Jim Bugwadia <jim@nirmata.com> * - add isLeader; - update to use configmap lock Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add initialization method - add methods to get attributes Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove newContext in runLeaderElection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to GenerateController Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add leader election to generate cleanup controller Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Gracefully drain request * HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920) * enable leader election for webhook register Signed-off-by: Shuting Zhao <shutting06@gmail.com> * extract certManager to its own process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * leader election for cert manager Signed-off-by: Shuting Zhao <shutting06@gmail.com> * certManager - init certs by the leader Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy report controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * rebuild leader election config Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start informers in leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start policy informers in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * enable leader election in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * move eventHandler to the leader election start method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add clusterrole leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixed generate flow (#1936) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * - init separate kubeclient for leaderelection - fix webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup Kyverno managed resources on stopLeading Signed-off-by: Shuting Zhao <shutting06@gmail.com> * tag v1.4.0-beta1 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix cleanup process on Kyverno stops Signed-off-by: Shuting Zhao <shutting06@gmail.com> * bump kind to 0.11.0, k8s v1.21 (#1980) Co-authored-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>	2021-06-08 12:37:19 -07:00
Yashvardhan Kukreja	bb80e1b641	added: initial prometheus client setup Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-05-16 13:06:14 +05:30
Pooja Singh	4296e69225	updating synchronize lable in generated resource (#1860 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-05-06 13:11:10 -07:00
NoSkillGirl	4cfc21779c	added policy validation according to api server Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-04-21 10:28:11 +05:30
Max Goncharenko	6a0305674a	JMESPath custom functions (#1772 ) * JMESPath: Support regex expressions Signed-off-by: Max Goncharenko <kacejot@fex.net> * JMESPath: Add string functions Signed-off-by: Max Goncharenko <kacejot@fex.net> * Removed {{$}} variable handling logic Signed-off-by: Max Goncharenko <kacejot@fex.net> * Name all functions in snake case; Update error message; Fix {{@}} behavior Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-04-16 16:17:00 -07:00
shuting	c08843ef77	Add Images info to variables context (#1725 ) * - remove supportMutateValidate; - refactor new context in the webhook Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add ImageInfo to variables context Signed-off-by: Shuting Zhao <shutting06@gmail.com> * revert unexpected changes Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-23 10:34:03 -07:00
Raj Babu Das	08643773c3	removing go.sum from github workflow and adding unused pkg check (#1698 ) Signed-off-by: rajdas98 <mail.rajdas@gmail.com>	2021-03-11 10:14:46 -08:00
Shuting Zhao	c4ebef7b0d	- support AllowMissingPathOnRemove and EnsurePathExistsOnAdd in patchesJSON6902 - upgrade to evanphx/json-patch/v5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-25 15:25:07 -08:00
shuting	2f2d6c2e38	Upgrade client libraries to 0.20.2 (#1547 ) * upgrade clients to 0.20.2 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove debug log Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix e2e test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 20:26:56 -08:00
shuting	bd44dbff41	Reduce RCR Throttling (#1545 ) * buffer report change requests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix clusterReportChangeRequest Signed-off-by: Shuting Zhao <shutting06@gmail.com> * further reduce RCRs in background scan Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 19:46:50 -08:00
Shuting Zhao	f95771a3b8	add dependency to go.sum	2021-01-08 18:47:28 -08:00
Shuting Zhao	3adfdc24af	fix release failure	2021-01-08 18:25:38 -08:00
shuting	35aa3149c8	Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441 )	2021-01-04 23:17:17 -08:00
NoSkillGirl	c66e2a7058	adding label to clone source	2020-12-29 18:04:20 +05:30
shuting	2fc3b3b998	Fixes 1410 strategic merge patch (#1414 ) * fixes #1410 * fix unit test * re-initialize worker immediately on failure	2020-12-23 17:48:00 -08:00
Jim Bugwadia	6afd2e6f3a	ignore non-policy files in CLI and improve validation messages (#1362 ) * improve validation message * improve error behaviors * fix tests * fix tests	2020-12-07 11:26:04 -08:00
Jim Bugwadia	f3b644f624	handle anchors in keys	2020-12-04 15:59:15 -08:00
Jim Bugwadia	2aeb5aa982	validate conditiona.operator as enum	2020-11-29 00:37:36 -08:00
Jim Bugwadia	54f816c246	trim variable for context lookups	2020-11-24 17:48:54 -08:00
shuting	e868dbfeb9	Fix 1287 - failed to update annotation through mutate policy (#1289 ) * fix 1287 * update mutate log	2020-11-24 10:11:05 -08:00
Shuting Zhao	168bb21093	add optional tag to gr.status	2020-11-18 15:07:12 -08:00
NoSkillGirl	9a9cd55b7b	SanitizedError fix	2020-11-18 15:02:14 +05:30
NoSkillGirl	5794889752	Merge branch 'main' into policyreport_cli	2020-11-18 14:43:30 +05:30
Shuting Zhao	b9fb926ddb	fixes for golint ./...	2020-11-17 13:07:30 -08:00
Shuting Zhao	e985ee4031	correct misspelled words	2020-11-17 12:01:01 -08:00
Jim Bugwadia	74b656768e	1251 fix generate panic (#1252 ) * improve error message * fix panic and add error logs * update log levels and messages * fix tests	2020-11-12 16:44:57 -08:00
NoSkillGirl	7fbe422ef6	corrected merge code	2020-11-10 16:31:39 +05:30
NoSkillGirl	acc34fbf0a	Merge commit	2020-11-10 10:49:29 +05:30
shuting	5e07ecc5f3	Add Policy Report (#1229 ) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-11-09 11:26:12 -08:00
NoSkillGirl	e11efa4e7a	added policy report example	2020-11-04 14:03:40 +05:30
NoSkillGirl	f2c01d7f76	fixed no-kind-pod error	2020-11-04 14:03:38 +05:30
NoSkillGirl	80aa6eb9f5	added policyreport to cli	2020-11-04 14:03:38 +05:30
Shuting Zhao	85c6c3d36f	clean up policy violation CRD	2020-11-02 16:59:16 -08:00
Shuting Zhao	63a8d89c8d	- update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report	2020-10-27 18:28:30 -07:00
Shuting Zhao	c906baa1a7	- update policy report types; - upgrade k8s library; - update code gen	2020-10-15 17:54:58 -07:00
Shuting Zhao	6b5e935e49	Merge branch 'feature/reports-cli' of https://github.com/evalsocket/kyverno into policyreport # Conflicts: # Makefile # cmd/kyverno/main.go # go.mod # go.sum # pkg/client/clientset/versioned/clientset.go # pkg/client/clientset/versioned/fake/clientset_generated.go # pkg/client/clientset/versioned/fake/register.go # pkg/client/clientset/versioned/scheme/register.go # pkg/client/informers/externalversions/factory.go # pkg/client/informers/externalversions/generic.go # pkg/client/listers/kyverno/v1/expansion_generated.go # pkg/policy/common.go # pkg/policy/controller.go # pkg/policy/existing.go # pkg/policyviolation/builder.go # pkg/policyviolation/generator.go # pkg/webhooks/server.go # pkg/webhooks/validate_audit.go # pkg/webhooks/validation.go	2020-10-12 18:30:37 -07:00
Mohan B E	51ac382c6c	Feature/configmaps var 724 (#1118 ) * added configmap data substitution for foreground mutate and validate * added configmap data substitution for foreground mutate and validate fmt * added configmap lookup for background * added comments to resource cache * added configmap data lookup in preConditions * added parse strings in In operator and configmap lookup docs * added configmap lookup docs * modified configmap lookup docs	2020-09-22 14:11:49 -07:00
evalsocket	573496f318	policy report yaml added	2020-09-15 08:07:01 -07:00
shuting	931d7cd47c	Set mutating webhhok reinvocationPolicy to IfNeeded (#1097 ) * add watch policy to clusterrole kyverno:customresources * fix build * fix nil pointer * skip json patches if the mutation is re-invoked * set resource mutating webhook invocation policy to IfNeeded	2020-09-03 08:54:37 -07:00
Mohan B E	3690bf5fff	conditional anchor preprocessing for patch strategic merge (#1090 ) * conditional anchor preprocessing for patch strategic merge * modified sequence pre processing and added unit test * merged master * go fmt * corrected mistake and added error handling to policy validate	2020-09-01 09:12:05 -07:00
Mohan B E	f60deecdce	Feature/namespaced policy 280 (#1058 ) * namespaced policy crd and cache * modified main.go * removed kyverno * implemented policy violation generator for namespaced policy on audit * modified cache * added validation for cluster resource types * install.yaml * install.yaml * removed namespaces from crd and refactored code * modified NamespacePolicy to Policy * added ClusterRole aggregate for policies * modified clusterrole	2020-08-19 09:07:23 -07:00
Jim Bugwadia	fc6da9c9e6	improve CLI validation reports	2020-08-18 21:03:00 -07:00
Pooja Singh	5a68653749	Supporting annotations in match/exclude (#1045 ) * Supporting annotations in match/exclude filters * updated readme * small fix	2020-08-17 17:12:27 -07:00
Mohan B E	a14828246d	Feature/api version 852 (#1028 ) * apiVersion support for generate * added apiVersion to crds	2020-08-07 09:47:33 +05:30

1 2

73 commits