mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
3046 commits 20 branches 550 tags 288 MiB
Commit graph

3046 commits

This branch
This branch
All branches
Author SHA1 Message Date
shuting
267be0815f
Bug fixes - policy validation, auto-generated rules, apiCall support in mutate and generate (#1629) 
* Fix invalid policy reports generated for blocked resource

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1464 - copy context and preconditions to auto-gen rules

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1628 - add policy validations

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix 1593 - support apiCall in mutate and generate

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-22 12:08:26 -08:00
shuting
6fc349716c
Switch to use annotations to store resource info in cluster/reportChangeRequest (#1625) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes #1480

* store resource name and kind in (c)rcr's annotation
 2021-02-19 09:09:41 -08:00
Yashvardhan Kukreja
ba9d294a43
feat: added versioned validation and installation of controller-gen (#1618) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-18 20:53:53 -08:00
Raj Babu Das
0b832a038d
Adding multi arch support in all kyverno components (AMD6 and ARM64) (#1542) 
* Adding multi arch support

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding multi arch support

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* minor refactors

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* adding buildx action in e2e.yaml

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding kyvernopre

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding kyvernopre

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding amd build

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding go env

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* minor fix

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* removing docker tag

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding local dockerfile build command

Signed-off-by: rajdas98 <mail.rajdas@gmail.com>
 2021-02-18 18:09:01 -08:00
treydock
48f0d90dd1
Allow some helm policies to be excluded (#1611) 
* Allow some helm policies to be excluded

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Make Helm security policies opt-in when podSecurityStandard=custom

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-02-18 11:50:35 -08:00
Vyankatesh Kudtarkar
164885d087
Update Kyverno test command (#1608) 
* fix link (#1566)

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update icon in chart.yaml

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* Adding default policies for restricted mode and adding notes to helm install (#1556)

* Adding default policies for restricted mode, taking validationFailureAction from values.yaml and adding notes on helm install

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding emoji

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Update NOTES.txt

* minor fix

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* adding to readme

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update links and formatting in PR template (#1573)

* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix: restricting empty value to pass through the validation checks (#1574)

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* Actually fix contributor link in PR template (#1575)

* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* code improvement (#1567)

* code improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added if conditions

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed unit test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* feat(operators): support subset checking for in and notin (#1555)

* feat(operators): support subset checking for in and notin

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* feat(operators): fixed NotIn function

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* panic fix (#1601)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* update kyverno cli test cmd

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* code indentation

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* change  help text

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: Dekel <dekelb@users.noreply.github.com>
Co-authored-by: Shuting Zhao <shutting06@gmail.com>
Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
Co-authored-by: Arsh Sharma <56963264+RinkiyaKeDad@users.noreply.github.com>
Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-02-17 11:30:41 -08:00
Jim Bugwadia
731474a9a2
rename context2 -> enginecontext (#1605) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-16 19:17:20 -08:00
Shuting Zhao
f2b00a1f1e update chart link - icon 2021-02-16 14:42:19 -08:00
Shuting Zhao
f6192d08b0 release v1.3.3 2021-02-16 13:49:50 -08:00
Yashvardhan Kukreja
478f32b8b4
fix: allowed templatised values to be exempted from validation checks (#1599) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-16 13:06:07 -08:00
Pooja Singh
a21195f362
panic fix (#1609) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-16 12:48:04 -08:00
Pooja Singh
33ec907a09
panic fix (#1601) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-15 11:27:09 -08:00
Arsh Sharma
596bc9ba6f
feat(operators): support subset checking for in and notin (#1555) 
* feat(operators): support subset checking for in and notin

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* feat(operators): fixed NotIn function

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-10 13:05:36 -08:00
Pooja Singh
0de83ebe17
code improvement (#1567) 
* code improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added if conditions

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed unit test cases

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-10 10:28:50 -08:00
Chip Zoller
6d2d2e3c1b
Actually fix contributor link in PR template (#1575) 
* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* actually fix contrib guidelines

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2021-02-10 08:57:43 -08:00
Yashvardhan Kukreja
fe6652d9ca
fix: restricting empty value to pass through the validation checks (#1574) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-09 17:16:02 -08:00
Chip Zoller
4dbfb9490b
update links and formatting in PR template (#1573) 
* update links and formatting in PR template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update policy submission request template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2021-02-09 15:02:15 -08:00
Raj Babu Das
b04626a5f8
Adding default policies for restricted mode and adding notes to helm install (#1556) 
* Adding default policies for restricted mode, taking validationFailureAction from values.yaml and adding notes on helm install

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding emoji

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Update NOTES.txt

* minor fix

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* adding to readme

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
 2021-02-09 14:03:52 -08:00
Jim Bugwadia
b46be39744
Merge pull request #1571 from realshuting/update_icon 
Update icon in chart.yaml
 2021-02-09 13:58:14 -08:00
Shuting Zhao
9429af277d update icon in chart.yaml 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-09 13:30:40 -08:00
Dekel
276d06f906
fix link (#1566) 2021-02-09 11:37:30 -08:00
Yashvardhan Kukreja
426475b16c
added: gofmt check over the existing github workflows (#1553) 
* added: gofmt check over the existing github workflows

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>

* added: gofmt check with logs added

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-09 11:34:13 -08:00
Shuting Zhao
b9a64ea41d release v1.3.2 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-09 10:59:44 -08:00
Pooja Singh
4788085c4f
Panic fix in generation.go (#1563) 
* added if condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed test condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-09 10:34:57 -08:00
Shuting Zhao
db1bfba3f8 release v1.3.2-rc3 2021-02-08 18:15:28 -08:00
Jim Bugwadia
cbe575ec32
Merge pull request #1562 from realshuting/1543_unkown_unstructured 
Allow "watch" from policy controller - cluster role "kyverno:policycontroller"
 2021-02-08 18:02:52 -08:00
Shuting Zhao
e0d523eb2d Merge branch 'main' into 1543_unkown_unstructured 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 17:38:11 -08:00
Shuting Zhao
77a94fda6b add "watch" to cluster role kyverno:policycontroller 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 17:35:35 -08:00
shuting
8dcfa185b1
Remove duplicate results' entries from policy report (#1559) 
* remove duplicate results' entries from policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* improve error reporting when removing duplicate result entries

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 14:42:17 -08:00
Shuting Zhao
88af9924bd improve error reporting when removing duplicate result entries 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 14:19:08 -08:00
shuting
ecc052f0cd
upload logo (#1560) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 13:09:37 -08:00
Shuting Zhao
50b126fe56 remove duplicate results' entries from policy report 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 12:33:26 -08:00
Pooja Singh
c148573d48
issue fixed (#1558) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-08 10:36:39 -08:00
Raj Babu Das
72eb5e3503
Adding support for applying git raw by kyverno cli (#1554) 
Signed-off-by: Raj Das <mail.rajdas@gmail.com>
 2021-02-08 10:08:06 -08:00
Yashvardhan Kukreja
d141f74015
performed cleanups (#1552) 2021-02-07 21:19:25 -08:00
shuting
2f2d6c2e38
Upgrade client libraries to 0.20.2 (#1547) 
* upgrade clients to 0.20.2

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove debug log

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix unit tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix e2e test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-07 20:26:56 -08:00
shuting
bd44dbff41
Reduce RCR Throttling (#1545) 
* buffer report change requests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix clusterReportChangeRequest

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* further reduce RCRs in background scan

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-07 19:46:50 -08:00
Yashvardhan Kukreja
6b3ab3fe23
added: generic NumericOperator to handle numeric operations for kyverno policies (#1536) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-05 19:49:23 -08:00
shuting
c42d545c20
Revert "Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527)" (#1548) 
This reverts commit 0487330b33.
 2021-02-05 19:34:15 -08:00
Raj Babu Das
0487330b33
Adding HTTP(git raw or any public url ) URL applying functionality to kyverno cli (#1527) 
* Adding feature to apply from http url

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* Adding comment

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* formatting imports

Signed-off-by: Raj Das <mail.rajdas@gmail.com>

* removing fmt.print

Signed-off-by: Raj Das <mail.rajdas@gmail.com>
 2021-02-05 18:42:39 -08:00
Max Goncharenko
536f364724
Add AND logical operator support (#1539) 
Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-02-05 17:52:31 -08:00
Jim Bugwadia
b91022d438
Merge pull request #1518 from kyverno/test_cli 
test command for kyverno
 2021-02-05 12:44:07 -08:00
shuting
6953aa86bc
compare policy status before actually update it (#1523) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:24 -08:00
shuting
39b27a16ed
Reduce throttling requests (GET) (#1522) 
* add resource lister to even handler

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* use lister to get Kyverno deployment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add lister for webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:10 -08:00
Shuting Zhao
7788ae3dba update chart version 2021-02-03 16:21:15 -08:00
Shuting Zhao
a00d9b1cc9 release v1.3.2-rc2 2021-02-03 14:19:46 -08:00
Jim Bugwadia
ba9d003774
update APICall docs (#1534) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-03 13:10:02 -08:00
Pooja Singh
32522e7827
namespace selector (#1532) 
* updated crd with namespace selector

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for validate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added condition in utils for namespace labels

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added function for extracting namespace label using lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added lister in generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* commented generate controller changes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in apply.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in generation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in mutation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label for validation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* using dynaminc informer

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-03 13:09:42 -08:00
vyankatesh_neualto
2f92b95015 #1513 [BUG] CLI Panic when assigning variables 
Signed-off-by: vyankatesh_neualto <vyankatesh@neualto.com>
 2021-02-03 18:27:45 +05:30
Jim Bugwadia
f2478921e9
Merge pull request #1526 from kyverno/feature/api_server_lookups_2 
redo changes reverted by merge
 2021-02-02 11:19:47 -08:00