mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
8114 commits 16 branches 550 tags 288 MiB
Commit graph

8114 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mariam Fahmy
2bb010ce88
chore: remove applyconfiguration (#12174) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-17 06:37:51 +00:00
Vishal Choudhary
0f502e67ee
feat: add image data context (#12175) 2025-02-15 05:16:15 +00:00
Mariam Fahmy
86fff3b394
feat: compile and evaluate autogen rules (#12163) 2025-02-15 12:56:51 +08:00
shuting
9aebe10d15
refactor: status manager (#12173) 
* chore: move webhook status reconciler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: status removal

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-14 15:22:25 +00:00
dependabot[bot]
4ca05509cf
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#12167) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 14:25:24 +00:00
AlexLugovtsov
541bdcd16e
add get to rbac.authorization.k8s.io (#12043) 
* add get to rbac.authorization.k8s.io

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>

* codegen-manifest-all

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>

---------

Signed-off-by: AlexLugovtsov <Aliaksei.luhautsou@telekom.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-14 13:59:37 +00:00
Mariam Fahmy
0625302c3d
fix: modify the client URL for finegrained validatingpolicies (#12171) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-14 21:35:41 +08:00
Mariam Fahmy
829ab94b11
fix CEL autogen (#12165) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-14 09:45:10 +00:00
dependabot[bot]
ef98916353
chore(deps): bump github.com/sigstore/sigstore from 1.8.12 to 1.8.14 (#12168) 
Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 08:28:55 +00:00
dependabot[bot]
1e54ee0298
chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#12169) 
Bumps [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) from 1.8.12 to 1.8.14.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.12...v1.8.14)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-14 16:02:26 +08:00
Mohd Kamaal
87fb920cbe
update the docs for logging (#12140) 
* update the docs for logging

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

* Update logging.md

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

---------

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Co-authored-by: Kamaal <kamaal@macs-MacBook-Air.local>
 2025-02-13 17:52:47 +00:00
Frank Jogeleit
05f9bb4506
feat: configure admission and background flag for ValidatingPolicies (#12153) 2025-02-13 17:24:45 +00:00
Mohd Kamaal
de75c64a02
structuring log (#12111) 
* structuring log

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

* Update controller.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update main.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update run.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update config.go

Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>

* Update pkg/webhooks/resource/mutation/mutation.go

Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>

---------

Signed-off-by: Kamaal <kamaal@macs-MacBook-Air.local>
Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com>
Co-authored-by: Kamaal <kamaal@macs-MacBook-Air.local>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-13 15:02:02 +00:00
Abhash Solanki
1fa1c8674e
fix: Certificate Renewer Does Not Remove Old CA Certificate From Secret (#12073) 
* fix: Certificate Renewer Does Not Remove Old CA Certificate From Secret

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

* updated logic

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>

---------

Signed-off-by: abhashsolanki18 <abhashsolanki18@gmail.com>
 2025-02-13 14:25:42 +00:00
Vishal Choudhary
ae9e68e052
feat: add types for image verification attestors (#12080) 
* feat: add types for image verification attestors

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: linter

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-13 13:47:51 +00:00
shuting
ce2c27c2d2
fix: sort autogen resources list (#12162) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-13 12:49:39 +00:00
Mariam Fahmy
609a122ede
chore: remove vp and celpolex from the kyverno group (#12156) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-12 14:21:17 +00:00
shuting
7ef2764365
feat: aggregate vpol.status.conditions (#12133) 
* feat: add vpol status controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update ready API struct

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: printer coloum

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: update status cmp func

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: support status.RBACPermissionsGranted

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-12 11:04:18 +00:00
Rafael da Fonseca
2da603ee1f
Add helm changelog for reports-server related fix (#12144) 
* Add helm changelog for reports-server related fix

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

* Remove old changelog entries

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>

---------

Signed-off-by: Rafael da Fonseca <rafael.fonseca@wildlifestudios.com>
 2025-02-12 09:04:39 +00:00
shuting
813b80d3d9
fix: update match conditions for autogen rules (#12146) 
* fix: update match conditions for autogen rules

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: autogen match condition prefix

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: merge main

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
 2025-02-12 08:34:19 +00:00
Mariam Fahmy
7d5750a717
chore: move celexceptions to the new group (#12143) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-11 19:05:22 +02:00
Tuomo Tanskanen
a660088775
update issue templates (#12145) 
Add multiple missing releases to issue templates.

Also add k8s 1.32.x to Kubernetes versins for the webhook template.

Signed-off-by: Tuomo Tanskanen <tuomo.tanskanen@est.tech>
 2025-02-11 15:05:28 +00:00
Rafael da Fonseca
f6b85ee3e5
Don't fail disabling reports CRDs when sanitychecks is disabled (for use with reports-server) (#12129) 2025-02-11 12:56:29 +00:00
Mariam Fahmy
f012241a82
feat: add cel-autogen chainsaw tests (#12135) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2025-02-10 22:30:12 +00:00
Vishal Choudhary
de0d8e04f8
feat: add image data fetching support (#12134) 2025-02-10 18:33:01 +05:30
dependabot[bot]
180eae5748
chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (#12131) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.32.0 to 0.33.0.
- [Commits](https://github.com/golang/crypto/compare/v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-10 07:35:23 +00:00
shuting
0548d09c21
feat: add status.autogen (#12109) 
* feat: add status.autogen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-07 22:22:49 +05:30
Charles-Edouard Brétéché
e3ac39827d
feat: use dedicated group for new policies (#12123) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-07 12:51:03 +01:00
Mariam Fahmy
a4c10f6bb4
feat: compile and evaluate polex's match conditions (#12113) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-06 15:30:59 +02:00
Renato Vassão
d7751856ba
log action and message when creating event (#12092) 
Signed-off-by: Renato Vassão <renatomvd@hotmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2025-02-06 11:19:29 +00:00
shuting
e9e82f8832
feat: add autogen pod controllers to webhooks (#12112) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-06 10:38:02 +00:00
Charles-Edouard Brétéché
02fceb64f7
feat: implement background scan (#12101) 
* feat: implement background scan

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* scanner

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor request

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-06 05:49:41 +02:00
Charles-Edouard Brétéché
208314b04a
feat: use namespace in bg scan instead of just labels (#12102) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-05 18:34:26 +00:00
Mariam Fahmy
04efe351a7
chore: remove polex match constraints (#12103) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 17:56:58 +00:00
Mariam Fahmy
970c255765
feat: validate CELPolicyExceptions (#12083) 
* feat: validate CELPolicyExceptions

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: add cel-policy-exceptions tests in the CI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 15:01:11 +00:00
shuting
1f3d82893b
feat: add vpol status (#11956) 
* feat: add vpol status

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: update status API

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update code-gen manifests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: reconcile vpol.status.conditions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: add default webhook filters

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: update codegen

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: enable .status subresource

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* chore: add missing files

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix: linter

Signed-off-by: ShutingZhao <shuting@nirmata.com>

---------

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2025-02-05 14:16:53 +00:00
Charles-Edouard Brétéché
de71b19b6e
chore: make validating policies e2e tests required (#12100) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-05 13:45:48 +00:00
Charles-Edouard Brétéché
8fc6e78c16
feat: add validating policies to reports aggregation (#12096) 
* feat: add validating policies to reports aggregation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chainsaw test

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* unit tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-05 13:21:28 +00:00
dependabot[bot]
5da2ff7324
chore(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 (#12094) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-05 06:49:49 +00:00
Charles-Edouard Brétéché
4a4aef54d3
feat: add reporting to validating admission handler (#12090) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 20:32:18 +00:00
Mariam Fahmy
9e8b655f6f
chore: add celpolicyexceptions in helm chart (#12084) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-05 00:15:45 +08:00
Charles-Edouard Brétéché
4f63ef5bc1
feat: consider Warn validation action (#12081) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 14:35:52 +00:00
Khaled Emara
88d3dc67d8
fix(flag): lookup kubeconfig only after parsing (#12082) 
Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>
 2025-02-04 14:15:58 +00:00
Charles-Edouard Brétéché
3b0c9d662c
refactor: webhook server/handlers (#12079) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 14:52:48 +02:00
Mariam Fahmy
192e655c45
chore: remove polex compiler (#12078) 
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
 2025-02-04 11:52:19 +00:00
Charles-Edouard Brétéché
c78ab6654c
tests: add chainsaw test for image data loading (#12077) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 09:22:43 +00:00
dependabot[bot]
ac45755fc5
chore(deps): bump ubuntu from 80dd3c3 to 7229784 in /.devcontainer (#12074) 
Bumps ubuntu from `80dd3c3` to `7229784`.

---
updated-dependencies:
- dependency-name: ubuntu
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 09:19:47 +01:00
dependabot[bot]
4b022f8d6a
chore(deps): bump sigs.k8s.io/release-utils from 0.10.0 to 0.11.0 (#12076) 
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.10.0 to 0.11.0.
- [Release notes](https://github.com/kubernetes-sigs/release-utils/releases)
- [Commits](https://github.com/kubernetes-sigs/release-utils/compare/v0.10.0...v0.11.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/release-utils
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 08:48:34 +01:00
dependabot[bot]
1422376d26
chore(deps): bump github.com/fluxcd/pkg/oci from 0.43.1 to 0.45.0 (#12059) 
Bumps [github.com/fluxcd/pkg/oci](https://github.com/fluxcd/pkg) from 0.43.1 to 0.45.0.
- [Commits](https://github.com/fluxcd/pkg/compare/oci/v0.43.1...oci/v0.45.0)

---
updated-dependencies:
- dependency-name: github.com/fluxcd/pkg/oci
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 05:10:04 +00:00
Charles-Edouard Brétéché
b908b1037a
feat: consider validation actions (#12072) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2025-02-04 06:29:40 +02:00