mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
5128 commits 16 branches 550 tags 288 MiB
Commit graph

316 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
66ba0fc5ec
fix: exception validation follow up (#5697) 
* fix: exception validation follow up

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-12-15 17:53:22 +08:00
Charles-Edouard Brétéché
4618dc39d0
feat: add policy exception validation webhook (#5679) 
* feat: add policy exception validation webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* handler

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* validation

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-12-15 08:34:44 +00:00
Charles-Edouard Brétéché
1ea4a0db19
refactor: use internal cmd package in kyverno (#5507) 2022-11-30 13:37:53 +00:00
Charles-Edouard Brétéché
ff9ba81440
feat: add webhook type to admission metrics (#5493) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-30 17:30:24 +08:00
Charles-Edouard Brétéché
c2549898c9
refactor: move metrics closer to the code that use them (#5492) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-28 19:11:11 +01:00
Charles-Edouard Brétéché
fa88f4a2ff
feat: add new filtering handlers (#5472) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-25 08:58:13 +00:00
Charles-Edouard Brétéché
67bd7b1edc
fix: remove filtering for policy admission handlers (#5462) 
* fix: remove filtering for policy admission handlers

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move kyverno filtering

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-11-25 09:21:39 +01:00
Charles-Edouard Brétéché
f4c2f24208
feat: improve handlers tracing code (#5442) 
* feat: improve handlers tracing code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-23 06:50:55 +00:00
Charles-Edouard Brétéché
9983e82770
feat: add tracing middleware (#5397) 
* feat: add tracing middleware

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add middleware

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add tracing to middlewares

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-11-18 09:18:00 +00:00
Charles-Edouard Brétéché
fdf5b840b6
refactor: propagate context through admission handlers (#5392) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-17 15:17:52 +00:00
Charles-Edouard Brétéché
cc8f643767
refactor: admission metrics (counter and latency) (#5245) 
* refactor: move all middlewares in handlers sub package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: admission metrics (counter and latency)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* builder

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-09 18:52:20 +08:00
Charles-Edouard Brétéché
a08c8b03fe
refactor: move all middlewares in handlers sub package (#5244) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-11-07 14:53:40 +00:00
Charles-Edouard Brétéché
a64475a6db
refactor: health check system (#5176) 
* refactor: health check system

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* filter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-11-03 11:19:38 +01:00
yinka
822dbdc011
feat: enable/disable Debug mode which shows entire AdmissionReview payload (#5024) 
* work in progress PR

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* add custom request struct

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* pass debug mode option through constructor and replace logger with klogr

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* make changes

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* add another test case

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* removed unused function

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-10-21 16:17:49 +00:00
Charles-Edouard Brétéché
73712f3738
feat: add webhook server logger (#5063) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-10-19 13:12:55 +00:00
Charles-Edouard Brétéché
a0bcf7a966
fix: configure idle timeout in server (#5062) 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
 2022-10-19 12:09:04 +00:00
Charles-Edouard Brétéché
4aed9359cb
refactor: manage webhooks with webhook controller (#4846) 
* refactor: add config support to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: add client config to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* migrate verify webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: move policy webhooks management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy validating webhook config

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watch policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: migrate resource webhook management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update and wildcard policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy readiness

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: can't use v1 admission

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* reduce reconcile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* health check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove delete from mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-10-12 06:52:42 +00:00
Charles-Edouard Brétéché
ac8f4ba59c
refactor: make server owner of the cleanup chan (#4765) 
* refactor: make server owner of the cleanup chan

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* gofumpt

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-30 16:13:29 +02:00
Charles-Edouard Brétéché
665e513c5e
fix: split webhook handlers per failure policy (#4650) 
* fix: split webhook handlers per failure policy

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix handlers

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* rolling update

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* better error message

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-09-26 15:55:46 +00:00
Charles-Edouard Brétéché
42a2df56c1
refactor: add a couple of constants in api (#4640) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-19 09:11:12 +00:00
Charles-Edouard Brétéché
f791717aad
refactor: webhook propagate start time along handlers (#4529) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-08 07:34:55 +00:00
Charles-Edouard Brétéché
317a3ae0bf
feat: add kyverno managed resources protection (#4414) 
* feat: add kyverno managed resources protection

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* add toggle

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-06 15:43:04 +00:00
Charles-Edouard Brétéché
144985ee5a
chore: fix golangcilint timeout (#4388) 
* chore: fix golangcilint timeout

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix commit sha

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* add .gitattributes

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-24 21:08:24 +08:00
shuting
750b4b106c
Reset policy status on termination (#4269) 
- reset policy status to false on termination
- retry reconciling policies when .status.ready=false


Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-07-27 14:15:06 +05:30
Charles-Edouard Brétéché
c112aaefa1
refactor: separate resource mutation/validation handlers from server (#3908) 
* refactor: webhooks server logger

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: separate policy mutation/validation handlers from server

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* separate resource mutation from server code

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-16 22:36:21 +08:00
Charles-Edouard Brétéché
70954b9995
refactor: policy cache (#3919) 
* refactor: simplify policy cache

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: policy cache

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* remove update and add policies map

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: review comments

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-16 07:56:16 +00:00
Charles-Edouard Brétéché
87ac548563
refactor: separate policy mutation/validation handlers from server (#3905) 
* refactor: webhooks server logger

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: separate policy mutation/validation handlers from server

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-05-13 07:33:20 +02:00
Charles-Edouard Brétéché
a5e623f939
refactor: webhooks server logger (#3904) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-12 15:47:44 +00:00
Jim Bugwadia
36affff4b7
Timeout and init (#3893) 
* increase timeout to 30s to match webhook timeout

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initialize Fulcio roots at startup

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add TUF root

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix chart

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make helm-gen

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-12 10:55:14 +08:00
Charles-Edouard Brétéché
c2602d8181
refactor: cleanup tls package (#3854) 
* refactor: init certs with certs renewer directly

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cleanup tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché
2064a69b8a
refactor: make config vars private (#3823) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché
a981957a9d
feat: fetch tls certificate dynamically (#3851) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-10 09:55:39 +00:00
Jim Bugwadia
76608e315e
handle duplicate images; use container name as key (#3779) 
* handle duplicate images; use container name as key

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use OldObject for modify requests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* use unique image names

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* merge main

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* create a single annotation patch across rules and images

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fmt and change annotation key name

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-05 14:06:18 -07:00
Charles-Edouard Brétéché
bb6e9a1ada
refactor: move config controller in controllers package (#3790) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: move config controller in controllers package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché
c79223393b
refactor: dclient package (#3775) 
* refactor: replace clientset by inteface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: dclient package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché
6e07acdd87
refactor: replace clientset by inteface (#3774) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 20:30:07 +00:00
Charles-Edouard Brétéché
18af55ed49
refactor: wait for cache sync (#3765) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-03 01:41:39 +08:00
shuting
a4815f77c4
Convert GenerateRequest to UpdateRequest for backward compatibility (#3730) 
- Remove GenerateRequest Informer
 - Rename GenerateRequest to UpdateRequest in logs and vars
 - Fix initContainer leader election
 - Convert GenerateRequest to UpdateRequest in initContainer
 - Remove unused methods
 - Add printer column ruleType to UR


Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-04-29 16:35:49 +05:30
Vyankatesh Kudtarkar
ae75b97cb7
Fix issue pod should not be ready until the policy cache loaded (#3646) 
* fix issue pod should not be ready until the policy cache  loaded.

* remove unused code

* remove testcase

* add test case

* fix issue

* add lister

* fix lift issue

* address comment
 2022-04-26 06:26:46 +00:00
shuting
2a656f6de0
feat: mutate existing resources (#3669) 
* feat: mutate existing, replace GR by UR in webhook server (#3601)

* add attributes for post mutation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR informer to webhook server

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace gr by ur across entire packages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add YAMLs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs & fix unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR deletion handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add api docs for v1beta1

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix clientset method

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix v1beta1 client registration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing - generates UR for admission requests (#3623)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace with UR in policy controller generate rules (#3635)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* - enable mutate engine to process mutateExisting rules; - add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* implemented ur background reconciliation for mutateExisting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix webhook update error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* temporary comment out new unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing, replace GR by UR in webhook server (#3601)

* add attributes for post mutation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR informer to webhook server

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace gr by ur across entire packages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix missing policy.kyverno.io/policy-name label (#3599)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* refactor cli code from pkg to cmd (#3591)

* refactor cli code from pkg to cmd

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes in imports

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes tests

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixed conflicts

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* moved non-commands to utils

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>

* add YAMLs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs & fix unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add UR deletion handler

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add api docs for v1beta1

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix clientset method

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add-kms-libraries for cosign (#3603)

* add-kms-libraries

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* Shifted providers to cosign package

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add support for custom image extractors (#3596)

Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>

* Update vulnerable dependencies (#3577)

Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix v1beta1 client registration

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* feat: mutate existing - generates UR for admission requests (#3623)

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* updating version in Chart.yaml (#3618)

* updatimg version in Chart.yaml

Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

* changes from, make gen-helm

Signed-off-by: Prateeknandle <prateeknandle@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Allow kyverno-policies to have preconditions defined (#3606)

* Allow kyverno-policies to have preconditions defined

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix docs

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* replace with UR in policy controller generate rules (#3635)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - enable mutate engine to process mutateExisting rules; - add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* implemented ur background reconciliation for mutateExisting policies

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix webhook update error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* temporary comment out new unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Image verify attestors (#3614)

* fix logs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix logs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* support multiple attestors

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* rm CLI tests (not currently supported)

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* apply attestor repo

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix linter issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix entryError assignment

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* format

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add intermediary certs

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Allow defining imagePullSecrets (#3633)

* Allow defining imagePullSecrets

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use dict for imagePullSecrets

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Simplify how imagePullSecrets is defined

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Fix race condition in pCache (#3632)

* fix race condition in pCache

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refact: remove unused Run function from generate (#3638)

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* Remove helm mode setting (#3628)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refactor: image utils (#3630)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>

* -resolve lift comments; -fix informer sync issue

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* refact the update request cleanup controller

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* - fix delete request for mutateExisting; - fix context variable substitution; - improve logging

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - enable events; - add last applied annotation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* enable mutate existing on policy creation

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update autogen code

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* merge main

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add unit tests

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address list comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix "Implicit memory aliasing in for loop"

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove unused definitions

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update api docs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-25 12:20:40 +00:00
Prateek Pandey
9def86c49a
refactor generate controller (#3589) 
* refact generate controller

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* rename the dir to background

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-04-13 12:45:04 +00:00
Charles-Edouard Brétéché
3d554ce53b
refactor: engine context (#3563) 
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-09 11:52:50 +00:00
Charles-Edouard Brétéché
06c2b2bb79
refactor: switch to admission v1 (#3526) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-06 20:43:07 +00:00
Charles-Edouard Brétéché
adca5f200b
fix: tls min version (#3521) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 17:12:38 +00:00
Charles-Edouard Brétéché
6e813a6b9e
refactor: webhooks package (#3516) 
* refactor: use more policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: migrate to policy interface

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: webhooks package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 23:34:10 +08:00
Charles-Edouard Brétéché
9f9e0d749f
refactor: use policy interface in policycache package (#3503) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-30 19:58:09 +05:30
Prateek Pandey
2ce205b9e9
use mutex as field instead of embedded (#3480) 2022-03-28 14:01:33 +08:00
Prateek Pandey
9c064ac76d
fix: use RWMutex lock while concurrent read/write (#3462) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-03-25 12:40:34 +08:00
Charles-Edouard Brétéché
4136566bd9
feat: add toggle package for feature flags (#3419) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-18 16:16:42 +00:00
Charles-Edouard Brétéché
865eef248d
feat: stop adding autogen annotation (#3379) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-18 11:30:49 +00:00