kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 23:46:56 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	2f9951ed26	fix: helm chart jobs (#9555 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 00:34:09 +00:00
Chip Zoller	bf21328d39	Add Helm note for AKS users (#9552 ) * add note for AKS Signed-off-by: chipzoller <chipzoller@gmail.com> * add README paragraph Signed-off-by: chipzoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: chipzoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 23:42:42 +00:00
Charles-Edouard Brétéché	3234d0c1df	replace wildcard permissions with explicit resources/operations (#9516 ) * replace wildcard permissions with explicit resources/operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * core extra resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 13:35:05 +00:00
Charles-Edouard Brétéché	90cff77300	fix: CRDs codegen (#9542 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 09:45:52 +00:00
Marco Maurer (-Kilchhofer)	2ee9db072a	fix(policies): Add ability to configure skipBackgroundRequests (#9532 ) * fix(policies): Add ability to configure skipBackgroundRequests Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> * fix: Drop trailing spaces to fix CI Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> --------- Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-27 17:42:22 +00:00
shuting	7170cbb0c2	feat:Webhook config per policy (#9483 ) * add spec.webhookConfigurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * update crd Signed-off-by: ShutingZhao <shuting@nirmata.com> * configure webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * register webhook handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * skip storing finegrained policies in cache Signed-off-by: ShutingZhao <shuting@nirmata.com> * update resource validate handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate resource handler for fine-grained policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-27 13:00:22 +00:00
Brian Dunnigan	0ffb382282	#9529 Support adding extra elements to the default resourceFilters list (#9530 ) Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2024-01-26 22:46:20 +00:00
Mariam Fahmy	f01f0d6dc4	feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-26 18:43:07 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Charles-Edouard Brétéché	451d362104	feat: add more granular rbac rules to remove wildcards (#9507 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-24 16:07:18 +00:00
Khaled Emara	3ef598c155	chore(helm): omit normal events by default (#9493 ) * chore(helm): omit normal events by default Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(tests): fix tests related to events Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-24 13:16:18 +01:00
Vishal Choudhary	87c7ce254a	feat: add skipImageReferences in verify images (#8633 ) * feat: add skipImageReferences in verify images Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-23 12:27:39 +00:00
Charles-Edouard Brétéché	0ec8e2292c	fix: align clusterroles and bindings names (#9482 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 15:37:20 +00:00
Charles-Edouard Brétéché	2f4b823030	feat: improve crd migration helm hooks (#9481 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 14:13:29 +00:00
Mariam Fahmy	5fc7e96890	feat: migrate existing cleanup policies to the new storage version in helm hook (#9420 ) * feat: migrate existing cleanup policies to the new storage version in helm hook Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use kyverno CLI migrate command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-22 12:53:36 +01:00
Khaled Emara	566db3abfd	helm: add profiling support (#9338 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-22 02:08:43 +00:00
Mariam Fahmy	ea748276bb	feat: migrate existing policy exceptions to the new storage version in helm hook (#9412 ) * feat: migrate existing policy exceptions to the new storage version in helm Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add permissions for the admission controller to patch exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * move migration hook to a separate directory Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * use cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update admission controller permissions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-21 20:13:56 +00:00
shuting	6e5e7c745a	update bitnami/kubectl (#9408 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-16 06:04:29 +00:00
Mariam Fahmy	303fff21e3	feat: add podLabels to the hook jobs pod template (#9391 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-14 12:58:47 -05:00
treydock	cde4ac7154	Add global nodeSelector (#9339 ) Allow a global node selector to apply to all pods in the kyverno Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2024-01-05 23:28:16 +08:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00
Charles-Edouard Brétéché	1ef82ab530	feat: stop serving v2alpha1 cleanup policies (#9270 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-25 20:42:19 +00:00
Frank Wittig	2a9262c325	Add imagePullSecrets to post-upgrade job (#9264 ) Signed-off-by: Frank Wittig <frank@e5k.de> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-24 12:42:48 -05:00
Mariam Fahmy	5f09fa810c	chore: introduce v2 for updaterequests (#9267 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-23 00:09:02 +00:00
treydock	8308a6c69c	Support setting global extraEnvVars (#9269 ) Fixes #9243 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-12-22 22:07:11 +00:00
Charles-Edouard Brétéché	2b5aef75f1	feat: add cleanup policies v2 (#9261 ) * feat: add cleanup policies v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-22 20:43:27 +02:00
Mariam Fahmy	6bffca067a	chore: introduce v2 for internal reports resources (#9262 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-22 14:09:00 +00:00
Mariam Fahmy	b61a1f3d18	fix: set v2beta1 of exceptions the storage version (#9254 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 10:13:58 +00:00
Honnix	47cafaabd3	Support more signature algorithms (#9102 ) * Support more signature algorithms Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix codegen Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fail loudly for unsupported algorithm Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix codegen Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> * Fix more Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> --------- Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-21 13:27:33 +05:30
Mariam Fahmy	d5e5219601	chore: remove v2alpha1 version of policy exceptions (#9211 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 16:27:08 +00:00
Mariam Fahmy	8e0a7aa204	feat: promote policy exceptions to v2 (#9208 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-19 10:43:39 +00:00
shuting	7282ecca9f	fix: add `skipBackgoundRequests` to configure loop protection option (#9157 ) * fix typo Signed-off-by: ShutingZhao <shuting@nirmata.com> * add new attribute skipBackgroundRequests Signed-off-by: ShutingZhao <shuting@nirmata.com> * move to per rule config Signed-off-by: ShutingZhao <shuting@nirmata.com> * check flag Signed-off-by: ShutingZhao <shuting@nirmata.com> * clean up Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix logger Signed-off-by: ShutingZhao <shuting@nirmata.com> * add retryCount to ur.status Signed-off-by: ShutingZhao <shuting@nirmata.com> * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-19 06:25:12 +00:00
Charles-Edouard Brétéché	f8de6810fa	fix: enable additional report printers by default (#9194 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-18 17:38:41 +00:00
Mariam Fahmy	e22cd9818f	fix: deprecate spec.schemaValidation (#9189 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-18 16:32:11 +00:00
Mariam Fahmy	788a7a318c	fix: add tolerations and affinity to the post-upgrate hook (#9156 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-15 08:12:53 +00:00
siddhikhapare	060aa7fc05	Update helm docs (#9057 ) * Update helm docs Signed-off-by: siddhikhapare <siddhikhapare77@gmail.com> * changes added Signed-off-by: siddhikhapare <siddhikhapare77@gmail.com> * policy file updated Signed-off-by: siddhikhapare <siddhikhapare77@gmail.com> --------- Signed-off-by: siddhikhapare <siddhikhapare77@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-11 17:38:26 +00:00
Marc	7516e3494a	allow setting a priorityClassName for the cleanup job pods (#9106 ) * allow setting a priorityClassName for the cleanup job pods Signed-off-by: mheyer <heyer@babymarkt.de> * fix README.md Signed-off-by: mheyer <heyer@babymarkt.de> --------- Signed-off-by: mheyer <heyer@babymarkt.de> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-07 14:58:41 +00:00
Zadkiel Aharonian	5e96b26a48	feat: webhook labels (#9015 ) Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-07 12:58:31 +00:00
Mariam Fahmy	bb175943f2	chore: update chart.yaml with the changes (#9070 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-04 17:49:03 +08:00
Mariam Fahmy	a3279329eb	fix: add nodeSelector to the reports cleanup helm hook (#9065 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-04 06:38:28 +00:00
treydock	8295ec9e70	Fix Helm chart to not error when replicas defined (#9066 ) Fixes #8941 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-12-03 23:03:09 +02:00
Zadkiel Aharonian	265470f85e	fix(helm): Rename dashboard.json to kyverno-dashboard.json (#9041 ) Signed-off-by: Zadkiel Aharonian <hello@zadkiel.fr>	2023-11-28 23:33:25 +00:00
Mariam Fahmy	cb80329a79	fix: cleanup older policy reports (#9026 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-28 10:36:02 +00:00
treydock	7a55aca83d	Allow defining ca-certificates bundle for Kyverno deployments (#8969 ) Document how to set proxy environment variables Fixes #6749 Fixes #5205 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-11-21 15:47:32 +00:00
treydock	fcade6c88a	Allow excluding resources from config.resourceFilters (#8946 ) Fixes #8860 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-11-21 14:41:16 +00:00
Vishal Choudhary	b391694e67	feat: allow setting admission controller replica count to 2 (#8932 ) * feat: allow setting admission controller replica count to 2 Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add warning for HA mode Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2023-11-17 14:59:40 +00:00
Dirk Pahl	d8c2c5818d	Make server ports configurable, resolves #7279 (#7728 ) * Make server ports configurable, resolves #7279 Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Make server ports configurable, resolves #7279 Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Switch to flags instead of env vars Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Could not use internal package in webhooks pkg Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * Add helm chart changes Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * make codegen-docs-all Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> * make codegen-manifest-all Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> --------- Signed-off-by: Dirk Pahl <dirk.pahl@deutschebahn.com> Co-authored-by: Dirk Pahl <dirk.pahl@deutschebahn.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-17 14:19:53 +00:00
Matt Dainty	94281b0c95	fix: Add chart parameters for setting revisionHistoryLimit (#8907 ) Signed-off-by: Matt Dainty <matt@bodgit-n-scarper.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2023-11-16 18:50:17 +00:00
treydock	830e4290ff	Revert "fix(chart): only create ServiceMonitor if cluster supports it (#7926 )" (#8913 ) This reverts commit `590dce5830`. This will ensure servicemonitor can be enabled with ArgoCD which doesn't support querying API capabilities Fixes #8891 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-16 15:42:56 +00:00
Peter Jakubis	bed463214e	correct typo in README for Kyverno 1.10+ (#8911 ) Signed-off-by: Peter Jakubis <balonik32@gmail.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2023-11-16 10:45:05 +00:00

1 2 3 4 5 ...

775 commits