mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
6998 commits 20 branches 550 tags 288 MiB
Commit graph

775 commits

Author SHA1 Message Date
georgekaz
216a4e13bf
Fix helm-release workflow (#2150) 
* add checkout step to helm releaser.

Signed-off-by: George Kaz <egeorgekaz@gmail.com>

Increment version

Signed-off-by: George Kaz <egeorgekaz@gmail.com>

* disable version check, revert version no. to last released

Signed-off-by: George Kaz <egeorgekaz@gmail.com>
 2021-07-19 13:01:17 -07:00
georgekaz
b9e77575be
Chart changes merged,not deployed,iterate version (#2111) 
* Chart changes merged,not deployed,iterate version

kyverno#2073 - Updates chart version to v1.4.2 - merged 13 days ago but not deployed
kyverno#2081 - Fix Helm release during tag - merged 9 days ago
kyverno#2037 - updated chart contents but not chart version - not released - merged 7 days ago
kyverno#2103 - updated chart contents but not chart version - not released - merged 3 hours ago

Status - main branch shows chart version is v1.4.2, git tag is v1.4.1 and latest helm chart on artifacthub.io/packages/helm/kyverno/kyverno is v1.4.1

This PR just iterates the chart version so that it's built, but I think chart versions should be incremented as part of the normal PR/merge process if chart elements are changed

Signed-off-by: George Kaz <egeorgekaz@gmail.com>

* break the helm release out into it's own workflows

Signed-off-by: George Kaz <egeorgekaz@gmail.com>

* workflow fixes

Signed-off-by: George Kaz <egeorgekaz@gmail.com>

* don't run helm-release on PR. Remove git config bit

Signed-off-by: George Kaz <egeorgekaz@gmail.com>
 2021-07-14 12:10:41 -07:00
shuting
104cd310e8
Cleanup Report Change Requests (#2134) 
* clean up RCRs if retry fails

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup report change request when background scan starts

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add verb deletecollection to ClusterRole kyverno:customresources

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-07-14 09:57:16 -07:00
Vyankatesh Kudtarkar
521ee0e683
remove duplicate (#2132) 2021-07-13 10:29:48 -07:00
Vyankatesh Kudtarkar
66aa4d0e4f
fix Helmchart doesn't respect metricsService.create flag (#2103) 2021-07-08 12:12:34 -07:00
Ernesto R. C. Pereda
f691a93f03
Add topologySpreadConstraints to helm charts 
Signed-off-by: Ernesto R. C. Pereda <ernesto.cruz@alayacare.com>
 2021-07-06 15:31:54 -04:00
Arsh Sharma
e74a5c803c
adding a note to deprecate name in favour of names (#2096) 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-07-06 11:34:06 -07:00
Retna
933e6ae274
Merge branch 'main' into issue-2036 
Signed-off-by: Retna Ramachandran <retna.ramachandran@gjensidige.no>
 2021-07-01 15:17:18 +02:00
Retna
7983229d75
fix: Formatting 2021-07-01 14:58:36 +02:00
Vyankatesh Kudtarkar
3de5d37b21
Merge pull request #1919 from windowsrefund/fix-envVars 
Helm chart: Eliminate duplicate env key when iterating over envVars
 2021-07-01 16:46:16 +05:30
shuting
2c9e52af98
update podSecurityStandard from default to baseline (#2084) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-29 15:54:17 -07:00
Valentin Velkov
63f4c9a884
Configurable success events on policies & resources. Generating failure events on policies by default. (#1939) 
* Remove unused event.Reason const

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Generate failure events on policies

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Generate success events on policy

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Introduce 'generateSuccessEvents' flag

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Unit tests & chart fix

Signed-off-by: Velkov <valentin.velkov@sap.com>
 2021-06-29 14:43:11 -07:00
Chip Zoller
436d44050b
Helm chart README fixes (#2062) 
* fix link to PR doc

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix description

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* chart README fixes

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Helm chart README clean-up

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* linting

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Revert "fix description"

This reverts commit e128152cd7.

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2021-06-29 13:48:26 -07:00
Arsh Sharma
fbc80cdfae
adding support for multiple names in match and exclude blocks (#2010) 
* add names in rd struct

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added checking logic

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* updated yamls

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* wip: fix empty set problem

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* working with exclude

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fixing name and names

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added error if both name and names are specified

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added tests

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* changed empty set logic, fixed whitespaces and comments

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fix match and exclude bug

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-28 22:31:22 -07:00
Vyankatesh Kudtarkar
8556cf6c91
Merge pull request #2066 from MarcusNoble/fix_helm_deployment_name 
fix: set deployment name env var
 2021-06-28 15:30:54 +05:30
Nicolas Lamirault
4ca208da25
FIX Custom labels indentation (#2073) 
* Fix: custom labels indentation

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: bump chart version

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-06-25 13:28:30 -07:00
Shuting Zhao
f9a89c4672 tag v1.4.1 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-24 15:13:15 -07:00
shuting
0a13ce9c73
Revert "Fix Helm deployment name issue" (#2070) 2021-06-24 14:22:34 -07:00
Pooja Singh
54a85c5da1
Merge pull request #2045 from vyankyGH/fix_deployment_name 
Fix Helm deployment name issue - install kyverno with helm release name != kyverno
 2021-06-24 19:19:19 +05:30
vyankatesh
235038e712 fix deployment issue 2021-06-24 13:07:51 +05:30
vyankatesh
11a05496de fix helm deployment name 2021-06-24 13:03:15 +05:30
Marcus Noble
443d56fd4d fix: set deployment name env var 
Signed-off-by: Marcus Noble <m.noble@elsevier.com>
 2021-06-24 08:17:14 +01:00
shuting
3b06378142
remove selector from Helm chart (#2056) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-22 23:10:04 -07:00
Pooja Singh
c6c803511c
Merge pull request #1977 from RinkiyaKeDad/1818_default_to_baseline 
replacing pod security standard from default to baseline
 2021-06-22 23:35:39 +05:30
Retna Ramachandran
5825dfbf4f
feat: splitting envVars for initContainers and containers 
Signed-off-by: Retna Ramachandran <retna@gjensidige.no>
Signed-off-by: Retna Ramachandran <retna.ramachandran@gjensidige.no>
 2021-06-22 15:41:58 +02:00
Retna Ramachandran
c95802bf84
fix: clean up of extra ENV key in manifest 
Signed-off-by: Retna Ramachandran <retna@gjensidige.no>
Signed-off-by: Retna Ramachandran <retna.ramachandran@gjensidige.no>
 2021-06-22 15:41:58 +02:00
Retna
194c99564e
fix: added envVars to containers 
Signed-off-by: Retna Ramachandran <retna.ramachandran@gjensidige.no>
 2021-06-22 15:41:58 +02:00
George Kaz
d4180737f5 iterate-chart-version 
Signed-off-by: George Kaz <egeorgekaz@gmail.com>
 2021-06-22 09:49:06 +01:00
RinkiyaKeDad
a93c46a8e8 psd -> psb 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-22 12:05:19 +05:30
George Kaz
de409159e3 Correct ca and cert namespace 
Signed-off-by: George Kaz <egeorgekaz@gmail.com>
 2021-06-21 15:57:51 +01:00
Shuting Zhao
56eeefa6d1 tag v1.4.0 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-18 12:14:46 -07:00
Shuting Zhao
a9e3092fca tag v1.4.0-rc4 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-17 17:52:11 -07:00
treydock
bc3755d0b1
Fix Helm chart metrics service to allow NodePort (#2035) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-06-17 15:20:31 -07:00
Shuting Zhao
3e4ee51267 tag v1.4.0-rc3 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-16 23:49:47 -07:00
shuting
65975a8b65
Enable webhooks configuration via Helm (#2032) 
* helm - enable configurations of webhooks

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* retry on update failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update Readme

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address lint errors

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-16 23:29:07 -07:00
Shuting Zhao
e61f6f9dd9 tag v1.4.0-rc2 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-15 21:59:19 -07:00
treydock
f1491fe6d3
Allow metrics service annotations to be defined separate from main service (#1988) 
* Allow metrics service annotations to be defined separate from main service

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Add test for metrics during Helm deployment testing

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Make services separate for kustomize

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Run 'make kustomize-crd'

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix e2e tests for metrics

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix Helm chart for metrics service

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix helm chart testing

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-06-10 13:53:29 -07:00
Shuting Zhao
2ca824210d tag v1.4.0-rc1 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-08 13:09:20 -07:00
shuting
e9a972a362
feat: HA (#1931) 
* Fix Dev setup

* webhook monitor - start webhook monitor in main process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leaderelection

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* - add isLeader; - update to use configmap lock

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add initialization method - add methods to get attributes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove newContext in runLeaderElection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to GenerateController

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add leader election to generate cleanup controller

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Gracefully drain request

* HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920)

* enable leader election for webhook register

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* extract certManager to its own process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* leader election for cert manager

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* certManager - init certs by the leader

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy report controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* rebuild leader election config

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start informers in leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start policy informers in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* enable leader election in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* move eventHandler to the leader election start method

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add clusterrole leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixed generate flow (#1936)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* - init separate kubeclient for leaderelection - fix webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup Kyverno managed resources on stopLeading

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* tag v1.4.0-beta1

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix cleanup process on Kyverno stops

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* bump kind to 0.11.0, k8s v1.21 (#1980)

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
Co-authored-by: vyankatesh <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
 2021-06-08 12:37:19 -07:00
Ahmed Waleed Malik
3c4c6dae92
Remove runAsUser specification from Security Context (#1972) 
This fails on openshift since we cannot specify users within this range. Also, this template should be as close as possible to the vanilla manifest for deployment https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml

Vanilla manifest omits the user specification https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml#L2478

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
 2021-06-08 10:14:20 -07:00
RinkiyaKeDad
d1be681773 replacing pod security standard from default to baseline 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-08 13:02:02 +05:30
Nicolas Lamirault
62c4cd7e3d
Recommanded Kubernetes labels and custom labels (#1873) 
* Add: Recommanded Kubernetes labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: feature to add custom labels to resources metadata

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: manage labels with Kustomize

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label for chart

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: make kustomize-crds

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: refactoring labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: clean kustomize code

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: typo

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: application version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-06-01 11:54:33 -07:00
shuting
cd4d738667
Merge pull request #1877 from yashvardhan-kukreja/prometheus-integration-setup 
feat: Prometheus metrics integration
 2021-05-26 12:31:21 -07:00
Yashvardhan Kukreja
8eae8ec492 feat: added support for exposing the metrics via kyverno-svc service 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:06:40 +05:30
windowsrefund
69ba308687 eliminate duplicate env key 2021-05-20 11:21:47 -04:00
Shuting Zhao
4f79f44f9f tag v1.3.6 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-17 11:39:39 -07:00
Shuting Zhao
5dcb03e6f5 tag v1.3.6-rc5 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-13 12:44:34 -07:00
Shuting Zhao
edd33a6d09 tag v1.3.6-rc4 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-10 10:18:38 -07:00
Simon Metzger
a65a85e55c
allow only supplementalGroups greater 0 (#1901) 
Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
 2021-05-10 10:14:08 -07:00
Shuting Zhao
55a987ed5e tag v1.3.6-rc3 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-07 19:03:43 -07:00