mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
2847 commits 16 branches 550 tags 288 MiB
Commit graph

34 commits

Author SHA1 Message Date
Shuting Zhao
45dd5b736d update short names, scope 2020-12-01 12:52:17 -08:00
shuting
370828afec
Fix typo, add short names (#1344) 
* fix typo

* add short names for report change request
 2020-11-30 23:26:49 -08:00
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2020-11-30 11:22:20 -08:00
Jim Bugwadia
2aeb5aa982 validate conditiona.operator as enum 2020-11-29 00:37:36 -08:00
Shuting Zhao
4be7528604 - reverse tag removal changes; - remove defaults 2020-11-18 17:36:06 -08:00
Shuting Zhao
c23c318052 remove tags 2020-11-18 17:16:47 -08:00
Shuting Zhao
8acc302336 remove default tag 2020-11-18 17:00:26 -08:00
Shuting Zhao
010c97f3ab remove background default tag 2020-11-18 16:46:08 -08:00
Shuting Zhao
168bb21093 add optional tag to gr.status 2020-11-18 15:07:12 -08:00
Shuting Zhao
2d8092d97c fixes https://github.com/kyverno/kyverno/issues/1238 2020-11-18 14:31:43 -08:00
Shuting Zhao
50c72e871f - add status to gr; - add printer column to gr 2020-11-18 12:07:25 -08:00
Shuting Zhao
9d7c304ffe update clusterpolicy description 2020-11-16 11:47:16 -08:00
Shuting Zhao
1e00ef27d0 update crd manifests 2020-11-15 22:47:55 -08:00
Shuting Zhao
2ff9d03b3f - set tag optional in generaterequest; - fix generate controller error log 2020-11-13 17:44:34 -08:00
Shuting Zhao
365dd6e408 update kyverno crd types.go 2020-11-13 16:02:44 -08:00
Shuting Zhao
047b2b8739 update types.go to generate schema 2020-11-12 19:48:39 -08:00
Shuting Zhao
5c38aab03d temporary check in the types for referencing 2020-11-12 16:44:14 -08:00
Shuting Zhao
2292bf860b update policyreport group to wgpolicyk8s.io 2020-11-11 15:09:07 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Shuting Zhao
b14174e51b refine description 2020-11-03 17:18:51 -08:00
Shuting Zhao
97e6382aaf update description 2020-11-03 16:57:47 -08:00
Shuting Zhao
d19a44d34c print fields failreAction and background for kyverno policy 2020-11-03 16:31:41 -08:00
Yuvraj
b7524467a3
Reconcile Generate request on policy update (#1096) 
* policy report crd added

* added namespaced rule

* remove extra field from crd

* revert crd change

* remove policy report chnages

* remove policy report chnages

* remove policy report chnages

* remove policy report chnages

* added logic for gr

* revert changes

* fixed generate rules

* fixed generate rules

* fixed generate rules

* fixed generate rules

* remove extra logs

* remove extra logs

* fixed e2e test

* remove extra logs

* crd issue resolved

* added check for sync

* add labels update

* add label update

* added permission to role

* roles added to helm

* roles added to helm
 2020-09-03 14:34:23 -07:00
Michael Barrientos
b067f41d02
Replace Policy CRD AnyValue fields with empty dict (#1086) 
/kind cleanup

\## Proposed change

This implements the same change as #1047, except for the new Policy CRD instead of the ClusterPolicy CRD, which apparently did not get those updates before merging.

When deploying Kyverno using Argo CD, we get a persistent false diff for the Policy custom resource definition (the definition itself, not instances of Policy), because Kubernetes converts the invalid AnyValue: {} property types to just an empty dict {}. Since the Kubernetes server makes this change to {} unilaterally after applying, when a diffing tool like Argo CD compares it against the YAML manifest, each such instance of AnyValue appears as a diff.

I know that since AnyValue is not part of the official OpenAPI V3 schema, and that when you run kubectl get crd policies.kyverno.io -o yaml the status message shows Kubernetes complaining about "Required value: must not be empty for specified object fields" for all of these fields. In theory the correct solution would be to somehow provide a full schema, but I know this can be tricky for these data/anyPattern/patches types, but at the minimum, I would like to get Argo CD to believe that there are no changes that need to be applied.

Since these fields are already silently turned into {} by Kubernetes, this should have no functionality change on existing code/deployments.
 2020-08-26 11:11:36 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058) 
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
 2020-08-19 09:07:23 -07:00
Pooja Singh
5a68653749
Supporting annotations in match/exclude (#1045) 
* Supporting annotations in match/exclude filters

* updated readme

* small fix
 2020-08-17 17:12:27 -07:00
Michael Barrientos
d2ac5b829b
Replace CRD AnyValue fields with empty dict (#1047) 2020-08-13 11:57:35 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
shuting
39de46fe39
983 kustomize support (#1026) 
* prototype - strategic merge patch

* add end to end test

* add engine strategic merge patch support

* set webhook reinvocationPolicy to IfNeeded

* refactor engine mutate code

* support JMESPath in strategic merge patch

* implement patchesJson6902

* update doc

* resolve pr comments
 2020-08-05 09:11:23 -07:00
NoSkillGirl
b589169b5e Added in-notin operator 2020-06-26 12:48:45 +05:30
NoSkillGirl
e8c4050d49 Added In and NotIn Operators 2020-06-26 12:48:12 +05:30
Yuvraj
01724d63cf
Synchronize data for generated resources (#933) 
* Generate request added fro update resource

* synchronize flag added

* documentation added for keeping resource synchronized

Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
 2020-06-23 07:19:43 +05:30
Yuvraj
4d9226351f replace crd with latest crd 2020-06-05 13:49:53 -07:00
Yuvraj
d96f3e6c89 remove duplicate crd changes 2020-06-05 13:42:53 -07:00