kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	2f81c77850	refactor: use GetFailurePolicy method (#3545 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-05 04:49:30 +08:00
Charles-Edouard Brétéché	857cd1209c	refactor: separate kube utils package (#3527 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-01 08:34:25 +00:00
Charles-Edouard Brétéché	c59affb248	refactor: factorize policy interface (#3496 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 15:52:45 +00:00
Charles-Edouard Brétéché	b4cf89e57f	feat: add webhooks object selector support (#3413 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 23:09:44 +08:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	4efcabffb5	refactor: use abstract policy interface in webhookconfig (#3466 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-25 14:43:47 +00:00
Mritunjay Kumar Sharma	e303dddf86	adds lease objects for storing last-request-time and set-status annotations in deployment (#3447 ) * funcs to patch last request time and status Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * instead of patch, updating status Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * added lease object appraoch Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * cleanup Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * attempt to solve panic issue Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes lease updates for both annotations Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * minor cleanups in log messages Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * clean up Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * add object selector Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed leases and object selector Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>	2022-03-25 21:42:01 +08:00
Charles-Edouard Brétéché	65409890b4	refactor: remove ns lister from webhookconfig (#3452 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-23 16:04:02 +08:00
Vyankatesh Kudtarkar	e268be9e88	support for deprecated API's (#3439 ) * support for deprecated API's * add testcase * update condition * fix logic	2022-03-22 18:25:35 +00:00
Thomas Hartland	0360ad25c1	Fix check for generated webhook rules being equal to what the API server has (#3407 ) * Add webhookRulesEqual function and test Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk> * Handle edge cases in webhookRulesEqual function Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk>	2022-03-21 12:41:53 +00:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	30261b5235	feat: add conditions support (#3378 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 22:00:01 +08:00
shuting	cc10feb906	fix webhook configuration issue when auto update is disabled (#3417 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-03-18 10:05:00 +00:00
shuting	69518b7c9c	Fix webhook re-creation error (#3403 ) * fix webhook re-creation issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook monitor blocking call Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-03-16 15:23:46 +00:00
Thomas Hartland	36f532840d	Only queue one retry if webhook update fails (#3353 ) Queueing two retries can lead to exponential growth. Adding a delay before the retry should reduce the number of failed attempts to update webhooks. Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-16 12:08:03 +00:00
Charles-Edouard Brétéché	9e623bbf6e	feat: add rules to status (#3376 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add rules to status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-15 14:49:16 +00:00
Charles-Edouard Brétéché	8d08250e07	feat: add autogen controllers to policy status (#3332 ) * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 23:51:29 +08:00
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
shuting	2eefe3a544	Skip updating webhook configs if namespaceSelector is nil (#3237 ) * skip updating webhook configs if namespaceSelector is nil Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comment for mutating webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * address comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logs Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-16 17:07:09 +05:30
shuting	ae4ff4f6b9	Fix dynamic webhook for namespace policies (#3044 ) * fix dynamic webhook for namespace policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * improve policy listing to reduce duplicate processing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logger Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-22 07:55:14 +00:00
Prateek Pandey	c30dfe70a5	fix deployment replica type conversion and refactor webhook logs (#3022 ) - add level in info webhook configuration update success logs - fix deployment replica count conversion issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-01-19 17:14:33 +00:00
Kumar Mallikarjuna	e39489f838	SharedInformers for WebhookConfigurations (#3007 ) * SharedInformers for WebhookConfigurations Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to typed resources Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove default informers from Resource Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Formatted files Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 15:57:32 +00:00
Abhinav Sinha	b5341b685d	Support `namespaceSelector` with dynamic webhook enabled (#2953 ) * Support `namespaceSelector` with dynamic webhook enabled Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggested changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Implemented suggest changes Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-19 07:59:08 +00:00
shuting	cde1d0f2b2	clean up managed resources when cannot find kyverno deployment (#3018 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-01-18 16:45:24 +00:00
Kumar Mallikarjuna	771d62b735	Added Kyverno specific SharedInformerFactory (#2987 ) * Added Kyverno specific SharedInformerFactory Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to returned resource Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 15:52:48 +00:00
Abhinav Sinha	7ceba594b2	Corrected the value of `INIT_CONFIG` env in deployment (#2927 ) Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-07 10:52:34 +00:00
Kumar Mallikarjuna	214f338ec3	Fix TLS inconsitency in HA (#2910 ) * Fix TLS inconsitency in HA Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove rendundant err definitions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Handle all Secret errors Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-06 09:11:16 +00:00
shuting	df105ff596	Improve endpoint check (#2902 ) * improve endpoint checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * update make target for the local build Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-05 07:47:42 +00:00
Kumar Mallikarjuna	3f61e2dd3a	Added report generation for verifyImage rules (#2782 ) * Add report generation for verifyImage rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add flag comment Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Mutation: handleDelete() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant delete Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Test validation failure Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Validation force rules test Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Default validation behaviour Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Manual rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update Config Manager Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Move Delete check Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-05 07:07:44 +00:00
Prateek Pandey	f6e40b5dd1	feat(validation): support for ephemeral containers (#2875 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-28 14:22:52 +00:00
Vyankatesh Kudtarkar	39a299f317	Update labels to fetch cluster role (#2842 )	2021-12-16 07:55:58 +00:00
Vyankatesh Kudtarkar	b7767d79d3	change cluster role labels (#2776 ) * change cluster role labels * change cluster role label value * fix cluster role label issue * fix comment	2021-12-02 15:52:34 +05:30
Steven E. Harris	f90b982903	Allow use of "pods/binding" subresource (#2721 ) For cases where a policy matches the "Bindings" kind in the "core/v1" API group and version, adjust the pertinent Webhook configuration rule to use the "pods/binding" subresource. Doing so allows observing and reacting to the Kubernetes scheduler (and its "extenders") assigning pods to nodes, before any other system actors observe that assignment. This is an opportune moment in between the pod' creation and a kubelet starting it running. Signed-off-by: Steven E. Harris <seh@panix.com>	2021-11-16 22:26:22 +01:00
Vyankatesh Kudtarkar	fa95132806	Fix: Hard-coded ClusterRoleName in OwnerRef breaks (#2718 ) * fix hardcoded clusterrole name * Fix label	2021-11-16 19:32:42 +08:00
Danny__Wei	84c44c0827	obtain webhook config name dynamically (#2698 )	2021-11-08 20:09:19 -08:00
Pooja Singh	0e8341166d	ignoring generate kinds from mutate webhook (#2656 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-11-06 23:06:00 +05:30
Vyankatesh Kudtarkar	6eb7cf57f7	bug fix : Kyverno policies block uninstall of Kyverno (#2659 ) * bug fix uninstall kyverno issue * rename the methods	2021-11-02 23:44:32 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	1966c82c6d	Fix various go lint issues (#2639 ) * Fix various go lint issues Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Fix if mistake Signed-off-by: Marcus Noble <github@marcusnoble.co.uk> * Simplified returns Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 17:06:03 +02:00
Jamie	caf2180dca	fix: found a handful other magic strings that needed some webhook love (#2546 ) Signed-off-by: Random J Developer <interns@coreweave.com> Signed-off-by: Jamie Roberts <jroberts@coreweave.com>	2021-10-15 09:54:07 -07:00
ShutingZhao	28183be24f	fix webhook update for PodExecOptions Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-14 13:22:07 -07:00
Bricktop	ab8822963b	Add exclusions to make gosec happy (#2540 ) * Add exclusions to make gosec happy Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de> * Add forgotten file Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>	2021-10-13 15:05:13 -07:00
Sachin	a42e944c22	fix Potential file inclusion via variable (#2523 ) Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>	2021-10-13 10:48:45 -07:00
shuting	9dc2c2b4bf	Bugfixes - handle verifyImage rules for webhooks configurations (#2501 ) * dynamic webhooks for verifyImages rule Signed-off-by: ShutingZhao <shutting06@gmail.com> * add namespace env to the initContainer Signed-off-by: ShutingZhao <shutting06@gmail.com> * add debug log Signed-off-by: ShutingZhao <shutting06@gmail.com> * update operator schema validation tag Signed-off-by: ShutingZhao <shutting06@gmail.com> * set policy to ready if auto-update-webhook disabled Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-07 13:50:30 -07:00
ShutingZhao	b42c44eff0	update policy status to false if error occurs	2021-10-06 20:48:36 -07:00
ShutingZhao	08d75245a2	matching resources should be updated separate for mutate and validate rules Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-06 20:43:19 -07:00
Kumar Mallikarjuna	254be4c1d3	Leader Election for initContainer (#2489 ) * Local build Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Leader Election for initContainer Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Lease deletion Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Use wrc client Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * log error out Signed-off-by: ShutingZhao <shutting06@gmail.com> Co-authored-by: ShutingZhao <shutting06@gmail.com>	2021-10-06 16:12:07 -07:00
shuting	b10947b975	Dynamic webhooks (#2425 ) * support k8s 1.22, update admissionregistration.k8s.io/v1beta1 to admissionregistration.k8s.io/v1 Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add failurePolicy to policy spec; - fix typo Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add schema validation for failurePolicy; - add a printer column Signed-off-by: ShutingZhao <shutting06@gmail.com> * set default failure policy to fail if not defined Signed-off-by: ShutingZhao <shutting06@gmail.com> * resolve conflicts Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix missing type for printerColumn Signed-off-by: ShutingZhao <shutting06@gmail.com> * refactor policy controller Signed-off-by: ShutingZhao <shutting06@gmail.com> * add webhook config manager Signed-off-by: ShutingZhao <shutting06@gmail.com> * - build webhook objects per policy update; - add fail webhook to default webhook configurations Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix panic on policy update Signed-off-by: ShutingZhao <shutting06@gmail.com> * build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all Signed-off-by: ShutingZhao <shutting06@gmail.com> * - set default webhook configs rule to empty; - handle policy deletion Signed-off-by: ShutingZhao <shutting06@gmail.com> * reset webhook config if policies with a specific failurePolicy are cleaned up Signed-off-by: ShutingZhao <shutting06@gmail.com> * handle wildcard pocliy Signed-off-by: ShutingZhao <shutting06@gmail.com> * update default webhook timeout to 10s Signed-off-by: ShutingZhao <shutting06@gmail.com> * cleanups Signed-off-by: ShutingZhao <shutting06@gmail.com> * added webhook informer to re-create it immediately if missing Signed-off-by: ShutingZhao <shutting06@gmail.com> * update tag webhookTimeoutSeconds description Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix e2e tests Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix linter issue Signed-off-by: ShutingZhao <shutting06@gmail.com> * correct metric endpoint Signed-off-by: ShutingZhao <shutting06@gmail.com> * add pol.generate.kind to webhooks Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-05 00:15:09 -07:00
Pooja Singh	ba00ead7f8	adding ownerRef with namespace (#2263 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-08-13 17:07:40 -07:00
Pooja Singh	f9616cbab1	Removing OwnerReference (#2251 ) * removing OwnerReference Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-08-10 17:05:20 -07:00

1 2 3 4

172 commits