mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
1294 commits 15 branches 540 tags 276 MiB
Commit graph

138 commits

Author SHA1 Message Date
shivkumar dudhani
4e5f551fa7 clean up 2019-10-14 14:10:34 -07:00
shivkumar dudhani
17895e9718 cleanUp 2019-10-14 12:48:24 -07:00
shivkumar dudhani
21d174a2bf merge changes 2019-10-14 12:46:44 -07:00
Jim Bugwadia
053a92ba51 fix paths 2019-10-14 12:42:31 -07:00
shivkumar dudhani
530ac6962c initial clean up 2019-10-14 12:36:19 -07:00
shivkumar dudhani
4abdec337d documentation updates 2019-10-14 10:47:54 -07:00
Shuting Zhao
eb8bd71ac2 add test scenario - missing image tag 2019-10-10 19:13:04 -07:00
Shuting Zhao
38bf4d6055 add 'deny-use-of-host-fs' 2019-10-10 18:42:54 -07:00
Shuting Zhao
300665b22b Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 2019-10-10 12:30:14 -07:00
Shuting Zhao
24f3b8ac96 disallow automountServiceAccountToken 2019-10-10 12:29:48 -07:00
shivkumar dudhani
dbc35eb8f4 enable disabled tests 2019-10-10 12:22:07 -07:00
Shuting Zhao
f1ed0720c4 update default network policy to deny all ingress traffic 2019-10-10 11:08:20 -07:00
Shuting Zhao
7fcc6bbd33 require default namespace resource quota 2019-10-10 10:46:11 -07:00
Shuting Zhao
3087257b46 disallow use of default namespace 2019-10-10 10:34:49 -07:00
Shuting Zhao
012360ae3a allow trusted registries 2019-10-10 10:29:10 -07:00
shivkumar dudhani
0f7de18476 examples cleanup: move policies 2019-10-09 21:06:49 -07:00
Shuting Zhao
48c2c39da7 add samples/best_practices/require_default_network_policy.yaml 2019-10-09 18:52:48 -07:00
Shuting Zhao
3b2561dddb file name mistyped 2019-10-09 18:49:38 -07:00
Shuting Zhao
4d29b461ff add require_image_tag_not_latest.yaml 2019-10-09 18:35:07 -07:00
Shuting Zhao
3e1ef320a8 add require_probes.yaml 2019-10-09 17:49:00 -07:00
Shuting Zhao
ea25ed8460 add check-pod-request-limit.yaml 2019-10-09 17:37:31 -07:00
Shuting Zhao
381210e977 add disallow_node_port.yaml 2019-10-08 22:13:34 -07:00
Shuting Zhao
18c190447f update require-readonly-rootfilesystem.yaml 2019-10-08 22:09:58 -07:00
Shuting Zhao
cb44585d70 add disallow_readonly_rootfilesystem.yaml 2019-10-08 22:05:15 -07:00
Shuting Zhao
c755df6b70 add scenario_validate_disallow_hostpid_hostipc.yaml 2019-10-08 21:58:05 -07:00
Shuting Zhao
ce41e4a99d add disallow_host_network_hostport.yaml 2019-10-08 21:51:35 -07:00
Shuting Zhao
0c0a9a69a6 add disallow_priviledged_privelegesecalation.yaml 2019-10-08 21:42:49 -07:00
Shuting Zhao
8f8bd05106 add samples/best_practices/deny_runasrootuser.yaml 2019-10-08 21:30:19 -07:00
Shuting Zhao
cac41d9fda using anyPattern for allowed image registries 2019-10-07 14:34:32 -07:00
Shuting Zhao
87d9cdd9dd best practice: volume white list 2019-10-07 12:46:34 -07:00
Shuting Zhao
16a851cd8b update sysctl 2019-10-07 11:35:04 -07:00
Shuting Zhao
c80f9e0f9d best_practice: sysctl 2019-10-07 11:21:14 -07:00
Shuting Zhao
2243e9e2e7 best practice: validate container capability 2019-10-04 18:15:39 -07:00
Shuting Zhao
0c09ba53eb best-practice: validate default proc mount 2019-10-04 17:48:57 -07:00
Shuting Zhao
1bd8663e4c add selinux best practice 2019-10-04 17:28:42 -07:00
Shuting Zhao
04c147eb77 add security context "fsgroup" 2019-10-04 16:50:23 -07:00
Shuting Zhao
23c9212d67 fix hostpid/hostipc test runner 2019-10-01 14:53:58 -07:00
Shuting Zhao
5009e8abb7 change anypattern to pattern, refer #357 2019-10-01 14:45:16 -07:00
Shuting Zhao
d279d7fd77 update testrunner 2019-09-18 12:33:25 -07:00
Shuting Zhao
da3d48f020 update test scenario for non-root user 2019-09-17 18:51:16 -07:00
Shuting Zhao
658fb84e91 update best_practice Disallow privileged and privilege escalation 2019-09-17 18:42:08 -07:00
Shuting Zhao
f4eee4b30a update best-practice run as non-root uesr 2019-09-17 18:36:24 -07:00
Shuting Zhao
5e0415911a add best-practice: policy_validate_disallow_default_serviceaccount 2019-09-16 14:16:54 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
Shuting Zhao
e6a5b1ceb8 add namespace_quota testrunner 2019-09-10 12:27:21 -07:00
Shuting Zhao
2e22c21164 add policy_validate_disallow_node_port.yaml 2019-09-10 11:57:33 -07:00
Shuting Zhao
3237f3d799 add policy_validate_not_readonly_rootfilesystem.yaml 2019-09-09 18:13:38 -07:00
Shuting Zhao
3eeba1a32b add policy_validate_hostPID_hosIPC.yaml 2019-09-09 17:34:25 -07:00
Shuting Zhao
d0fd3e69ef update testrunner, unit test for validate_host_network_port 2019-09-09 16:08:15 -07:00
Shuting Zhao
0fe5a065dd add validate_hostpath testrunner 2019-09-09 15:06:54 -07:00
Shuting Zhao
b494dec7f3 add validate_namespace test runner 2019-09-09 14:33:55 -07:00
Shuting Zhao
d92026f94a add disallow_priviledgedprivelegesecalation test runner 2019-09-09 10:56:19 -07:00
Shuting Zhao
ae8264deae Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
#	examples/best_practices/policy_validate_container_security_context.yaml
#	examples/best_practices/validate_container_security_context.yaml
 2019-09-09 10:36:56 -07:00
shivkumar dudhani
59c1e83466 upate readme links and remove duplicate policies 2019-09-08 10:41:07 -07:00
Shuting Zhao
b667c47587 update testrunner for examples/best_practices/policy_validate_container_security_context.yaml 2019-09-06 18:54:19 -07:00
shivkumar dudhani
ff60dc05fd add policies 2019-09-06 10:03:24 -07:00
shivkumar dudhani
f56603e4d4 update message to show resource path of failure for validation + print custom message on failure + anyPattern to return on first success validation + update scenarios for test runner 2019-09-05 12:44:38 -07:00
shivkumar dudhani
fa53519e2a change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00
shivkumar dudhani
0a132054e1 fixes + support generate policies 2019-08-30 14:06:47 -07:00
shivkumar dudhani
a31f9c383d scneario file test runner 2019-08-30 00:22:37 -07:00
shivkumar dudhani
20e2f639eb add validate helper functions 2019-08-29 11:44:50 -07:00
shivkumar dudhani
35e0c7ca49 fix build errors + add example for exclude policy 2019-08-21 16:34:17 -07:00
Shuting Zhao
92d69bdb2a add script to generate N number of resources/policies 2019-08-05 16:24:59 -07:00
Shuting Zhao
912c99a88f add function to generate N policies 2019-08-02 19:22:52 -07:00
Shuting Zhao
3a639fd6fd cleanup example folder 2019-07-29 19:01:17 -07:00
shivkumar dudhani
073acbaa40 update policy yaml 2019-07-25 14:57:44 -04:00
shivkumar dudhani
15918ec0d8 rebase with master 2019-07-19 20:39:31 -07:00
shivkumar dudhani
3cb978c16f clean up + fix bugs 2019-07-19 20:30:55 -07:00
shivkumar dudhani
725a94cc37 refactor testrunner framework 2019-07-01 12:16:12 -07:00
Shuting Zhao
b63b3b869e create event from policy info 2019-06-26 18:04:50 -07:00
Anton Kostenko
5efbfe80c9 removed extra changes 2019-06-21 15:41:39 +03:00
shivdudhani
e1df4a0dd9 rework the framework 2019-06-17 18:11:22 -07:00
Anton Kostenko
1ae3db1517 updated test after bubfix 2019-06-10 16:08:35 +03:00
shivdudhani
5c71cc9d58 update test examples 2019-06-03 16:09:14 -07:00
Anton Kostenko
e2d5b0c1ef Updated examples 2019-05-23 20:37:11 +03:00
Jim Bugwadia
55c2c1581e fix conflicts 2019-05-22 20:26:53 -07:00
shivdudhani
ad835cf484 update apiVersion for test YAMLs and update spec.rules.generate type to object 2019-05-22 17:57:40 -07:00
shivdudhani
857aa81f3e update the project name in api version and test 2019-05-22 10:53:01 -07:00
shivdudhani
02d17f7d84 rebase with release 1.0 2019-05-22 10:43:29 -07:00
Denis Belyshev
6251e971cc 34: Updated documentation 2019-05-22 18:14:10 +03:00
shuting
dbd1bb4466 update example due to crd name changed 2019-05-21 18:38:52 -07:00
shuting
09bfdc6ba3 - Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-21 18:36:24 -07:00
shivdudhani
31ce087504 support list of kind in resource, update the CRD openapischema & adapt the test and examples for the change 2019-05-21 15:43:43 -07:00
shivdudhani
11d0923e36 replace typed client with dynamic client 2019-05-21 09:43:45 -07:00
Jim Bugwadia
3416e2fccb Merge branch 'develop' into 26-PolicyUseCasesForTesting 2019-05-21 09:14:37 -07:00
Anton Kostenko
2997a5139b updated policies 
updated policies according to new policy structure for testing
 2019-05-21 17:56:59 +03:00
Anton Kostenko
e200cdc2a4 new policy structure 
policies are modified according to new logic
 2019-05-21 17:54:55 +03:00
Jim Bugwadia
092fa3aa0a - move prior examples to 'test' and add new validation examples 2019-05-17 14:18:10 -07:00