kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-04-24 13:07:31 +00:00

Author	SHA1	Message	Date
Marcus Noble	443d56fd4d	fix: set deployment name env var Signed-off-by: Marcus Noble <m.noble@elsevier.com>	2021-06-24 08:17:14 +01:00
shuting	3b06378142	remove selector from Helm chart (#2056 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-22 23:10:04 -07:00
Pooja Singh	c6c803511c	Merge pull request #1977 from RinkiyaKeDad/1818_default_to_baseline replacing pod security standard from default to baseline	2021-06-22 23:35:39 +05:30
George Kaz	d4180737f5	iterate-chart-version Signed-off-by: George Kaz <egeorgekaz@gmail.com>	2021-06-22 09:49:06 +01:00
RinkiyaKeDad	a93c46a8e8	psd -> psb Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-06-22 12:05:19 +05:30
George Kaz	de409159e3	Correct ca and cert namespace Signed-off-by: George Kaz <egeorgekaz@gmail.com>	2021-06-21 15:57:51 +01:00
Shuting Zhao	56eeefa6d1	tag v1.4.0 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-18 12:14:46 -07:00
Shuting Zhao	a9e3092fca	tag v1.4.0-rc4 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-17 17:52:11 -07:00
treydock	bc3755d0b1	Fix Helm chart metrics service to allow NodePort (#2035 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-06-17 15:20:31 -07:00
Shuting Zhao	3e4ee51267	tag v1.4.0-rc3 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-16 23:49:47 -07:00
shuting	65975a8b65	Enable webhooks configuration via Helm (#2032 ) * helm - enable configurations of webhooks Signed-off-by: Shuting Zhao <shutting06@gmail.com> * retry on update failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update Readme Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address lint errors Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-16 23:29:07 -07:00
Shuting Zhao	e61f6f9dd9	tag v1.4.0-rc2 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-15 21:59:19 -07:00
treydock	f1491fe6d3	Allow metrics service annotations to be defined separate from main service (#1988 ) * Allow metrics service annotations to be defined separate from main service Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Add test for metrics during Helm deployment testing Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Make services separate for kustomize Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Run 'make kustomize-crd' Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for metrics Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Helm chart for metrics service Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix helm chart testing Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-06-10 13:53:29 -07:00
Shuting Zhao	2ca824210d	tag v1.4.0-rc1 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-08 13:09:20 -07:00
shuting	e9a972a362	feat: HA (#1931 ) * Fix Dev setup * webhook monitor - start webhook monitor in main process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leaderelection Signed-off-by: Jim Bugwadia <jim@nirmata.com> * - add isLeader; - update to use configmap lock Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add initialization method - add methods to get attributes Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove newContext in runLeaderElection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to GenerateController Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add leader election to generate cleanup controller Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Gracefully drain request * HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920) * enable leader election for webhook register Signed-off-by: Shuting Zhao <shutting06@gmail.com> * extract certManager to its own process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * leader election for cert manager Signed-off-by: Shuting Zhao <shutting06@gmail.com> * certManager - init certs by the leader Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy report controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * rebuild leader election config Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start informers in leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start policy informers in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * enable leader election in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * move eventHandler to the leader election start method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add clusterrole leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixed generate flow (#1936) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * - init separate kubeclient for leaderelection - fix webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup Kyverno managed resources on stopLeading Signed-off-by: Shuting Zhao <shutting06@gmail.com> * tag v1.4.0-beta1 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix cleanup process on Kyverno stops Signed-off-by: Shuting Zhao <shutting06@gmail.com> * bump kind to 0.11.0, k8s v1.21 (#1980) Co-authored-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>	2021-06-08 12:37:19 -07:00
Ahmed Waleed Malik	3c4c6dae92	Remove runAsUser specification from Security Context (#1972 ) This fails on openshift since we cannot specify users within this range. Also, this template should be as close as possible to the vanilla manifest for deployment https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml Vanilla manifest omits the user specification https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml#L2478 Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>	2021-06-08 10:14:20 -07:00
RinkiyaKeDad	d1be681773	replacing pod security standard from default to baseline Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-06-08 13:02:02 +05:30
Nicolas Lamirault	62c4cd7e3d	Recommanded Kubernetes labels and custom labels (#1873 ) * Add: Recommanded Kubernetes labels Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: feature to add custom labels to resources metadata Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: manage labels with Kustomize Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: app label Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: app label for chart Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: make kustomize-crds Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: refactoring labels Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: clean kustomize code Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: typo Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: application version v1.3.6 Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: version v1.3.6 Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>	2021-06-01 11:54:33 -07:00
shuting	cd4d738667	Merge pull request #1877 from yashvardhan-kukreja/prometheus-integration-setup feat: Prometheus metrics integration	2021-05-26 12:31:21 -07:00
Yashvardhan Kukreja	8eae8ec492	feat: added support for exposing the metrics via kyverno-svc service Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>	2021-05-24 08:06:40 +05:30
Shuting Zhao	4f79f44f9f	tag v1.3.6 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-17 11:39:39 -07:00
Shuting Zhao	5dcb03e6f5	tag v1.3.6-rc5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-13 12:44:34 -07:00
Shuting Zhao	edd33a6d09	tag v1.3.6-rc4 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-10 10:18:38 -07:00
Simon Metzger	a65a85e55c	allow only supplementalGroups greater 0 (#1901 ) Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>	2021-05-10 10:14:08 -07:00
Shuting Zhao	55a987ed5e	tag v1.3.6-rc3 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-07 19:03:43 -07:00
Shuting Zhao	dfaf675185	tag v1.3.6-rc2 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-07 12:15:57 -07:00
Nicolas Lamirault	9bdde7abea	Resources for initContainers (#1871 ) * Add: resources for initContainers Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: increase memory limit for init container Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Add: init container resources Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Fix: kustomize CRD Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>	2021-05-07 09:53:00 -07:00
Nicolas Lamirault	02f1faca0b	Add: Display which chart version is installed (#1875 ) Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>	2021-05-04 10:59:55 -07:00
Shuting Zhao	7e575d0e19	tag v1.3.6-rc1 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-29 15:03:48 -07:00
Simon Metzger	6e76fd68f0	allow fsGroup values greater than zero (#1822 ) change the policy require-non-root-groups to allow fsGroup values greater than zero Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>	2021-04-21 12:12:26 -07:00
treydock	b5fd23588a	Fix Helm charts (#1828 ) * Fix Helm charts to render correctly Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Make Helm chart policies consistent Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-04-20 13:08:30 -07:00
Frank Jogeleit	56183cc73d	Add severity to pod security policies (#1797 ) Signed-off-by: Frank Jogeleit <fj@move-elevator.de>	2021-04-16 17:41:30 -07:00
Shuting Zhao	4a4fdc54ee	release v1.3.5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-16 14:04:00 -07:00
Shuting Zhao	a4b639f754	tag v1.3.5-rc5 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-15 17:35:25 -07:00
Shuting Zhao	3f18b5f7df	tag v1.3.5-rc3 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-14 13:12:12 -07:00
treydock	67973c2776	Add Helm tests to Github Actions (#1793 ) This reverts commit `2749280b6c`. Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-04-13 10:39:27 -07:00
shuting	2749280b6c	Revert "Add Helm tests to Github Actions (#1790 )" (#1792 ) This reverts commit `9c7f7019f3`.	2021-04-12 21:57:21 -07:00
treydock	9c7f7019f3	Add Helm tests to Github Actions (#1790 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-04-12 20:55:13 -07:00
shuting	9dab21619f	Match endpoint to the exact Kyverno Pod's IP (#1787 ) * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update printer column - validation failure action Signed-off-by: Shuting Zhao <shutting06@gmail.com> * match endpoint ip with the exact pod ip Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add tag "app.kubernetes.io/name"; - reduce throttling requests when deletes webhook configs Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add [SelfSubjectAccessReview,,] to resource filters Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-12 20:29:51 -07:00
shuting	f3ca1d78f1	Fix log message (#1779 ) * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update printer column - validation failure action Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-08 12:10:30 -07:00
Shuting Zhao	6f41acde03	tag v1.3.5-rc3 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-06 11:13:56 -07:00
Vyankatesh Kudtarkar	3ab75095b7	remove permission (#1758 ) * remove permission Signed-off-by: vyankatesh <vyankatesh@neualto.com> * remove duplicate resource Signed-off-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankatesh@neualto.com>	2021-04-02 11:22:59 -07:00
Shuting Zhao	a1d9cdd14b	tag v1.3.5-rc2 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-04-01 13:57:33 -07:00
treydock	91713ee566	Check webhooks are present during liveness (#1748 ) Fixes #1747 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-03-31 12:44:56 -07:00
Yuto Takahashi	e2cb30e752	Allow generatecontroller to handle Roles (#1739 ) * Allow generateoperator to handle Roles Signed-off-by: Yuto Takahashi <ytaka23dev@gmail.com> * Restore the releasable manifest Signed-off-by: Yuto Takahashi <ytaka23dev@gmail.com>	2021-03-29 22:48:41 -07:00
Shuting Zhao	0c860b7327	release v1.3.5-rc1 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-26 15:14:05 -07:00
Adam Kosmin	60653eb620	support envVars with sane default (#1715 ) Co-authored-by: windowsrefund <mtf8>	2021-03-16 14:11:04 -07:00
Shuting Zhao	592394df02	release v1.3.4	2021-03-05 10:56:02 -08:00
Shuting Zhao	edbd7bf222	release v1.3.4-rc1 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-03 12:00:31 -08:00
Arsh Sharma	ccfe8c443c	fix: added details regarding match.resources (#1654 ) * fix: added details regarding match.resources Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix: made revisions Signed-off-by: Arsh Sharma <arshsharma461@gmail.com> * fix: removed if not statement Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>	2021-03-03 11:22:45 -08:00

1 2 3 4

200 commits