kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	3941754a92	feat: add context support to leader election (#4811 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-05 10:19:50 +00:00
Charles-Edouard Brétéché	433c5bfd77	feat: add context funcs to logging package (#4812 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-05 17:37:52 +08:00
yinka	688b4fb8e3	add package logger in files (#4766 ) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché	c42851a37a	refactor: use context in dynamic client instead of chan (#4756 ) * refactor: use context in dynamic client instead of chan Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-30 10:12:21 +02:00
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché	481a09823f	refactor: use pod name as leader id (#4680 ) * refactor: use pod name as leader id Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix manifests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * leader client Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-26 16:25:27 +00:00
Charles-Edouard Brétéché	79bff1c19c	refactor: replace signal package by signal.NotifyContext (#4691 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-09-26 14:24:32 +00:00
shuting	3bf3dcc1af	Add the metric "kyverno_client_queries_total" (#4359 ) * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-31 11:33:47 +05:30
Ayushman	1394b91898	Added kubeconfig flag support (#4308 ) * Added kubeconfig flag support Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com> * removed swp file Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com> * changed Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com> Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-29 06:21:42 +00:00
Anutosh Bhat	d92e16526f	Added appropriate logging levels to log.Info() calls wherever necessary (#4341 ) * Added appropriate logging levels to log.Info() calls wherever necessary Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Changed logging levels to 2 Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-18 13:24:59 +00:00
Dylan Shepard	d10f9d1b5a	trivial typo update (#4291 ) Signed-off-by: Dylan Shepard <dylan@shepard.dev>	2022-08-03 04:28:06 +00:00
Jim Bugwadia	943c3a1929	use failurePolicy to block or allow requests, on policy errors (#4183 ) * use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 20:24:02 +05:30
Guilhem Lettron	96999f8995	fix: use only 1 kubernetes client (#4256 ) Signed-off-by: Guilhem Lettron <guilhem@barpilot.io> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-25 13:49:51 +08:00
Prateek Pandey	3f1997c0e8	fix split policyreport name with background scan (#4237 ) - fix split policyreport name with background scan - fix the label selector initialising - refactor the generatePolicyName func Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-07-21 14:31:42 +05:30
Charles-Edouard Brétéché	dae3dad027	refactor: used typed admission request in ur (#4022 ) * refactor: add policy event listener in ur controller (#4012) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit `cd1fa030ee`) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Handle the error properly Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2022-05-29 07:27:14 +00:00
Charles-Edouard Brétéché	88f769cb39	fix: init container gr copy (#3995 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-23 17:57:19 +02:00
Charles-Edouard Brétéché	1936d86623	fix: move ur controller filtering in reconciler (#3964 ) * fix: move ur controller filtering in reconciler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: mark ur retry on conflict Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: test data Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add filter back in update ur handler Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: added some logs about attempts and increased backoff Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: reconciliation logic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: Test_Generate_Synchronize_Flag Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: small nits Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-20 00:06:56 +08:00
Charles-Edouard Brétéché	5243763674	chore: make dclient import aliases consistent (#3951 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché	666bcb3c15	chore: make k8s api import aliases consistent (#3950 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché	5aaf2d8770	chore: make kyverno api import aliases consistent (#3939 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	8f825bb040	refactor: remove deployment hash on certs secrets (#3886 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 16:58:14 +02:00
Charles-Edouard Brétéché	c2602d8181	refactor: cleanup tls package (#3854 ) * refactor: init certs with certs renewer directly Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: cleanup tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché	2064a69b8a	refactor: make config vars private (#3823 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché	bfc4290285	chore: enable more linters (#3862 ) * chore: enable deadcode and unused linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: enable more linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 21:20:04 +05:30
Charles-Edouard Brétéché	cea7a7e11e	fix: golangci-lint warnings in cmd (#3843 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-09 16:55:35 +00:00
Charles-Edouard Brétéché	4d08354498	fix: remove kubeconfig (#3802 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-05 10:12:43 +00:00
Prateek Nandle	5be6a4e2b0	removed kubeconfig flags (#3744 ) Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-04 21:11:21 +02:00
Charles-Edouard Brétéché	0a783bdc7d	chore: remove useless util NewKubeClient (#3795 )	2022-05-04 13:14:17 +01:00
Charles-Edouard Brétéché	52d1b642d6	refactor: dclient package logger (#3778 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 08:24:30 +00:00
Charles-Edouard Brétéché	c79223393b	refactor: dclient package (#3775 ) * refactor: replace clientset by inteface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: dclient package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché	6e07acdd87	refactor: replace clientset by inteface (#3774 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 20:30:07 +00:00
Charles-Edouard Brétéché	80abda568e	fix: logger call depth (#3759 ) Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-02 15:49:39 +00:00
Jim Bugwadia	e92623b015	Use inclusive language (#3738 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-29 17:29:18 +01:00
shuting	a4815f77c4	Convert GenerateRequest to UpdateRequest for backward compatibility (#3730 ) - Remove GenerateRequest Informer - Rename GenerateRequest to UpdateRequest in logs and vars - Fix initContainer leader election - Convert GenerateRequest to UpdateRequest in initContainer - Remove unused methods - Add printer column ruleType to UR Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-04-29 16:35:49 +05:30
Charles-Edouard Brétéché	a6924a11ab	refactor: use typed k8s client in tls package (#3678 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-26 20:18:14 +00:00
Charles-Edouard Brétéché	c97af0094f	refactor: config package logger (#3683 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-26 21:55:24 +02:00
Charles-Edouard Brétéché	fe0ad3c68f	refactor: add os utils sub package (#3528 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-01 06:59:44 +00:00
Charles-Edouard Brétéché	5816144912	feat: use IsReady method (#3426 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-21 09:18:54 +00:00
Kumar Mallikarjuna	037a320fba	Added TLS annotation check in the initContainer (#2956 ) * Added TLS annotation check in the initContainer Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor annotation addition code Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Strict error reporting Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error handling for Secrets Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated error conditions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update for nil error Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-11 08:47:24 +00:00
Frank Jogeleit	abb5bd2947	Add SelectorLabel to (Cluster)PolicyReporter resources (#2841 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-17 05:03:52 +00:00
Sebastian Widmer	80664d339f	Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797 ) * Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits. Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Return error if QPS is higher than max value of float32 Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-12-08 14:03:07 +01:00
Kumar Mallikarjuna	254be4c1d3	Leader Election for initContainer (#2489 ) * Local build Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Leader Election for initContainer Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Lease deletion Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Use wrc client Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * log error out Signed-off-by: ShutingZhao <shutting06@gmail.com> Co-authored-by: ShutingZhao <shutting06@gmail.com>	2021-10-06 16:12:07 -07:00
treydock	b460490984	Improve init container to use DeleteCollection to remove policy reports (#2477 ) * Improve init container to use DeleteCollection to remove policy reports Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Do not use go routine for each namespace Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-10-06 11:25:38 -07:00
Vineeth Reddy	6d2cb87370	change min support kubernetes version to 1.16 for kyverno 1.4 (#1935 ) * change min support kubernetes version to 1.16 for kyverno 1.4 Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * migrate deployment to apps/v1 Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>	2021-06-08 13:14:28 -07:00
shuting	c816cf3d69	Add certificate renewer in webhook registration controller (#1692 ) * load TLS pair from existing secret, if applicable Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove Kyverno managed secrets during shutdown Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add certificate renewer; - re-structure certificate package Signed-off-by: Shuting Zhao <shutting06@gmail.com> * commit un-saved file Signed-off-by: Shuting Zhao <shutting06@gmail.com> * eliminate throttling requests while registering webhook configs Signed-off-by: Shuting Zhao <shutting06@gmail.com> * disable webhook monitor (in old pod) during rolling update Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove webhook cleanup logic from init container Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update PR template Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update link to the website repo Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update repo name Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-16 11:31:04 -07:00
shuting	2f2d6c2e38	Upgrade client libraries to 0.20.2 (#1547 ) * upgrade clients to 0.20.2 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove debug log Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix e2e test Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-02-07 20:26:56 -08:00
Jim Bugwadia	05da4190f8	handle discovery errors for metrics API group (#1494 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-01-24 11:34:02 -08:00
shuting	62a4a3a7da	Reduce throttling - skip sending API request for filtered resources (#1489 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-21 18:58:53 -08:00
shuting	35aa3149c8	Remove lock embedded in CRD controller, use concurrent map to store shcemas (#1441 )	2021-01-04 23:17:17 -08:00

1 2

73 commits