mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
3348 commits 17 branches 550 tags 289 MiB
Commit graph

141 commits

Author SHA1 Message Date
Valentin Velkov
63f4c9a884
Configurable success events on policies & resources. Generating failure events on policies by default. (#1939) 
* Remove unused event.Reason const

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Generate failure events on policies

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Generate success events on policy

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Introduce 'generateSuccessEvents' flag

Signed-off-by: Velkov <valentin.velkov@sap.com>

* Unit tests & chart fix

Signed-off-by: Velkov <valentin.velkov@sap.com>
 2021-06-29 14:43:11 -07:00
Arsh Sharma
fbc80cdfae
adding support for multiple names in match and exclude blocks (#2010) 
* add names in rd struct

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added checking logic

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* updated yamls

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* wip: fix empty set problem

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* working with exclude

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fixing name and names

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added error if both name and names are specified

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added tests

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* changed empty set logic, fixed whitespaces and comments

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fix match and exclude bug

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-28 22:31:22 -07:00
Shuting Zhao
f9a89c4672 tag v1.4.1 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-24 15:13:15 -07:00
treydock
f1491fe6d3
Allow metrics service annotations to be defined separate from main service (#1988) 
* Allow metrics service annotations to be defined separate from main service

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Add test for metrics during Helm deployment testing

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Make services separate for kustomize

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Run 'make kustomize-crd'

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix e2e tests for metrics

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix Helm chart for metrics service

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix helm chart testing

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-06-10 13:53:29 -07:00
shuting
e9a972a362
feat: HA (#1931) 
* Fix Dev setup

* webhook monitor - start webhook monitor in main process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leaderelection

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* - add isLeader; - update to use configmap lock

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add initialization method - add methods to get attributes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove newContext in runLeaderElection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to GenerateController

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add leader election to generate cleanup controller

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Gracefully drain request

* HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920)

* enable leader election for webhook register

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* extract certManager to its own process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* leader election for cert manager

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* certManager - init certs by the leader

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy report controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* rebuild leader election config

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start informers in leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start policy informers in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* enable leader election in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* move eventHandler to the leader election start method

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add clusterrole leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixed generate flow (#1936)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* - init separate kubeclient for leaderelection - fix webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup Kyverno managed resources on stopLeading

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* tag v1.4.0-beta1

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix cleanup process on Kyverno stops

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* bump kind to 0.11.0, k8s v1.21 (#1980)

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
Co-authored-by: vyankatesh <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
 2021-06-08 12:37:19 -07:00
shuting
1412c1f84e
- update version to v1.3.6; - split Kustomization manifests; - revert release/install.yaml (#1945) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-01 21:58:37 -07:00
Shuting Zhao
dfaf675185 tag v1.3.6-rc2 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-07 12:15:57 -07:00
Nicolas Lamirault
9bdde7abea
Resources for initContainers (#1871) 
* Add: resources for initContainers

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: increase memory limit for init container

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: init container resources

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: kustomize CRD

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-05-07 09:53:00 -07:00
shuting
9dab21619f
Match endpoint to the exact Kyverno Pod's IP (#1787) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* match endpoint ip with the exact pod ip

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add tag "app.kubernetes.io/name"; - reduce throttling requests when deletes webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add [SelfSubjectAccessReview,*,*] to resource filters

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-12 20:29:51 -07:00
shuting
f3ca1d78f1
Fix log message (#1779) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-08 12:10:30 -07:00
Vyankatesh Kudtarkar
3ab75095b7
remove permission (#1758) 
* remove permission

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* remove duplicate resource

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-04-02 11:22:59 -07:00
Yuto Takahashi
e2cb30e752
Allow generatecontroller to handle Roles (#1739) 
* Allow generateoperator to handle Roles

Signed-off-by: Yuto Takahashi <ytaka23dev@gmail.com>

* Restore the releasable manifest

Signed-off-by: Yuto Takahashi <ytaka23dev@gmail.com>
 2021-03-29 22:48:41 -07:00
Arsh Sharma
ccfe8c443c
fix: added details regarding match.resources (#1654) 
* fix: added details regarding match.resources

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: made revisions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: removed if not statement

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-03-03 11:22:45 -08:00
Yashvardhan Kukreja
10c714d5ba
feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 20:31:06 -08:00
Arsh Sharma
da8e449d3c
fix: removed validator (#1646) 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-26 11:27:21 -08:00
Arsh Sharma
a0d28f0b16
fix: list operators in deny conditions (#1641) 
* fix: list operators in deny conditions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: regenerated YAMLs

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-25 19:13:35 -08:00
Shuting Zhao
77a94fda6b add "watch" to cluster role kyverno:policycontroller 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 17:35:35 -08:00
Shuting Zhao
a00d9b1cc9 release v1.3.2-rc2 2021-02-03 14:19:46 -08:00
Jim Bugwadia
ba9d003774
update APICall docs (#1534) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-03 13:10:02 -08:00
Jim Bugwadia
e8e3b93a5f
api server lookups (#1514) 
* initial commit for api server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial commit for API server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)

* Dockerfile refactored

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Adding non-root commands to docker images and enhanced the dockerfiles

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing base image to scratch

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Minor typo fix

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing dockerfiles to use /etc/passwd to use non-root user'

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert cli image name (#1507)

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)

* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix merge issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add nil check for API client

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2021-02-01 12:59:13 -08:00
Shuting Zhao
7d8c404922 generate 1.3.2-rc1 2021-01-24 21:06:30 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
Shuting Zhao
8b1d84f32c increase memory limit to 256 Mi 2020-12-15 17:55:01 -08:00
Jim Bugwadia
8f5795725b update CRDs 2020-12-14 02:56:21 -08:00
Shuting Zhao
d8d90235f3 tag v1.3.0-rc7 2020-12-07 12:32:04 -08:00
Jim Bugwadia
981bb1cf2d update CRDs 2020-12-02 12:26:59 -08:00
Jim Bugwadia
76b6974fc2 update CRD docs 2020-12-01 23:19:08 -08:00
Shuting Zhao
921cb67a9e tag v1.3.0-rc6 2020-12-01 12:52:46 -08:00
shuting
370828afec
Fix typo, add short names (#1344) 
* fix typo

* add short names for report change request
 2020-11-30 23:26:49 -08:00
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2020-11-30 11:22:20 -08:00
Jim Bugwadia
2aeb5aa982 validate conditiona.operator as enum 2020-11-29 00:37:36 -08:00
Shuting Zhao
1d512d7068 remove clusterrole/binding kyverno:policyviolations 2020-11-19 14:51:42 -08:00
Shuting Zhao
a542c937ab remove duplicate clusterroles 2020-11-19 14:22:54 -08:00
Shuting Zhao
4be7528604 - reverse tag removal changes; - remove defaults 2020-11-18 17:36:06 -08:00
Shuting Zhao
c23c318052 remove tags 2020-11-18 17:16:47 -08:00
Shuting Zhao
8acc302336 remove default tag 2020-11-18 17:00:26 -08:00
Shuting Zhao
010c97f3ab remove background default tag 2020-11-18 16:46:08 -08:00
Shuting Zhao
168bb21093 add optional tag to gr.status 2020-11-18 15:07:12 -08:00
Shuting Zhao
2d8092d97c fixes https://github.com/kyverno/kyverno/issues/1238 2020-11-18 14:31:43 -08:00
Shuting Zhao
50c72e871f - add status to gr; - add printer column to gr 2020-11-18 12:07:25 -08:00
NoSkillGirl
5794889752 Merge branch 'main' into policyreport_cli 2020-11-18 14:43:30 +05:30
Shuting Zhao
9d7c304ffe update clusterpolicy description 2020-11-16 11:47:16 -08:00
Shuting Zhao
1e00ef27d0 update crd manifests 2020-11-15 22:47:55 -08:00
Shuting Zhao
365dd6e408 update kyverno crd types.go 2020-11-13 16:02:44 -08:00
Shuting Zhao
047b2b8739 update types.go to generate schema 2020-11-12 19:48:39 -08:00
Shuting Zhao
58bc63e1ad remove policy violation from types.go 2020-11-11 15:50:17 -08:00
Shuting Zhao
2292bf860b update policyreport group to wgpolicyk8s.io 2020-11-11 15:09:07 -08:00
NoSkillGirl
acc34fbf0a Merge commit 2020-11-10 10:49:29 +05:30
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Shuting Zhao
b14174e51b refine description 2020-11-03 17:18:51 -08:00