kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
shuting	6c88cf5ee1	release 1.11.4 (#9453 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-19 10:08:00 +00:00
shuting	e59ddbdd96	update bitnami/kubectl (#9408 ) (#9452 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-19 09:28:17 +00:00
shuting	e3ea068dff	bump libs (#9411 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-16 10:22:23 +00:00
shuting	1612b21e6a	release 1.11.3 (#9346 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-05 09:58:56 +00:00
Vishal Choudhary	8a13ec1bba	fix: update CLI to use store for fetching regclient (#9345 ) * fix: update CLI to use store for fetching regclient Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: nil Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: pass the rclient Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-01-05 08:44:39 +00:00
gcp-cherry-pick-bot[bot]	42a6b4b545	fix: non-trigger resources should be skipped for background policies regardless of `skipBackgroundRequests` settings (#9333 ) (#9337 ) * fix skip checks * fix: skip request for non-triggers * add missing files * fix: empty policy --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-04 11:24:23 +00:00
gcp-cherry-pick-bot[bot]	5f9ed6f0f8	Add Chainsaw Test for Conditional Anchor (#9295 ) (#9304 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-28 13:16:31 +00:00
shuting	ccb05b3a7d	release 1.11.2 (#9302 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-28 09:31:35 +00:00
shuting	12c9c016a8	fix(cli): handle excluded resources as pass (cherry-pick #9274 ) (#9300 ) * fix(cli): handle excluded resources as pass (#9274) * fix(cli): handle excluded resources as pass Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test: add cli test for exclude Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * cherry-pick #9274 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Khaled Emara <khaled.emara@nirmata.com>	2023-12-28 08:50:51 +00:00
Charles-Edouard Brétéché	e50ed6fb9c	feat: add deprecation warnings in the CLI (#9222 ) (#9294 )	2023-12-27 10:39:45 +00:00
Mariam Fahmy	c87c7b3f9b	fix: updaterequests stuck in pending/fail infinite loop (cherry-pick #9119 ) (#9293 ) * fix: updaterequests stuck in pending/fail infinite loop Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: prevent creating URs upon DELETE unless it is specified Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix chainsaw test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add kuttl test Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-27 10:06:26 +00:00
Mariam Fahmy	a6f121cb6f	chore: update chart.yaml with the changes (#9292 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-27 09:35:45 +00:00
shuting	e809755f30	cherry-picj #9151 (#9291 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: raffis <raffael.sahli@doodle.com>	2023-12-27 09:04:36 +00:00
gcp-cherry-pick-bot[bot]	8b117276cd	Support more signature algorithms (#9102 ) (#9289 ) * Support more signature algorithms * Fix codegen * Fail loudly for unsupported algorithm * Fix codegen * Fix more --------- Signed-off-by: Hongxin Liang <honnix@users.noreply.github.com> Co-authored-by: Honnix <honnix@users.noreply.github.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-27 08:34:16 +00:00
gcp-cherry-pick-bot[bot]	0306c3fd7c	fix: large table row ID number format in CLI (#9281 ) (#9287 ) Co-authored-by: hhsel <26063868+hhsel@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-27 06:03:48 +00:00
gcp-cherry-pick-bot[bot]	3501cde249	fix: remove skip increment when resource not found in cli apply (#9282 ) (#9284 ) * fix: remove skip increment when resource not found in cli apply * fix test --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:26:44 +01:00
Vishal Choudhary	41e7bd40a8	chore: disable policy library kuttl tests in 1.11 (#9259 ) * chore: disable policy library kuttl tests in 1.11 Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: delete policy-lib test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-26 06:19:06 +00:00
gcp-cherry-pick-bot[bot]	92028dfd9b	fix: use http.MaxBytesReader instead of content length for API Calls (#9265 ) (#9268 ) * fix: use http.MaxBytesReader instead of content length for API Calls * feat: add unit tests * feat: added test for chunked transfer --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-26 04:28:21 +00:00
gcp-cherry-pick-bot[bot]	98f2162413	Add imagePullSecrets to post-upgrade job (#9264 ) (#9273 ) Signed-off-by: Frank Wittig <frank@e5k.de> Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Frank Wittig <frank@e5k.de> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-24 18:27:38 +00:00
shuting	a0520b53ff	release v1.11.2-rc.1 (#9252 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-22 11:33:20 +00:00
Vishal Choudhary	9a49735ea8	chore: bump k8s to 1.29 stable (release 1.11) (#9257 ) * chore: bump k8s to 1.29 stable (release 1.11) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: lint Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>	2023-12-22 18:55:07 +08:00
Mariam Fahmy	88d1818bb3	fix: convert chainsaw tests to kuttl (#9242 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-22 09:21:07 +00:00
Vishal Choudhary	83a0e05b28	fix: bump k8s to 0.29-alpha.3 and add support for fips endpoints in AWS authentication (cherry-pick: #9233 ) (#9244 ) * fix: add support for fips endpoints in AWS authentication (cherry-pick: #9233) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: bump k8s to 0.29 Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: lint Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-22 07:37:38 +00:00
gcp-cherry-pick-bot[bot]	373e828f34	fix launch.json (#9239 ) (#9245 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-21 21:02:00 +00:00
shuting	0c000eb8ee	cherry-pick #9230 (#9234 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-12-20 17:16:09 +00:00
gcp-cherry-pick-bot[bot]	71f7a67b6e	fix: add chainsaw test for mutate existing (#9210 ) (#9221 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-20 13:30:09 +08:00
gcp-cherry-pick-bot[bot]	69f52b9879	fix: add `skipBackgoundRequests` to configure loop protection option (#9157 ) (#9207 ) * fix typo * add new attribute skipBackgroundRequests * move to per rule config * check flag * clean up * update docs * fix logger * add retryCount to ur.status * add chainsaw tests --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-19 10:51:47 +00:00
gcp-cherry-pick-bot[bot]	95364ca438	fix: limit the trigger name to a maximum of 63 characters for mutate existing rules (#9162 ) (#9195 ) * fix: limit the trigger name to a maximum of 63 characters for mutate existing rules * fix chainsaw test --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-18 20:54:31 +00:00
gcp-cherry-pick-bot[bot]	8cca8c5243	fix: enable additional report printers by default (#9194 ) (#9196 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-18 18:17:00 +00:00
gcp-cherry-pick-bot[bot]	91acdb373b	improve messages (#9168 ) (#9169 ) * improve messages * fix typo --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-12-18 05:09:29 +00:00
Mariam Fahmy	c073f7c2ba	fix: add tolerations and affinity to the post-upgrate hook (#9156 ) (#9164 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-15 09:00:51 -05:00
gcp-cherry-pick-bot[bot]	d3d0eb354f	fix: allow changes to preexisting resource in violation of a policy in Enforce (#9027 ) (#9139 ) * fix: allow changes to preexisting resource in violation of a policy in Enforce * fix: missing error check * fix: tests * nit: cleanup * fix * fix: update old policy context * fix: preconditions always retured true internal.CheckPreconditions always returned true when v.anyAllConditions, it should be populated with rule.RawAnyAllConditions when newValidator() is used to create a validator * fix: fix chainsaw test * fix: nit * debug * feat: update test * fix: add namespace * feat: add test for bad to good conversion * feat: add test step --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-12 09:54:45 +00:00
treydock	52526f8425	(cherry-pick) Fix Helm chart to not error when replicas defined (#9066 ) (#9073 ) Fixes #8941 Cherry pick from main PR didn't work Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-12-04 22:09:28 +08:00
gcp-cherry-pick-bot[bot]	c146c5731c	fix: add nodeSelector to the reports cleanup helm hook (#9065 ) (#9069 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-04 07:28:16 +00:00
gcp-cherry-pick-bot[bot]	e7b463a41e	fix: ttl cleanup not working with cluster wide resources (#9060 ) (#9063 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-03 00:11:52 +00:00
shuting	afe740a42a	release 1.11.1 (#9039 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-11-28 15:08:54 +00:00
gcp-cherry-pick-bot[bot]	5b18a4bc46	fix: cleanup older policy reports (#9026 ) (#9035 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-28 19:37:36 +08:00
Mariam Fahmy	697188dfa1	fix: use validate.message in case there is no message associated with the CEL expression (#9025 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 11:06:52 +00:00
gcp-cherry-pick-bot[bot]	6883e7c031	Remove var check (#8990 ) (#9024 ) * fix excessive logs * remove variable check --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-27 10:37:36 +00:00
Mariam Fahmy	a08cb71deb	fix: use the default namespace in case --namespace isn't set in kyverno create exception (#9022 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 18:04:20 +08:00
Mariam Fahmy	9906505ee5	fix: remove the additional dash in kyverno create exception (#9021 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 09:30:09 +00:00
Mariam Fahmy	925f80d4c2	fix: use v2beta1 version of exceptions in kyverno create CLI (#9020 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 09:02:00 +00:00
gcp-cherry-pick-bot[bot]	3aa662accc	fix: delete VAPs in case Kyverno policies can't be translated (#8887 ) (#9019 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-11-27 07:15:45 +00:00
gcp-cherry-pick-bot[bot]	53fa22bc74	fix: block mutation only when failurePolicy is set to fail (#8952 ) (#8986 ) * fix: only block mutation when failurePolicy is set to fail * feat: kuttl test * fix: add else check * fix: update defaulting ns label policy's failure policy to be fail based on readme, this test has nothing to do with failurePolicy and resource should not be blocked in case of ignore failurePolicy * fix: there is another * fix: update policy * nit * feat: add logs * Update pkg/webhooks/resource/mutation/mutation.go --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2023-11-22 17:30:15 +00:00
gcp-cherry-pick-bot[bot]	c86039d460	fix: update KeysAreMissing() to ignore negations in resource (#8953 ) (#8982 ) * fix: update KeysAreMissing() to ignore negations in resource KeysAreMissing() checks if a key is missing in a resource, since a negation should not be present in the resource, it should not count as a missing key * feat: add tests * fix: pod is supposed to fail --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>	2023-11-22 13:53:00 +00:00
gcp-cherry-pick-bot[bot]	26c89504bc	feat: add checks for max response size in API Call (#8957 ) (#8971 ) * feat: add checks for max response size in API Call GET request * fix: tests * fix: added changes suggested by jim * cleanup --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-11-21 11:18:12 +00:00
gcp-cherry-pick-bot[bot]	3093210d4d	Revert "fix(chart): only create ServiceMonitor if cluster supports it (#7926 )" (#8913 ) (#8931 ) This reverts commit `590dce5830`. This will ensure servicemonitor can be enabled with ArgoCD which doesn't support querying API capabilities Fixes #8891 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-16 16:12:23 +00:00
gcp-cherry-pick-bot[bot]	c6050e2a28	correct typo in README for Kyverno 1.10+ (#8911 ) (#8927 ) Signed-off-by: Peter Jakubis <balonik32@gmail.com> Co-authored-by: Peter Jakubis <balonik@users.noreply.github.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2023-11-16 13:22:11 +00:00
gcp-cherry-pick-bot[bot]	68e60ffc72	Add policyKind option to kyverno-policies chart (#8827 ) (#8923 ) Fixes #4317 #8568 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com>	2023-11-16 18:14:36 +08:00
Vishal Choudhary	c9f802e87f	chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0 (#8893 ) (#8897 ) * chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0 * feat: bump other otel deps --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-11-13 15:26:37 +00:00

1 2 3 4 5 ...

6672 commits