* initial commit for api server lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* initial commit for API server lookups
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)
* Dockerfile refactored
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* Adding non-root commands to docker images and enhanced the dockerfiles
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* changing base image to scratch
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* Minor typo fix
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* changing dockerfiles to use /etc/passwd to use non-root user'
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* minor typo
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
* minor typo
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* revert cli image name (#1507)
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)
* skip sending API request for filtered resource
* fix PR comment
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fixes https://github.com/kyverno/kyverno/issues/1490
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix bug - namespace is not returned properly
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* reduce throttling - list resource using lister
* refactor resource cache
* fix test
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix label selector
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
* fix build failure
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix merge issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix unit test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add nil check for API client
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
* store policy names cache to reduce lookup time
* add validate audit handler
* fix#958, remove auto-gen annotation on Pod
* formatting code
* update processTime to readable format
* #586, add back unit test
* update logging info
* remove unused interface
* handle generate policy in a single thread in weboook
* resolve pr comments
* - support wildcards for namespaces
* do not annotate resource, unless policy is an autogen policy
* close HTTP body
* improve messages
* remove policy store
Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.
We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.
* handle wildcard namespaces in background processing
* fix unit tests 1) remove platform dependent path usage 2) remove policy store
* add test case for mutate with wildcard namespaces
