1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

949 commits

Author SHA1 Message Date
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341)
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2020-11-30 11:22:20 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor (#1318)
* update webhook registration and monitor

* update log

* fix test

* improve logs

* improve logs

* format changes

* decrease interval for webhook config checks
2020-11-26 16:07:06 -08:00
Shuting Zhao
2292bf860b update policyreport group to wgpolicyk8s.io 2020-11-11 15:09:07 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229)
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 11:26:12 -08:00
Jim Bugwadia
48b98bd17b
allow text after patch versions (#1230) 2020-11-02 22:14:36 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Mohan B E
51ac382c6c
Feature/configmaps var 724 (#1118)
* added configmap data substitution for foreground mutate and validate

* added configmap data substitution for foreground mutate and validate fmt

* added configmap lookup for background

* added comments to resource cache

* added configmap data lookup in preConditions

* added parse strings in In operator and configmap lookup docs

* added configmap lookup docs

* modified configmap lookup docs
2020-09-22 14:11:49 -07:00
Yuvraj
b7524467a3
Reconcile Generate request on policy update (#1096)
* policy report crd added

* added namespaced rule

* remove extra field from crd

* revert crd change

* remove policy report chnages

* remove policy report chnages

* remove policy report chnages

* remove policy report chnages

* added logic for gr

* revert changes

* fixed generate rules

* fixed generate rules

* fixed generate rules

* fixed generate rules

* remove extra logs

* remove extra logs

* fixed e2e test

* remove extra logs

* crd issue resolved

* added check for sync

* add labels update

* add label update

* added permission to role

* roles added to helm

* roles added to helm
2020-09-03 14:34:23 -07:00
NoSkillGirl
afc340ea5f removed todo 2020-09-01 08:41:59 +05:30
NoSkillGirl
b61412ca7a minor validation changes 2020-08-31 18:18:10 +05:30
Yuvraj
b648c2edd6
Events take several minutes to show on the resource (#1083)
* git action added

* changed retry method

* remove time method

* increase worker for event generator
2020-08-26 14:28:34 +05:30
NoSkillGirl
afe98bb93c Added set flag 2020-08-22 01:07:03 +05:30
Yuvraj
06148a58c5
cli docker images added (#1073)
* cli docker images added

* cli docker images added
2020-08-21 09:45:04 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058)
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
2020-08-19 09:07:23 -07:00
shuting
d6062fdd47
Add go fmt (#1055)
* remove empty flag

* format code

* revert change in install.yaml
2020-08-14 12:21:06 -07:00
Yuvraj
73840e3c5f
configrable rules added (#1017)
* configrable rules added

* fix exclude group logic from code

* flag added in yaml

* exclude username added

* exclude username added

* config interface implimented

* configure exclude username

* get role ref

* test case fixed

* panic fix

* move from interface to slice

* exclude added in mutate

* trim strings

* configmap changes added

* kustomize changes for configmap

* k8s resources added
2020-08-07 17:09:24 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028)
* apiVersion support for generate

* added apiVersion to crds
2020-08-07 09:47:33 +05:30
evalsocket
26ae7e2052 merge master changes 2020-07-10 15:25:05 -07:00
evalsocket
014db64ed2 validation added for deny request for generated resource 2020-07-10 11:48:27 -07:00
shuting
87fa77fbcc
965 add validate audit handler (#967)
* store policy names cache to reduce lookup time

* add validate audit handler

* fix #958, remove auto-gen annotation on Pod

* formatting code

* update processTime to readable format

* #586, add back unit test

* update logging info

* remove unused interface

* handle generate policy in a single thread in weboook

* resolve pr comments
2020-07-09 11:48:34 -07:00
shuting
ed52bd3d9f
Add policy cache based on policyType (#960)
* add policy cache based on policyType

* fetch policy from cache in webhook

* add unit test for policy cache

* update log for exclude resources filter

* skip webhook mutation on DELETE operation

* remove duplicate k8s version check

* add description
2020-07-02 12:49:10 -07:00
Shuting Zhao
2550f4c86d - enable profiling; - update install.yaml 2020-06-02 16:50:51 -07:00
Jim Bugwadia
5cdcbec3c9
Bugfix/1.1.6 adjust resync and cleanup unused (#884)
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces

* adjust all resync periods

* remove unused data fields

* add pattern for match
2020-05-27 19:51:34 -07:00
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces (#871)
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* remove policy store

Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.

We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.

* handle wildcard namespaces in background processing

* fix unit tests 1) remove platform dependent path usage 2) remove policy store

* add test case for mutate with wildcard namespaces
2020-05-26 10:36:56 -07:00
Shuting Zhao
74387d2ee4 Fix CI 2020-05-18 20:10:30 -07:00
Yuvraj
277402ba4c
Feature - Add checks for k8s version when Kyverno starts (#831)
* Added k8s version check for mutating and validating'

* version check adde

* middelware added

* formate

* Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check

* Fixed test cases

* Removed log

* Update kubernetes version check

* Added check for mutate and validate

* Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14

* Update return object AdmissionResponse

* fixed condition for skiping mutation

* Handle condition for skip feature in case of kubernetes version 1.14.2
2020-05-18 17:00:52 -07:00
Jim Bugwadia
573eb9cf13 increase worker count for policyController 2020-05-17 14:48:17 -07:00
Jim Bugwadia
bc37d27de6 remove unnecessary comments and reduce cache resync intervals 2020-05-17 09:51:18 -07:00
shravan
20b161a270 765 resolved merge conflicts 2020-03-29 09:09:26 +05:30
shravan
91223deae2 754 resolved merge conflicts 2020-03-28 16:43:19 +05:30
shravan
b5af456f64 Revert "754 merge conflicts"
This reverts commit 39f75db435.
2020-03-28 16:36:19 +05:30
shravan
39f75db435 754 merge conflicts 2020-03-28 16:30:18 +05:30
shravan
6efe0252a3 765 save commit 2020-03-27 19:06:06 +05:30
shravan
2443a9997d 754 crds can be immidiatly validate on startup - changed locks so as to not timeout requests 2020-03-25 02:00:30 +05:30
shivkumar dudhani
4320111c5c fix logs api 2020-03-20 11:43:21 -07:00
shivkumar dudhani
e6e5bbb603 Merge branch 'master' into access_check 2020-03-17 17:23:18 -07:00
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shuting
2768574a39
Merge pull request #737 from shravanshetty1/536_extend_cli_v3
#536 - kyverno CLI
2020-03-16 09:54:27 -07:00
shravan
892f8c7040 527 resolving merge conflicts 2020-03-13 10:01:50 +05:30
shravan
9656975b5a 527 renamed package and send listner instead of entire sync object 2020-03-07 12:53:37 +05:30
shravan
1fa88e0dd0 536 workin cli 2020-03-06 03:00:18 +05:30
shravan
888d2ae171 522 save commit 2020-03-04 19:16:26 +05:30
shravan
40e92ebacf 527 decoupling sender and reciever 2020-02-29 22:39:27 +05:30
shravan
053ccde6b8 527 stopCh changes 2020-02-29 17:19:00 +05:30
shravan
4c573bd3c7 527 ci fixes 2020-02-25 21:07:00 +05:30
shravan
d32cd9363e 527 save commit 2020-02-25 20:55:07 +05:30
shravan
36e775edb0 527 resolved merge conflicts 2020-02-24 20:19:28 +05:30
shravan
d080aa18ce 527 prototype changes to handle generate stats - also changes made to handle stats such as violation count and generated resources count - currently untested 2020-02-24 20:12:39 +05:30
shravan
d758a4ad45 527 added accurate violation Count 2020-02-23 23:24:18 +05:30
shravan
592df74c57 527 tested mutate needs further testing 2020-02-22 23:35:02 +05:30
shravan
a15a741cb4 527 save commit 2020-02-22 16:57:00 +05:30
shivkumar dudhani
14609ae7d9 remove cli(revert changes) 2020-02-20 15:27:10 -08:00
shivkumar dudhani
9b38289a84 remove openapi validation(manual revert) 2020-02-20 15:09:20 -08:00
shuting
cf59326c64
Merge pull request #701 from nirmata/700_bug
add kubernetes server version check
2020-02-18 10:01:30 -08:00
shravan
15656a0518 536 resolving merge conflicts 2020-02-15 22:32:42 +05:30
shravan
b5e5f3eeda 527 save commit 2020-02-15 16:38:59 +05:30
shivkumar dudhani
9ab92ecc0a fix build errors- fakeclient implementation 2020-02-14 18:20:12 -08:00
shivkumar dudhani
2687ffcbee add kubernetes server version check 2020-02-14 18:12:28 -08:00
shravan
1f0582baf3 Merge branch 'master' into 522_validate_policy_resource_data 2020-02-09 21:25:49 +05:30
shravan
f0a8b20668 253 resolving merge conflicts 2020-02-06 08:14:35 +05:30
Jim Bugwadia
a1b49f72a3
fix gofmt and golint issues (#667)
* fix gofmt and golint issues

* add keys to structs

* fix compile error

* fix clusterrolebinding creation

* fix test
2020-02-03 13:38:24 -08:00
shravan
c4a8efbd7b Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-29 14:34:15 +05:30
shravan
225bc8c584 536 enabling use as a kubectl plugin 2020-01-26 11:53:51 +05:30
shravan
78edfd2f7d Merge branch '522_validate_policy_resource_data' into 536_extend_cli 2020-01-25 17:57:16 +05:30
shravan
865eb57812 resolving merge conflicts 2020-01-25 16:38:12 +05:30
shravan
e1b9a13590 resolving merge conflicts 2020-01-25 14:55:36 +05:30
shravan
78cae242c5 522 restructured files 2020-01-25 14:53:12 +05:30
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655)
* cleanup phase 1

* linter fixes phase 2
2020-01-24 12:05:53 -08:00
shravan
81ea5ba157 253 fixing circle ci issues 2020-01-24 23:40:05 +05:30
shravan
1b707f10a0 522 added ability to override default openAPI document 2020-01-24 22:27:21 +05:30
shravan
79999c4948 extended cli 2020-01-17 00:05:15 +05:30
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
shuting
0f398e631d
Merge pull request #599 from nirmata/542_feature
flag to use FQDN as CommonName in CSR
2020-01-10 18:38:18 -08:00
shivkumar dudhani
1e5f871665 lowercase the cmdline arg 2020-01-08 16:40:19 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594)
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
2020-01-07 15:13:57 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587)
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
2020-01-07 10:33:28 -08:00
shivkumar dudhani
38dcb2e94f flag to use FQDN as CommonName in CSR 2020-01-06 16:12:53 -08:00
Shuting Zhao
dce1e0555a move helper to pkg/utils 2020-01-03 10:41:47 -08:00
Shuting Zhao
e466a8e1df gofmt 2020-01-02 19:46:02 -08:00
Shuting Zhao
b5192dc559 remove old crd namespacedpolicyviolation 2020-01-02 15:33:57 -08:00
Shivkumar Dudhani
3fa411e982
581 bug (#582)
* parse flag before using args

* update CI build script
2019-12-30 10:48:04 -08:00
Shivkumar Dudhani
39e08aa1fc
76 cache invalidate (#557)
* invalidate local cache of registererd resources

* update client in initContainer

* update message
2019-12-16 12:55:44 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
Shuting Zhao
a107ad7ac8 rename namespacedpolicyviolation: update codegen 2019-12-11 16:07:39 -08:00
Shuting Zhao
b2ad71cc5e remove channel, introduced a flag to indicate the webhook creation status 2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029 - move resourcewebhookregister to webhookconfig 2019-12-05 13:51:02 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
shivkumar dudhani
2476940ddf remove cluster and namespace PV controller 2019-11-26 18:21:09 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
shivkumar dudhani
0d4bbb5a38 refactor 2019-11-19 10:13:03 -08:00
shivkumar dudhani
40b685c9db merge with v1.1.0 2019-11-18 11:48:36 -08:00
shivkumar dudhani
3df71f6fea Merge branch 'v1.1.0' into 507_bug 2019-11-18 11:44:17 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501)
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
2019-11-18 11:41:37 -08:00
shuting
d9229b329b change logger to glog 2019-06-03 17:54:19 -07:00
shivdudhani
c205cca38b introduce glog, remove log.logger references 2019-05-30 12:28:56 -07:00
Jim Bugwadia
c4e6b42635 rename CLI folder 2019-05-22 20:53:27 -07:00
shuting
de83a16493 rename pkg to kyverno 2019-05-21 11:00:09 -07:00
shuting
ffe644f821 Support Mutate from command line 2019-05-20 13:02:55 -07:00