Jim Bugwadia
2344b2c305
1319 fix throttling ( #1341 )
...
* fix policy status and generate controller issues
* shorten ACTION column name
* update logs
Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2020-11-30 11:22:20 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor ( #1318 )
...
* update webhook registration and monitor
* update log
* fix test
* improve logs
* improve logs
* format changes
* decrease interval for webhook config checks
2020-11-26 16:07:06 -08:00
Shuting Zhao
2292bf860b
update policyreport group to wgpolicyk8s.io
2020-11-11 15:09:07 -08:00
shuting
5e07ecc5f3
Add Policy Report ( #1229 )
...
* add report in cli
* policy report crd added
* policy report added
* configmap added
* added jobs
* added jobs
* bug fixed
* added logic for cli
* common function added
* sub command added for policy report
* subcommand added for report
* common package changed
* configmap added
* added logic for kyverno cli
* added logic for jobs
* added logic for jobs
* added logic for jobs
* added logic for cli
* buf fix
* cli changes
* count bug fix
* docs added for command
* go fmt
* refactor codebase
* remove policy controller for policyreport
* policy report removed
* bug fixes
* bug fixes
* added job trigger if needed
* job deletation logic added
* build failed fix
* fixed e2e test
* remove hard coded variables
* packages adde
* improvment added in jobs sheduler
* policy report yaml added
* cronjob added
* small fixes
* remove background sync
* documentation added for report command
* remove extra log
* small improvement
* tested policy report
* revert hardcoded changes
* changes for demo
* demo changes
* resource aggrigation added
* More changes
* More changes
* - resolve PR comments; - refactor jobs controller
* set rbac for jobs
* add clean up in job controller
* add short names
* remove application scope for policyreport
* move job controller to policyreport
* add report logic in command apply
* - update policy report types; - upgrade k8s library; - update code gen
* temporarily comment out code to pass CI build
* generate / update policyreport to cluster
* add unit test for CLI report
* add test for apply - generate policy report
* fix unit test
* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest
* remove dependency
* add reportRequest / clusterReportRequest
* clean up policy report
* generate report request
* update crd clusterReportRequest
* - update json tag of report summary; - update definition manifests; - fix dclient creation
* aggregate reportRequest into policy report
* fix unit tests
* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report
* remove
* generate reportRequest in kyverno namespace
* update resource filter in helm chart
* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest
* generate policy report in background scan
* skip generating report change request if there's entry results
* fix results entry removal when policy / rule gets deleted
* rename apiversion from policy.kubernetes.io to policy.k8s.io
* update summary.* to lower case
* move reportChangeRequest to kyverno.io/v1alpha1
* remove policy report flag
* fix report update
* clean up policy violation CRD
* remove violation CRD from manifest
* clean up policy violation code - remove pvGenerator
* change severity fields to lower case
* update import library
* set report category
Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 11:26:12 -08:00
Jim Bugwadia
48b98bd17b
allow text after patch versions ( #1230 )
2020-11-02 22:14:36 -08:00
Shuting Zhao
cdc5190c56
update nirmata/kyverno to kyverno/kyverno
2020-10-07 11:12:31 -07:00
Mohan B E
51ac382c6c
Feature/configmaps var 724 ( #1118 )
...
* added configmap data substitution for foreground mutate and validate
* added configmap data substitution for foreground mutate and validate fmt
* added configmap lookup for background
* added comments to resource cache
* added configmap data lookup in preConditions
* added parse strings in In operator and configmap lookup docs
* added configmap lookup docs
* modified configmap lookup docs
2020-09-22 14:11:49 -07:00
Yuvraj
b7524467a3
Reconcile Generate request on policy update ( #1096 )
...
* policy report crd added
* added namespaced rule
* remove extra field from crd
* revert crd change
* remove policy report chnages
* remove policy report chnages
* remove policy report chnages
* remove policy report chnages
* added logic for gr
* revert changes
* fixed generate rules
* fixed generate rules
* fixed generate rules
* fixed generate rules
* remove extra logs
* remove extra logs
* fixed e2e test
* remove extra logs
* crd issue resolved
* added check for sync
* add labels update
* add label update
* added permission to role
* roles added to helm
* roles added to helm
2020-09-03 14:34:23 -07:00
NoSkillGirl
afc340ea5f
removed todo
2020-09-01 08:41:59 +05:30
NoSkillGirl
b61412ca7a
minor validation changes
2020-08-31 18:18:10 +05:30
Yuvraj
b648c2edd6
Events take several minutes to show on the resource ( #1083 )
...
* git action added
* changed retry method
* remove time method
* increase worker for event generator
2020-08-26 14:28:34 +05:30
NoSkillGirl
afe98bb93c
Added set flag
2020-08-22 01:07:03 +05:30
Yuvraj
06148a58c5
cli docker images added ( #1073 )
...
* cli docker images added
* cli docker images added
2020-08-21 09:45:04 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 ( #1058 )
...
* namespaced policy crd and cache
* modified main.go
* removed kyverno
* implemented policy violation generator for namespaced policy on audit
* modified cache
* added validation for cluster resource types
* install.yaml
* install.yaml
* removed namespaces from crd and refactored code
* modified NamespacePolicy to Policy
* added ClusterRole aggregate for policies
* modified clusterrole
2020-08-19 09:07:23 -07:00
shuting
d6062fdd47
Add go fmt ( #1055 )
...
* remove empty flag
* format code
* revert change in install.yaml
2020-08-14 12:21:06 -07:00
Yuvraj
73840e3c5f
configrable rules added ( #1017 )
...
* configrable rules added
* fix exclude group logic from code
* flag added in yaml
* exclude username added
* exclude username added
* config interface implimented
* configure exclude username
* get role ref
* test case fixed
* panic fix
* move from interface to slice
* exclude added in mutate
* trim strings
* configmap changes added
* kustomize changes for configmap
* k8s resources added
2020-08-07 17:09:24 -07:00
Mohan B E
a14828246d
Feature/api version 852 ( #1028 )
...
* apiVersion support for generate
* added apiVersion to crds
2020-08-07 09:47:33 +05:30
evalsocket
26ae7e2052
merge master changes
2020-07-10 15:25:05 -07:00
evalsocket
014db64ed2
validation added for deny request for generated resource
2020-07-10 11:48:27 -07:00
shuting
87fa77fbcc
965 add validate audit handler ( #967 )
...
* store policy names cache to reduce lookup time
* add validate audit handler
* fix #958 , remove auto-gen annotation on Pod
* formatting code
* update processTime to readable format
* #586 , add back unit test
* update logging info
* remove unused interface
* handle generate policy in a single thread in weboook
* resolve pr comments
2020-07-09 11:48:34 -07:00
shuting
ed52bd3d9f
Add policy cache based on policyType ( #960 )
...
* add policy cache based on policyType
* fetch policy from cache in webhook
* add unit test for policy cache
* update log for exclude resources filter
* skip webhook mutation on DELETE operation
* remove duplicate k8s version check
* add description
2020-07-02 12:49:10 -07:00
Shuting Zhao
2550f4c86d
- enable profiling; - update install.yaml
2020-06-02 16:50:51 -07:00
Jim Bugwadia
5cdcbec3c9
Bugfix/1.1.6 adjust resync and cleanup unused ( #884 )
...
* - support wildcards for namespaces
* do not annotate resource, unless policy is an autogen policy
* close HTTP body
* improve messages
* remove policy store
Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.
We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.
* handle wildcard namespaces in background processing
* fix unit tests 1) remove platform dependent path usage 2) remove policy store
* add test case for mutate with wildcard namespaces
* adjust all resync periods
* remove unused data fields
* add pattern for match
2020-05-27 19:51:34 -07:00
Jim Bugwadia
838d02c475
Bugfix/659 support wildcards for namespaces ( #871 )
...
* - support wildcards for namespaces
* do not annotate resource, unless policy is an autogen policy
* close HTTP body
* improve messages
* remove policy store
Policy store was not fully implemented and simply provided a way
to list all polices and get a policy by name, which can be done via
standard client-go interfaces.
We need to revisit and design a better PolicyStore that provides fast
lookups for matching policies based on names, namespaces, etc.
* handle wildcard namespaces in background processing
* fix unit tests 1) remove platform dependent path usage 2) remove policy store
* add test case for mutate with wildcard namespaces
2020-05-26 10:36:56 -07:00
Shuting Zhao
74387d2ee4
Fix CI
2020-05-18 20:10:30 -07:00
Yuvraj
277402ba4c
Feature - Add checks for k8s version when Kyverno starts ( #831 )
...
* Added k8s version check for mutating and validating'
* version check adde
* middelware added
* formate
* Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check
* Fixed test cases
* Removed log
* Update kubernetes version check
* Added check for mutate and validate
* Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14
* Update return object AdmissionResponse
* fixed condition for skiping mutation
* Handle condition for skip feature in case of kubernetes version 1.14.2
2020-05-18 17:00:52 -07:00
Jim Bugwadia
573eb9cf13
increase worker count for policyController
2020-05-17 14:48:17 -07:00
Jim Bugwadia
bc37d27de6
remove unnecessary comments and reduce cache resync intervals
2020-05-17 09:51:18 -07:00
shravan
20b161a270
765 resolved merge conflicts
2020-03-29 09:09:26 +05:30
shravan
91223deae2
754 resolved merge conflicts
2020-03-28 16:43:19 +05:30
shravan
b5af456f64
Revert "754 merge conflicts"
...
This reverts commit 39f75db435
.
2020-03-28 16:36:19 +05:30
shravan
39f75db435
754 merge conflicts
2020-03-28 16:30:18 +05:30
shravan
6efe0252a3
765 save commit
2020-03-27 19:06:06 +05:30
shravan
2443a9997d
754 crds can be immidiatly validate on startup - changed locks so as to not timeout requests
2020-03-25 02:00:30 +05:30
shivkumar dudhani
4320111c5c
fix logs api
2020-03-20 11:43:21 -07:00
shivkumar dudhani
e6e5bbb603
Merge branch 'master' into access_check
2020-03-17 17:23:18 -07:00
shivkumar dudhani
d327309d72
refactor logging
2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77
logs & access
2020-03-17 11:05:20 -07:00
shuting
2768574a39
Merge pull request #737 from shravanshetty1/536_extend_cli_v3
...
#536 - kyverno CLI
2020-03-16 09:54:27 -07:00
shravan
892f8c7040
527 resolving merge conflicts
2020-03-13 10:01:50 +05:30
shravan
9656975b5a
527 renamed package and send listner instead of entire sync object
2020-03-07 12:53:37 +05:30
shravan
1fa88e0dd0
536 workin cli
2020-03-06 03:00:18 +05:30
shravan
888d2ae171
522 save commit
2020-03-04 19:16:26 +05:30
shravan
40e92ebacf
527 decoupling sender and reciever
2020-02-29 22:39:27 +05:30
shravan
053ccde6b8
527 stopCh changes
2020-02-29 17:19:00 +05:30
shravan
4c573bd3c7
527 ci fixes
2020-02-25 21:07:00 +05:30
shravan
d32cd9363e
527 save commit
2020-02-25 20:55:07 +05:30
shravan
36e775edb0
527 resolved merge conflicts
2020-02-24 20:19:28 +05:30
shravan
d080aa18ce
527 prototype changes to handle generate stats - also changes made to handle stats such as violation count and generated resources count - currently untested
2020-02-24 20:12:39 +05:30
shravan
d758a4ad45
527 added accurate violation Count
2020-02-23 23:24:18 +05:30
shravan
592df74c57
527 tested mutate needs further testing
2020-02-22 23:35:02 +05:30
shravan
a15a741cb4
527 save commit
2020-02-22 16:57:00 +05:30
shivkumar dudhani
14609ae7d9
remove cli(revert changes)
2020-02-20 15:27:10 -08:00
shivkumar dudhani
9b38289a84
remove openapi validation(manual revert)
2020-02-20 15:09:20 -08:00
shuting
cf59326c64
Merge pull request #701 from nirmata/700_bug
...
add kubernetes server version check
2020-02-18 10:01:30 -08:00
shravan
15656a0518
536 resolving merge conflicts
2020-02-15 22:32:42 +05:30
shravan
b5e5f3eeda
527 save commit
2020-02-15 16:38:59 +05:30
shivkumar dudhani
9ab92ecc0a
fix build errors- fakeclient implementation
2020-02-14 18:20:12 -08:00
shivkumar dudhani
2687ffcbee
add kubernetes server version check
2020-02-14 18:12:28 -08:00
shravan
1f0582baf3
Merge branch 'master' into 522_validate_policy_resource_data
2020-02-09 21:25:49 +05:30
shravan
f0a8b20668
253 resolving merge conflicts
2020-02-06 08:14:35 +05:30
Jim Bugwadia
a1b49f72a3
fix gofmt and golint issues ( #667 )
...
* fix gofmt and golint issues
* add keys to structs
* fix compile error
* fix clusterrolebinding creation
* fix test
2020-02-03 13:38:24 -08:00
shravan
c4a8efbd7b
Merge branch 'master' into 253_ValidationInMutationFlag_v3
2020-01-29 14:34:15 +05:30
shravan
225bc8c584
536 enabling use as a kubectl plugin
2020-01-26 11:53:51 +05:30
shravan
78edfd2f7d
Merge branch '522_validate_policy_resource_data' into 536_extend_cli
2020-01-25 17:57:16 +05:30
shravan
865eb57812
resolving merge conflicts
2020-01-25 16:38:12 +05:30
shravan
e1b9a13590
resolving merge conflicts
2020-01-25 14:55:36 +05:30
shravan
78cae242c5
522 restructured files
2020-01-25 14:53:12 +05:30
Shivkumar Dudhani
8c1d79ab28
linter suggestions ( #655 )
...
* cleanup phase 1
* linter fixes phase 2
2020-01-24 12:05:53 -08:00
shravan
81ea5ba157
253 fixing circle ci issues
2020-01-24 23:40:05 +05:30
shravan
1b707f10a0
522 added ability to override default openAPI document
2020-01-24 22:27:21 +05:30
shravan
79999c4948
extended cli
2020-01-17 00:05:15 +05:30
shravan
8dc6b06d79
resolving merge conflicts
2020-01-11 18:33:11 +05:30
shuting
0f398e631d
Merge pull request #599 from nirmata/542_feature
...
flag to use FQDN as CommonName in CSR
2020-01-10 18:38:18 -08:00
shivkumar dudhani
1e5f871665
lowercase the cmdline arg
2020-01-08 16:40:19 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature ( #594 )
...
* initial commit
* background policy validation
* correct message
* skip non-background policy process for add/update
* add Generate Request CR
* generate Request Generator Initial
* test generate request CR generation
* initial commit gr generator
* generate controller initial framework
* add crd for generate request
* gr cleanup controller initial commit
* cleanup controller initial
* generate mid-commit
* generate rule processing
* create PV on generate error
* embed resource type
* testing phase 1- generate resources with variable substitution
* fix tests
* comment broken test #586
* add printer column for state
* return if existing resource for clone
* set resync time to 2 mins & remove resource version check in update handler for gr
* generate events for reporting
* fix logs
* initial commit
* fix trailing quote in patch
* remove comments
* initial condition (equal & notequal)
* initial support for conditions
* initial support fo conditions in generate
* support precondition checks
* cleanup
* re-evaluate GR on namespace update using dynamic informers
* add status for generated resources
* display loaded variable SA
* support delete cleanup of generate request main resources
* fix log
* remove namespace from SA username
* support multiple variables per statement for scalar values
* fix fail variables
* add check for userInfo
* validation checks for conditions
* update policy
* refactor logs
* code review
* add openapispec for clusterpolicy preconditions
* Update documentation
* CR fixes
* documentation
* CR fixes
* update variable
* fix logs
* update policy
* pre-defined variables (serviceAccountName & serviceAccountNamespace)
* update test
2020-01-07 15:13:57 -08:00
Shivkumar Dudhani
ffd2179b03
538 ( #587 )
...
* initial commit
* background policy validation
* correct message
* skip non-background policy process for add/update
* add Generate Request CR
* generate Request Generator Initial
* test generate request CR generation
* initial commit gr generator
* generate controller initial framework
* add crd for generate request
* gr cleanup controller initial commit
* cleanup controller initial
* generate mid-commit
* generate rule processing
* create PV on generate error
* embed resource type
* testing phase 1- generate resources with variable substitution
* fix tests
* comment broken test #586
* add printer column for state
* return if existing resource for clone
* set resync time to 2 mins & remove resource version check in update handler for gr
* generate events for reporting
* fix logs
* cleanup
* CR fixes
* fix logs
2020-01-07 10:33:28 -08:00
shivkumar dudhani
38dcb2e94f
flag to use FQDN as CommonName in CSR
2020-01-06 16:12:53 -08:00
Shuting Zhao
dce1e0555a
move helper to pkg/utils
2020-01-03 10:41:47 -08:00
Shuting Zhao
e466a8e1df
gofmt
2020-01-02 19:46:02 -08:00
Shuting Zhao
b5192dc559
remove old crd namespacedpolicyviolation
2020-01-02 15:33:57 -08:00
Shivkumar Dudhani
3fa411e982
581 bug ( #582 )
...
* parse flag before using args
* update CI build script
2019-12-30 10:48:04 -08:00
Shivkumar Dudhani
39e08aa1fc
76 cache invalidate ( #557 )
...
* invalidate local cache of registererd resources
* update client in initContainer
* update message
2019-12-16 12:55:44 -08:00
shivkumar dudhani
a19785261d
Merge branch '524_bug' into v1.1.0
2019-12-12 16:25:50 -08:00
Shuting Zhao
a107ad7ac8
rename namespacedpolicyviolation: update codegen
2019-12-11 16:07:39 -08:00
Shuting Zhao
b2ad71cc5e
remove channel, introduced a flag to indicate the webhook creation status
2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029
- move resourcewebhookregister to webhookconfig
2019-12-05 13:51:02 -08:00
Shuting Zhao
0f5cf40eda
- holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient
2019-12-04 12:31:27 -08:00
shivkumar dudhani
2476940ddf
remove cluster and namespace PV controller
2019-11-26 18:21:09 -08:00
Shuting Zhao
f506789498
create resource mutating webhook after verifying webhook is active
2019-11-25 18:07:11 -08:00
shivkumar dudhani
0d4bbb5a38
refactor
2019-11-19 10:13:03 -08:00
shivkumar dudhani
40b685c9db
merge with v1.1.0
2019-11-18 11:48:36 -08:00
shivkumar dudhani
3df71f6fea
Merge branch 'v1.1.0' into 507_bug
2019-11-18 11:44:17 -08:00
Shivkumar Dudhani
61b202c64a
420 init container ( #501 )
...
* init container to cleanup stale webhook configurations if any.
* remove test code
* use internal pkg for os signals
* move webhook cleanup before http.server shutown.
* update make file and remove init
* update CI script
2019-11-18 11:41:37 -08:00
shuting
d9229b329b
change logger to glog
2019-06-03 17:54:19 -07:00
shivdudhani
c205cca38b
introduce glog, remove log.logger references
2019-05-30 12:28:56 -07:00
Jim Bugwadia
c4e6b42635
rename CLI folder
2019-05-22 20:53:27 -07:00
shuting
de83a16493
rename pkg to kyverno
2019-05-21 11:00:09 -07:00
shuting
ffe644f821
Support Mutate from command line
2019-05-20 13:02:55 -07:00