mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3883 commits 16 branches 550 tags 288 MiB
Commit graph

24 commits

Author SHA1 Message Date
shuting
b10947b975
Dynamic webhooks (#2425) 
* support k8s 1.22, update admissionregistration.k8s.io/v1beta1  to admissionregistration.k8s.io/v1

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add failurePolicy to policy spec; - fix typo

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add schema validation for failurePolicy; - add a printer column

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* set default failure policy to fail if not defined

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* resolve conflicts

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix missing type for printerColumn

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* refactor policy controller

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add webhook config manager

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - build webhook objects per policy update; - add fail webhook to default webhook configurations

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix panic on policy update

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - set default webhook configs rule to empty; - handle policy deletion

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* reset webhook config if policies with a specific failurePolicy are cleaned up

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* handle wildcard pocliy

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update default webhook timeout to 10s

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* cleanups

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* added webhook informer to re-create it immediately if missing

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update tag webhookTimeoutSeconds description

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix e2e tests

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix linter issue

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* correct metric endpoint

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add pol.generate.kind to webhooks

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-05 00:15:09 -07:00
Pooja Singh
ba00ead7f8
adding ownerRef with namespace (#2263) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-08-13 17:07:40 -07:00
Pooja Singh
f9616cbab1
Removing OwnerReference (#2251) 
* removing OwnerReference

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-08-10 17:05:20 -07:00
Vyankatesh Kudtarkar
b1861081be
support for Disallow pod exec operation (#2138) 2021-07-14 11:42:10 -07:00
shuting
6f07ea407f
Customize namespaceSelector of Webhookconfigurations (#2003) 
* customize namespaceSelector of webhook configurations from configMap

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update webhook configurations base on UPDATEs of Kyverno ConfigMap

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* register webhook configurations with the namespaceSelector from ConfigMap

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address golint comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* validate webhooks config format

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix NotDefined scenario

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-14 13:01:40 -07:00
shuting
9dab21619f
Match endpoint to the exact Kyverno Pod's IP (#1787) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* match endpoint ip with the exact pod ip

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add tag "app.kubernetes.io/name"; - reduce throttling requests when deletes webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add [SelfSubjectAccessReview,*,*] to resource filters

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-12 20:29:51 -07:00
shuting
624b481df3
Fix 1351 - policy report (#1359) 
* ignore Kyverno CRDs existence check when server is not available

* clean up cluster / reportChangeRequest

* resolve PR comments

* - fixes #1351; - clean up code

* fo fmt
 2020-12-04 10:04:46 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor (#1318) 
* update webhook registration and monitor

* update log

* fix test

* improve logs

* improve logs

* format changes

* decrease interval for webhook config checks
 2020-11-26 16:07:06 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
shuting
931d7cd47c
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) 
* add watch policy to clusterrole kyverno:customresources

* fix build

* fix nil pointer

* skip json patches if the mutation is re-invoked

* set resource mutating webhook invocation policy to IfNeeded
 2020-09-03 08:54:37 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058) 
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
 2020-08-19 09:07:23 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
Jim Bugwadia
65193feccb
update logging, naming, and event retry (#959) 
* update logging and naming

* check per policy patch count
 2020-06-30 11:53:27 -07:00
Shuting Zhao
ad4f06f22d Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2020-05-18 12:32:42 -07:00
Jim Bugwadia
304c75403e - skip resource schema validation when no mutate rules are applied 
- cleanup webhook registration logic and logs
 2020-05-17 14:37:05 -07:00
shravan
7a3f0012a9 744 untested prototype 2020-04-22 20:15:16 +05:30
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
shivkumar dudhani
0d4bbb5a38 refactor 2019-11-19 10:13:03 -08:00
shivkumar dudhani
a315c22e2f refer informer cache in policy controller for mutatingwebhookconfigs 2019-11-15 14:01:40 -08:00
Shuting Zhao
6e69c8b69b cleanup pv with dependant when blocked admission request pass 2019-10-23 23:18:58 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
shivkumar dudhani
d71ad7004c remove validation webhook configurations for resources 2019-08-28 11:04:38 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00