1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

32 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
7bfcf7d7e2
refactor: add config support to webhook controller (#4838)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-07 11:32:38 +00:00
Charles-Edouard Brétéché
ebe86473fc
feat: use a dedicated policy metrics controller (#4818)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 10:53:54 +00:00
Charles-Edouard Brétéché
7849fbbc8a
refactor: leader controllers management (#4832)
* refactor: leader controllers management

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix start

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix deps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove dead code

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 07:38:38 +00:00
Charles-Edouard Brétéché
1509fa6251
refactor: non leader controllers management (#4831) 2022-10-06 18:38:35 +08:00
Charles-Edouard Brétéché
74172f2079
refactor: make tls cert func not depending on cert controller (#4820)
* refactor: make tls cert func not depending on cert controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fmt

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* clean

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-06 08:43:43 +00:00
Charles-Edouard Brétéché
59f11f08b3
fix: remove explicit wait for cache sync (#4791)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-03 14:44:41 +00:00
Charles-Edouard Brétéché
278dbba316
fix: new cert manager controller never returns error (#4789)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-03 13:48:34 +00:00
Charles-Edouard Brétéché
3971376814
refactor: introduce webhook controller (#4749)
* refactor: introduce webhook controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix linter issues

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix imports

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* merge main

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* merge main

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-03 11:23:02 +00:00
Charles-Edouard Brétéché
25cf8d6c1e
fix: add workers to the controller interface (#4776)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-03 07:55:59 +00:00
yinka
688b4fb8e3
add package logger in files (#4766)
* add package logger in files

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* add package logger to initContainer and other files

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>

* helm docs

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* helm default values

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* release notes

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché
287eb84d07
refactor: use context in controllers instead of chan (#4761)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-30 16:54:47 +05:30
Charles-Edouard Brétéché
7fa796e24a
fix: watch error in resource controller (#4751)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-29 23:39:34 +05:30
Charles-Edouard Brétéché
5a3532da91
chore: use constant in cert manager controller (#4747)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-29 17:50:19 +02:00
Charles-Edouard Brétéché
e0ab72bb9a
feat: reports v2 implementation (#4608)
This PR refactors the reports generation code.
It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds.

The new reports system is based on 4 controllers:

Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation
Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes
Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace)
Resources controller is responsible for watching reports that need background scan reports
I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong.

I also added a flag to split reports in chunks to avoid creating too large resources.

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché
144985ee5a
chore: fix golangcilint timeout (#4388)
* chore: fix golangcilint timeout

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix commit sha

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* add .gitattributes

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-08-24 21:08:24 +08:00
Rodrigo Fior Kuntzer
8e5f831b07
fix: fix the verbosity of reconciling logs in the config controller (#4362)
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>

Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
2022-08-22 07:51:05 +00:00
shuting
cd2d89bf55
Wait for informers' cache to be synced before starting controllers (#4155)
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-06-28 04:55:52 +00:00
Charles-Edouard Brétéché
dd4fd943b1
feat: add controller utils package (#3952)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-23 13:45:04 +00:00
Charles-Edouard Brétéché
41a3f6c388
chore: make kyverno informers and listers import aliases consistent (#3958)
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make dclient api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make clients import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make kube informers and listers import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make kyverno informers and listers import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
2022-05-18 04:02:31 +00:00
Charles-Edouard Brétéché
572a76ce33
chore: make kube informers and listers import aliases consistent (#3957)
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make dclient api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make clients import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make kube informers and listers import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 17:51:03 +02:00
Charles-Edouard Brétéché
666bcb3c15
chore: make k8s api import aliases consistent (#3950)
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché
8f806424c3
fix: cache warmup log message (#3943)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-17 08:55:27 +00:00
Charles-Edouard Brétéché
53adf904d6
refactor: separate policy cache and controller (#3925)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-16 18:36:19 +02:00
Charles-Edouard Brétéché
97cf1b3e95
feat: gracefull certificates rotation support (#3890)
* refactor: remove deployment hash on certs secrets

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: add label on kyverno webhooks

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: implement update ca bundle

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* test: set very low validity and expiration intervals

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: writing secret

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* add renew ca

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* decouple ca and tls validity duration

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactored code, everything is in place to finalize implementation

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* use real validity periods

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-05-12 14:07:25 +00:00
Charles-Edouard Brétéché
8f825bb040
refactor: remove deployment hash on certs secrets (#3886)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 16:58:14 +02:00
Charles-Edouard Brétéché
c2602d8181
refactor: cleanup tls package (#3854)
* refactor: init certs with certs renewer directly

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cleanup tls package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché
2064a69b8a
refactor: make config vars private (#3823)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché
ec2bf3b6da
refactor: init certs with certs renewer directly (#3853)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-10 16:08:36 +02:00
Charles-Edouard Brétéché
a981957a9d
feat: fetch tls certificate dynamically (#3851)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-10 09:55:39 +00:00
Charles-Edouard Brétéché
967ad7cb8e
refactor: remove the need for self-signed annotation on cert secret (#3850)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-10 08:58:51 +00:00
Charles-Edouard Brétéché
bb6e9a1ada
refactor: move config controller in controllers package (#3790)
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: move config controller in controllers package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché
400e486b46
refactor: create a package for controllers and move certmanager in it (#3782)
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-05-04 00:23:34 +08:00