kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
shuting	e323e693b2	improve logging (#5941 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2023-01-09 17:45:53 +01:00
Njegos Railic	c429f845dd	Adding support for overriding the default registry (#4715 ) Signed-off-by: Njegos Railic <railic.njegos@gmail.com> Signed-off-by: Njegos Railic <railic.njegos@gmail.com>	2023-01-02 17:14:40 +00:00
Charles-Edouard Brétéché	3c997d88a8	refactor: cleanup controller validating webhook (#5756 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-22 06:13:32 +00:00
Charles-Edouard Brétéché	4618dc39d0	feat: add policy exception validation webhook (#5679 ) * feat: add policy exception validation webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-12-15 08:34:44 +00:00
Charles-Edouard Brétéché	7db2307574	fix: setup tracing and minor cleanup in tracing and metrics code (#5629 ) * fix: setup tracing and minor cleanup in tracing and metrics code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-09 09:49:45 +00:00
Charles-Edouard Brétéché	e03f48128a	refactor: metrics configuration code (#5475 ) * refactor: metrics configuration Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-25 13:14:55 +00:00
Riko Kudo	8acb8c3e38	fixed dryrun option to handle changes caused by mutating policy (#4899 ) * fixed dryrun option to handle changes caused by mutating policy Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a check to avoid using kyverno namespace for dryrun Signed-off-by: Riko Kudo <rurikudo@ibm.com> * add a check to avoid using kyverno namespace for dryrun Signed-off-by: Riko Kudo <rurikudo@ibm.com> Signed-off-by: Riko Kudo <rurikudo@ibm.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-11-17 08:17:45 +00:00
Charles-Edouard Brétéché	35123af638	fix: remove unused code in config (#5242 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-07 16:48:25 +00:00
Charles-Edouard Brétéché	5f6b04ca69	fix: config reloading not working correctly (#4951 ) * fix: config reloading not working correctly Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-14 17:36:46 +00:00
Charles-Edouard Brétéché	4aed9359cb	refactor: manage webhooks with webhook controller (#4846 ) * refactor: add config support to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add client config to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * migrate verify webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: move policy webhooks management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy validating webhook config Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watch policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate resource webhook management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update and wildcard policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy readiness Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: can't use v1 admission Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce reconcile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * health check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove delete from mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-12 06:52:42 +00:00
Charles-Edouard Brétéché	7bfcf7d7e2	refactor: add config support to webhook controller (#4838 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-10-07 11:32:38 +00:00
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché	317a3ae0bf	feat: add kyverno managed resources protection (#4414 ) * feat: add kyverno managed resources protection Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-06 15:43:04 +00:00
Charles-Edouard Brétéché	fc1a4601a7	refactor: introduce wildcard utils package (#4406 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-25 05:23:01 +00:00
Charles-Edouard Brétéché	666bcb3c15	chore: make k8s api import aliases consistent (#3950 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché	0099ef54ad	chore: enable gofmt and gofumpt linters (#3931 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché	2064a69b8a	refactor: make config vars private (#3823 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 06:14:30 +00:00
shuting	8a9a98d8b5	Add `handler` to `UR.status` (#3791 ) * - Add "handler" to "ur.status" - Mark / Unmark handler upon UR reconciliation Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add field onPolicyUpdate Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update API docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add delay in generate e2e tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Remove duplicate logic for cleaning up the cloned resource Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-05-05 16:26:27 +05:30
Charles-Edouard Brétéché	bb6e9a1ada	refactor: move config controller in controllers package (#3790 ) * refactor: use typed informers and add tombstone support to webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove unstructured usage from webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: cert manager controller Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: move config controller in controllers package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché	873e394e5f	fix: cert manager duplicate event handler (#3772 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-03 07:37:18 +00:00
Charles-Edouard Brétéché	972be16ad3	refactor: remove unstructured usage from webhookconfig (#3737 ) * refactor: use typed informers and add tombstone support to webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove unstructured usage from webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 18:58:04 +08:00
Charles-Edouard Brétéché	c97af0094f	refactor: config package logger (#3683 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-26 21:55:24 +02:00
Charles-Edouard Brétéché	fe0ad3c68f	refactor: add os utils sub package (#3528 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-01 06:59:44 +00:00
Sebastian Widmer	80664d339f	Add command-line flags to allow setting client rate limits (QPS/Burst) (#2797 ) * Add `-clientRateLimitQPS` and `-clientRateLimitBurst` flags to allow controlling client rate limits. Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net> * Return error if QPS is higher than max value of float32 Signed-off-by: Sebastian Widmer <sebastian.widmer@vshn.net>	2021-12-08 14:03:07 +01:00
Vyankatesh Kudtarkar	fa95132806	Fix: Hard-coded ClusterRoleName in OwnerRef breaks (#2718 ) * fix hardcoded clusterrole name * Fix label	2021-11-16 19:32:42 +08:00
Vyankatesh Kudtarkar	6eb7cf57f7	bug fix : Kyverno policies block uninstall of Kyverno (#2659 ) * bug fix uninstall kyverno issue * rename the methods	2021-11-02 23:44:32 -07:00
Pooja Singh	ba00ead7f8	adding ownerRef with namespace (#2263 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-08-13 17:07:40 -07:00
shuting	0a13ce9c73	Revert "Fix Helm deployment name issue" (#2070 )	2021-06-24 14:22:34 -07:00
vyankatesh	4f3a780cc4	fix issue	2021-06-17 20:49:28 +05:30
Vineeth Reddy	6d2cb87370	change min support kubernetes version to 1.16 for kyverno 1.4 (#1935 ) * change min support kubernetes version to 1.16 for kyverno 1.4 Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * migrate deployment to apps/v1 Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>	2021-06-08 13:14:28 -07:00
Jim Bugwadia	ec95724e97	update webhook registration and monitor (#1318 ) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks	2020-11-26 16:07:06 -08:00
Shuting Zhao	b9fb926ddb	fixes for golint ./...	2020-11-17 13:07:30 -08:00
shuting	5e07ecc5f3	Add Policy Report (#1229 ) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-11-09 11:26:12 -08:00
Yuvraj	de570d577d	fixed deployment name	2020-07-16 22:13:50 +00:00
Pooja Singh	59b2378274	reading kyverno svc from environment variable (#962 ) * reading kyverno svc from environment variable * updated readme	2020-07-04 19:35:31 -07:00
Pooja Singh	ac5d69895a	removing hardcoded namespace from the code (#955 ) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note	2020-07-01 14:50:49 -07:00
Yuvraj	74db840b25	Added readiness and liveness prob (#874 ) * Added readiness and liveness prob * typo fix * port number fixed * fixed the image name	2020-05-26 18:03:32 -07:00
shivkumar dudhani	f94465a653	remove commented code	2020-03-26 07:59:37 -07:00
shivkumar dudhani	d327309d72	refactor logging	2020-03-17 16:25:34 -07:00
shivkumar dudhani	1b1ab78f77	logs & access	2020-03-17 11:05:20 -07:00
shravan	15656a0518	536 resolving merge conflicts	2020-02-15 22:32:42 +05:30
shravan	c4a8efbd7b	Merge branch 'master' into 253_ValidationInMutationFlag_v3	2020-01-29 14:34:15 +05:30
shravan	865eb57812	resolving merge conflicts	2020-01-25 16:38:12 +05:30
Shivkumar Dudhani	8c1d79ab28	linter suggestions (#655 ) * cleanup phase 1 * linter fixes phase 2	2020-01-24 12:05:53 -08:00
shravan	12076f6183	Merge branch 'master' into 253_ValidationInMutationFlag_v3	2020-01-24 23:32:15 +05:30
Shivkumar Dudhani	1171ac691b	cleanup phase 1 (#653 )	2020-01-24 09:37:12 -08:00
shravan	79999c4948	extended cli	2020-01-17 00:05:15 +05:30
shravan	1b417f42dd	changed validating webhook configuration names	2020-01-15 20:29:02 +05:30
shravan	8dc6b06d79	resolving merge conflicts	2020-01-11 18:33:11 +05:30
Shivkumar Dudhani	61b202c64a	420 init container (#501 ) * init container to cleanup stale webhook configurations if any. * remove test code * use internal pkg for os signals * move webhook cleanup before http.server shutown. * update make file and remove init * update CI script	2019-11-18 11:41:37 -08:00

1 2

62 commits