kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	6545f64ce1	refactor: helm labels management (#6073 ) * refactor: helm labels management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * readme Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2023-01-24 20:41:24 +00:00
Charles-Edouard Brétéché	e191a21b4d	refactor: helm chart crds management (#6067 ) * refactor: helm chart crds management Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-20 22:01:33 +01:00
Charles-Edouard Brétéché	5a18230e35	chore: run helm test (#6053 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-20 07:40:44 +00:00
Charles-Edouard Brétéché	3fa0bb1f27	feat: remove report controllers from kyverno admission controller (#6045 ) * feat: remove reports controller from kyverno admission controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-19 21:28:28 +08:00
Charles-Edouard Brétéché	ef81344c32	feat: add separate reports-controller (#5352 ) * feat: add separate reports-controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * controllers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove commented code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * exit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-01-18 13:38:47 +00:00
Charles-Edouard Brétéché	2c172b151c	test: add kuttl test for policy exception (#5935 )	2023-01-09 10:52:16 +08:00
Jim Bugwadia	22c23a5692	Makefile and log (#5929 ) * fix make debug-deploy Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve log messages Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2023-01-07 15:14:51 -08:00
Charles-Edouard Brétéché	d84ce8f9d9	chore: simplify tests workflow (#5920 ) * chore: simplify tests workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-06 20:42:21 +00:00
Charles-Edouard Brétéché	8f1404154a	chore: use gh composite actions (#5885 )	2023-01-05 11:35:04 +00:00
Charles-Edouard Brétéché	601541c147	chore: switch to kyverno/kuttl (#5504 ) * chore: swith to kyverno/kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * pin version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-12-28 05:40:07 +00:00
Charles-Edouard Brétéché	3975323362	chore: bump deps including k8s ones (#5751 ) * chore: bump deps including k8s ones Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-21 22:33:51 +00:00
shuting	6dfcac53f2	chore: remove e2e tests (#5742 ) * remove e2e tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix litmuschaos test Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-12-21 17:12:08 +01:00
Charles-Edouard Brétéché	7aa1bcb31f	fix: cleanup controller image build (#5739 ) * fix: cleanup controller image buil Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * image Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-21 13:44:22 +00:00
Charles-Edouard Brétéché	c6ba1c85b5	chore: update k8s versions test grid (#5732 ) * chore: update k8s versions test grid Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kind version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-21 13:32:05 +08:00
Charles-Edouard Brétéché	dfa20d6ee7	fix: add back install.yaml manifest (#5721 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-19 20:49:42 +01:00
Charles-Edouard Brétéché	41fd4fb252	refactor: supress usage of kustomize in build (#5691 ) * refactor: supress usage of kustomize in build (part 1) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * e2e Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * simplify templating flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-19 16:26:07 +01:00
Charles-Edouard Brétéché	3dff75b8f1	feat: add dev config with support for prom loki and tempo (#5647 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-12 13:58:36 +08:00
Vyom Yadav	99d988e98c	feat: add support for subresources to validating and mutating policies (#4916 ) * feat: add support for subresources to validating and mutating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add CLI test cases with subresources for validating policies Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Fix existing e2e tests for validating policies and remove tests migrated to kuttl Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for mutating policies with subresources Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> * Add kuttl e2e tests for validating policy by-pass by manipulating preconditions Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com> Signed-off-by: Vyom-Yadav <jackhammervyom@gmail.com>	2022-12-10 00:45:23 +08:00
Charles-Edouard Brétéché	87ce4b85de	feat: introduce v2alpha1 (#5625 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-08 11:45:47 +00:00
Marc Brugger	616d0d3981	use helm values for crd labels (#5594 ) Signed-off-by: bakito <github@bakito.ch> Signed-off-by: bakito <github@bakito.ch> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-12-07 14:09:14 +00:00
Charles-Edouard Brétéché	a6aaffded3	feat: add cleanup handler (#5576 ) * feat: add cleanup handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * service Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-12-07 10:30:47 +00:00
Charles-Edouard Brétéché	d19e870c17	refactor: update otlp packages (#5367 ) * fix: panic when disable metrics is true Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: update otlp packages Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update bunch of deps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * target infos Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com>	2022-12-06 15:41:00 +00:00
shuting	ef06833613	feat: support attestations with multiple signatures (#5409 ) * add new attribute ".verifyImages.attestations.attestors" Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update CRDs Signed-off-by: ShutingZhao <shuting@nirmata.com> * support multiple subjects for attestations Signed-off-by: ShutingZhao <shuting@nirmata.com> * - fix entries check; - refactors code Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * - allow both attestors and attestations; - make attestations.attestor optional Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add kuttl tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove the invalid test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix empty attestor Signed-off-by: ShutingZhao <shuting@nirmata.com> * add cleanup steps Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update api/kyverno/v1/image_verification_types.go Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-12-01 22:09:44 +00:00
Charles-Edouard Brétéché	035ab3bb06	chore: add instrumented clients codegen verification (#5460 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-11-24 17:20:03 +00:00
André Bauer	8073dd4bd8	fix blank lines in crds (#5422 ) Signed-off-by: André Bauer <andre.bauer@staffbase.com> Signed-off-by: André Bauer <andre.bauer@staffbase.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-11-21 21:57:15 +01:00
Charles-Edouard Brétéché	8ff6ce1c7f	refactor: improve instrumented clients creation (#5417 ) * refactor: improve instrumented clients creation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-21 17:16:25 +00:00
Charles-Edouard Brétéché	1f48610cd2	refactor: generate instrumented client code (#5362 ) * refactor: generated instrumented client code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kyverno client Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * client type Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * factory Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * main Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove manually instrumented clients Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-17 16:01:30 +00:00
Charles-Edouard Brétéché	c077fb49d5	chore: add performance tests tool (#5241 ) * feat: add flag to configure the number of background scan workers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add performance testing Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix pvc issue Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * make nodes count configurable Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kube proxy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove commented code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * memory request Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-17 06:31:35 +00:00
Charles-Edouard Brétéché	86fc537ce0	feat: add cleanup controller to helm chart (#5329 ) * feat: add cleanup controller to helm chart Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add webhook config Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * secret Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * certs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix labels Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add server Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-14 18:30:12 +01:00
Charles-Edouard Brétéché	511eb797e6	chore: remove docker support (#5324 ) * chore: remove docker support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-11-14 23:34:46 +08:00
Charles-Edouard Brétéché	217d77d670	feat: add cleanup controller makefile targets (#5327 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-14 11:00:40 +00:00
Charles-Edouard Brétéché	0d37be25e4	chore: update kuttl (#5285 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-09 23:57:55 +01:00
Nikhil Sharma	6d801b26db	feat: create cleanup new CRDs (#5233 ) * create new cleanup CRDs Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> * fix package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-08 08:42:35 +00:00
Charles-Edouard Brétéché	4e22ad26bf	chore: add kuttl in makefile (#5254 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-07 18:01:25 +00:00
Edwin Mackenzie-Owen	0e1d2cae05	Helm chart: add extraCRDAnnotations value and set ArgoCD sync option by default (#4964 ) * fix: add extraCRDAnnotations option to helm chart set ArgoCD replace sync option by default Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com> * fix: add extraCRDAnnotations via codegen * use template Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Edwin Mackenzie-Owen <edwin.mowen@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-02 09:35:33 +00:00
Charles-Edouard Brétéché	11bfad27ec	chore: add kind config file (#5178 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-01 22:53:58 +08:00
Charles-Edouard Brétéché	e4bf66e756	feat: remove policy mutation for auto-gen rules (#5123 ) * feat: remove policy mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-25 23:43:46 +00:00
Charles-Edouard Brétéché	af787b9fe6	docs: separate dev and user docs (#5114 ) * docs: separate dev and user docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-21 14:51:15 +00:00
Charles-Edouard Brétéché	5a496ca212	refactor: simplify variables regex (#5075 ) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * gh action Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * separate workflow Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix the bug Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix cli test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * improvements Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: variables regex Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-21 11:51:14 +08:00
Charles-Edouard Brétéché	ad2cbd3b33	feat: add simple conformance tests (#5073 ) * feat: add simple conformance tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-20 12:17:33 +00:00
Charles-Edouard Brétéché	4f3656abc6	chore: update controller-tools to v0.10.0 (#4918 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-13 07:23:44 +00:00
Charles-Edouard Brétéché	1c337bdf44	fix: debug mode (#4785 ) * fix: debug mode Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-10-06 15:41:05 +08:00
Charles-Edouard Brétéché	1f41c2b84a	fix: logger panic (#4793 ) * fix: logger panic Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-03 15:42:52 +00:00
Charles-Edouard Brétéché	7e0884ca36	fix: publish yaml manifests in release instead of repo (#4738 ) * fix: publish yaml manifests in release instead of repo Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * ignore Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * pin actions Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * messages Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix helm gen crds Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chart app version Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-03 15:12:43 +00:00
yinka	688b4fb8e3	add package logger in files (#4766 ) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché	c42851a37a	refactor: use context in dynamic client instead of chan (#4756 ) * refactor: use context in dynamic client instead of chan Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-30 10:12:21 +02:00
Charles-Edouard Brétéché	da3970de5b	chore: speed up helm docs gen on mac (#4742 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-09-29 09:06:37 +00:00
yinka	bb2e193d44	feat: allow users enable JSON logging with a --loggingFormat=json flag (#4661 ) * feat: add feature flag to disable background scan (#4638) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * allow users configure JSON logging with a --logging-format=json flag Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Clean up changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * added kubeconfig and context flag to kyverno apply (#4524) Signed-off-by: Sandesh More <sandesh.more@infracloud.io> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: publish sbom result to a different repositry from an image (#4665) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * Fix issue for wildcard versions (#4670) * Fix wildcard issue Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com> * Delete res.yaml Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com> Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: bump minimum go version (#4677) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: namespaced policy not validated in engine (#4653) * fix: namespaced policy not validated in engine Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: handle auth permission for cloneList validation (#4684) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: bump net standard lib (#4685) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * small fixes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add json logger Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix import Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix go mod Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix go mod Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: simplify go mod (#4692) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: jmespath random error handling (#4697) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * refactor: replace signal package by signal.NotifyContext (#4691) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: namespaced policy targets namespace validation and scoping them to the policy's namespace (#4671) Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: shutdown controllers workers gracefully (#4681) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: split webhook handlers per failure policy (#4650) * fix: split webhook handlers per failure policy Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix handlers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * rolling update Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * better error message Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * refactor: use pod name as leader id (#4680) * refactor: use pod name as leader id Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix manifests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * leader client Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix: missing client wrapper (#4703) * fix: missing client wrapper Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * v1beta1 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * v1alpha2 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * policy report Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * chore: refactor manifests related makefile targets (#4706) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * deps Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Sandesh More <34198712+sandeshlmore@users.noreply.github.com> Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>	2022-09-29 07:49:29 +00:00
Charles-Edouard Brétéché	7302578623	fix: output make messages to stderr (#4727 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-28 12:39:03 +00:00
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché	56c74272bb	chore: update client code generator (#4711 ) * chore: update client code generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix inconsistency on my mac Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-28 09:31:06 +00:00
Charles-Edouard Brétéché	ec5c469175	chore: group unit and cli tests targets and separate sections (#4693 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-28 11:55:17 +08:00
Charles-Edouard Brétéché	332a5aa01f	chore: enable overriding images repo (#4694 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-27 17:47:59 +00:00
Charles-Edouard Brétéché	104b686edc	chore: refactor manifests related makefile targets (#4706 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-27 06:08:06 +00:00
Batuhan Apaydın	e35da69c92	chore: publish sbom result to a different repositry from an image (#4665 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>	2022-09-21 22:06:34 -05:00
Charles-Edouard Brétéché	a27b0ab631	chore: add makefile target to deploy metrics server (#4627 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-15 11:48:02 +05:30
Charles-Edouard Brétéché	df9ab1327f	chore: add target to deploy policy reporter (#4621 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-15 09:45:49 +05:30
Charles-Edouard Brétéché	0048c06c9a	chore: add messages in makefile kind targets (#4588 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-09-12 10:23:58 +00:00
Charles-Edouard Brétéché	4d0a01393b	chore: add a codegen-quick makefile target (#4583 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-10 18:01:10 +00:00
Batuhan Apaydın	ff7ed78b09	chore: add kocache (#4482 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 09:00:25 +00:00
Vyankatesh Kudtarkar	aa6abd99f2	Support V2beta1 Version (#4514 ) introduce new version V2beta1 which remove deprecated CRD types from version v1. Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>	2022-09-08 11:19:16 +00:00
Charles-Edouard Brétéché	3beb4fee28	chore: test for k8s 1.25 (#4503 ) * chore: test for k8s 1.25 Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * remove 1.21 tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-09-06 16:48:53 +02:00
Charles-Edouard Brétéché	7c9792d03f	chore: refactor helm targets in makefile (#4498 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-02 23:14:04 +08:00
Charles-Edouard Brétéché	98a272efd6	feat: support switchin build with docker or ko (#4492 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-02 13:34:22 +00:00
Charles-Edouard Brétéché	62de89d3d0	fix: incorrect kustomize call in makefile (#4493 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-02 11:36:01 +00:00
Charles-Edouard Brétéché	5e5627e81f	refactor: verify codegen targets in makefile (#4494 )	2022-09-02 09:49:35 +00:00
Samuel Torres	b135edf171	chore: Bump helm-docs version to v1.11.0 (#4489 ) In order to fix an issue on M1 Macbooks, see https://github.com/norwoodj/helm-docs/issues/131, we're bumping the helm-docs tool to the v1.11.0 which fixes that issue, making the generation of the helm docs to work again. Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com> Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>	2022-09-01 23:03:14 +00:00
Charles-Edouard Brétéché	f168b85061	docs: add api docs generation (#4476 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-09-01 11:23:31 +00:00
Charles-Edouard Brétéché	6d726fe1be	chore: add makefile help comments (#4477 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 10:16:36 +00:00
Charles-Edouard Brétéché	599a68e896	feat: enable autogen from makefile (#4467 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 14:14:56 +08:00
Charles-Edouard Brétéché	f44a2f1a70	chore: speed up local image builds (#4468 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 18:04:47 -07:00
Charles-Edouard Brétéché	f503be1b23	docs: add section for generated code (#4465 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 16:19:37 +02:00
Charles-Edouard Brétéché	891ab41bef	fix: local image build with docker (#4462 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 10:41:58 +00:00
Charles-Edouard Brétéché	70f2e4e84d	fix: warning in all makefile targets (#4464 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 09:58:27 +00:00
ToLToL	1b9a2fca21	Extend Pod Security Admission (#4364 ) * init commit for pss Signed-off-by: ShutingZhao <shuting@nirmata.com> * add test for Volume Type control * add test for App Armor control except ExemptProfile. Fix PSS profile check in EvaluatePSS() * remove unused code, still a JMESPATH problem with app armor ExemptProfile() * test for Host Process / Host Namespaces controls * test for Privileged containers controls * test for HostPathVolume control * test for HostPorts control * test for HostPorts control * test for SELinux control * test for Proc mount type control * Set to baseline * test for Seccomp control * test for Sysctl control * test for Privilege escalation control * test for Run as non root control * test for Restricted Seccomp control * Add problems to address * add solutions to problems * Add validate rule for PSA * api.Version --> string. latest by default * Exclude all values for a restrictedField * add tests for kyverno engine * code to be used to match kyverno rule's namespace * Refacto pkg/pss * fix multiple problems: not matching containers, add contains methods, select the right container when we have the same exclude.RestrictedField for multiple containers: * EvaluatePod * Use EvaluatePod in kyverno engine * Set pod instead of container in context to use full Jmespath. e.g.: securityContext.capabilities.add --> spec.containers[].securityContext.capabilities.add Check if PSSCheckResult matched at least one exclude value * add tests for engine * fix engine validation test * config * update go.mod and go.sum * crds * Check validate value: add PodSecurity * exclude all restrictedFields when we only specify the controlName * ExemptProfile(): check if exclud.RestrictedField matches at least one restrictedField.path * handle containers, initContainers, ephemeralContainers when we only specify the controlName (all restrictedFields are excluded) * refacto pks/pss/evaluate.go and add pkg/engine/validation_test.go * add all controls with containers in restrictedFields as comments * add tests for capabilities and privileged containers and fix some errors * add tests for host ports control * add tests for proc mount control * add tests for privilege escalation control * add tests for capabilities control * remove comments * new algo * refacto algo, working. Add test for hostProcess control * remove unused code * fix getPodWithNotMatchingContainers(), add tests for host namespaces control * refacto ExemptProfile() * get values for a specific container. add test for SELinuxOptions control * fix allowedValues for SELinuxOptions * add tests for seccompProfile_baseline control * refacto checkContainers(), add test for seccomp control * add test for running as non root control * add some tests for runAsUser control, have to update current PSA version * add sysctls control * add allowed values for restrictedVolumes control * add some tests for appArmor, volume types controls * add tests for volume types control * add tests for hostPath volume control * finish merge conflicts and add tests for runAsUser * update charts and crds * exclude.images optional * change volume types control exclude values * add appAmor control * fix: did not match any exclude value for pod-level restrictedFields * create autogen for validate.PodSecurity * clean code, remove logs * fix sonatype lift errors * fix sonatype lift errors: duplication * fix crash in pkg/policy/validate/ tests and unmarshall errors for pkg/engine tests * beginning of autogen implement for validate.exclude * Autogen for validation.PodSecurity * working autogen with simple tests * change validate.PodSecurity failure response format * make codegen * fix lint errors, remove debug prints * fix tags * fix tags * fix crash when deleting pods matching validate.podSecurity rule. Only check validatePodSecurity() when it's not a delete request * Changes requested * Changes requested 2 * Changes requested 3 * Changes requested 4 * Changes requested and make codegen * fix host namespaces control * fix lint * fix codegen error * update docs/crd/v1/index.html Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix path Signed-off-by: ShutingZhao <shuting@nirmata.com> * update crd schema Signed-off-by: ShutingZhao <shuting@nirmata.com> * update charts/kyverno/templates/crds.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2022-08-31 09:16:31 +00:00
Charles-Edouard Brétéché	a53ad6a5dd	docs: add section for deploying a local build (#4458 ) * docs: add section for deploying a local build Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * review Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * review Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix merge Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 08:06:12 +00:00
Charles-Edouard Brétéché	8ddc72d792	refactor: clearly separate makefile docker targets for build and publish (#4454 ) * refactor: clearly separate makefile ko targets for build and publish Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: clearly separate makefile docker targets for build and publish Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-31 12:22:46 +08:00
Charles-Edouard Brétéché	fc79ca96a2	refactor: clearly separate makefile ko targets for build and publish (#4450 ) * refactor: clearly separate makefile ko targets for build and publish Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-30 17:30:28 +02:00
Charles-Edouard Brétéché	361fb533a8	chore: fix workflows related to ko recent changes (#4441 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-30 14:06:30 +00:00
Charles-Edouard Brétéché	2b495c7ef3	chore: fix workflows related to ko recent changes (#4438 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-08-30 12:59:08 +08:00
Charles-Edouard Brétéché	504acea12c	chore: remove godownloader and install-cli script (#4442 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-29 17:19:13 +02:00
Charles-Edouard Brétéché	8e65e558e4	fix: ko login (#4427 )	2022-08-27 12:26:17 +08:00
Charles-Edouard Brétéché	e0da0c996c	fix: ko login (#4424 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-26 15:54:48 +00:00
Charles-Edouard Brétéché	4864be14f1	fix: make ldflags optional in .ko.yaml (#4419 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-26 13:40:27 +00:00
Charles-Edouard Brétéché	9e49b25484	refactor: makefile build targets (#4418 ) * refactor: makefile Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: makefile build targets Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-26 15:23:04 +08:00
Jason Hall	95f3c0ea48	fix: Add --bare for ko-build-dev targets (#4417 ) Signed-off-by: Jason Hall <jason@chainguard.dev> Signed-off-by: Jason Hall <jason@chainguard.dev>	2022-08-25 19:41:50 +00:00
Jason Hall	6055713dfc	Use ko to build images (#4366 ) This updates Makefile targets to build images using `docker buildx build` to use `ko build` instead. End-to-end tests are accomplished by building and loading the image directly into the KinD cluster via ko. Also: - use GitHub Actions token to push to ghcr.io (setup-ko sets this up for us) - allow forks to push to their forked repo's packages (useful for testing) Signed-off-by: Jason Hall <jason@chainguard.dev> Signed-off-by: Jason Hall <jason@chainguard.dev>	2022-08-25 20:32:40 +02:00
Charles-Edouard Brétéché	3454635ece	refactor: makefile (#4403 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-25 16:59:24 +00:00
Charles-Edouard Brétéché	cf0ee93de8	feat: enable autogen internals by default (#4381 ) * feat: enable autogen internals by default Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * change e2e tests Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * change e2e tests matrix Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-25 23:01:43 +08:00
Charles-Edouard Brétéché	961e06adcd	chore: improve docker image tagging (#4409 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-25 13:13:51 +05:30
Charles-Edouard Brétéché	91373e1329	fix: goimports check not working in ci job (#4387 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-08-24 13:38:49 +00:00
Charles-Edouard Brétéché	b29207f585	fix: use official controller-gen (#4171 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-07-01 15:25:59 +00:00
Prateek Pandey	a14cab0947	fix: use dev tag for init container local build target (#4142 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-06-21 10:30:22 +05:30
Prateek Pandey	0d44003386	refactor: bump KIND version to use v1.24.0 k8s release (#3877 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-06-01 14:39:55 +00:00
Charles-Edouard Brétéché	dae3dad027	refactor: used typed admission request in ur (#4022 ) * refactor: add policy event listener in ur controller (#4012) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> (cherry picked from commit `cd1fa030ee`) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: used typed admission request in ur Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * Handle the error properly Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2022-05-29 07:27:14 +00:00
Shubham Nazare	165c5d9fc3	feat: Extend CLI to cover generate policies (#3456 ) - Change in namespace for test-generate example - Change cloneResource to cloneSourceResource - Add support for namespaced Policy and fix log messages - Add test-generate in Makefile and an example of namespaced Policy - Fix namespaced policy issue and add comments - Refactor according to new generate controller - Add json tag to GeneratedResource field of RuleResponse struct Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-25 14:26:22 +00:00
Charles-Edouard Brétéché	288125ebd0	chore: add informer util (#3796 )	2022-05-04 12:39:14 +00:00
Sambhav Kothari	dd0f6baa7d	Enable tests in makefile (#3699 )	2022-05-01 14:20:22 -07:00
Charles-Edouard Brétéché	b7f42a0d1f	refactor: remove some api unnecessary pointers (3) (#3707 ) * refactor: remove some api unnecessary pointers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (2) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove some api unnecessary pointers (3) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-28 12:30:23 +00:00
shuting	2a656f6de0	feat: mutate existing resources (#3669 ) * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix missing policy.kyverno.io/policy-name label (#3599) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor cli code from pkg to cmd (#3591) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * add-kms-libraries for cosign (#3603) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Update vulnerable dependencies (#3577) Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * updating version in Chart.yaml (#3618) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Allow kyverno-policies to have preconditions defined (#3606) * Allow kyverno-policies to have preconditions defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix docs Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Image verify attestors (#3614) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Allow defining imagePullSecrets (#3633) * Allow defining imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use dict for imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Simplify how imagePullSecrets is defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix race condition in pCache (#3632) * fix race condition in pCache Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact: remove unused Run function from generate (#3638) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Remove helm mode setting (#3628) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * refactor: image utils (#3630) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * -resolve lift comments; -fix informer sync issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact the update request cleanup controller Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - fix delete request for mutateExisting; - fix context variable substitution; - improve logging Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable events; - add last applied annotation Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate existing on policy creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * update autogen code Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * address list comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix "Implicit memory aliasing in for loop" Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove unused definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-25 12:20:40 +00:00
Sambhav Kothari	ec4e4ba452	Add support for custom image extractors (#3596 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-14 09:08:30 -07:00
Charles-Edouard Brétéché	339cac028e	chore: add some make help comments (#3560 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-07 10:48:47 +05:30
Charles-Edouard Brétéché	4b3de26433	refactor: use BackgroundProcessingEnabled method (#3544 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 04:16:45 +08:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	88afd0dd31	refactor: create e2e infra using make to speed up e2e tests (#3470 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-26 00:08:38 +08:00
Abhi Kapoor	1b10f18086	Drop v1alpha1 PolicyReport CRD (#3437 ) * Drop v1alpha1 PolicyReport CRD Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Drop v1alpha1 kyverno package Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update Makefile to remove references for v1alpha1 Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update helm manifests Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com>	2022-03-22 17:08:25 +00:00
Charles-Edouard Brétéché	4ad7607ea4	chore: add make help target (#3405 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-16 13:48:31 +00:00
Charles-Edouard Brétéché	9ac35f9698	chore: add more codegen target and verifications (#3393 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-16 15:01:35 +05:30
Sambhav Kothari	6498425937	Add a registry flag to allow direct access to container registries in the CLI (#3396 ) * Add a registry flag to allow direct access to container registries in the CLI Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-16 09:56:47 +05:30
Charles-Edouard Brétéché	cc807b383e	chore: makefile should not makefile go.mod (#3394 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-15 16:30:57 +05:30
Charles-Edouard Brétéché	1a1973c1b5	chore: add helm crds to make codegen target (#3375 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: add helm crds to make codegen target Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-14 15:12:29 +00:00
Abhinav Sinha	9bb7238a22	Add `codecov` to CI (#3382 ) * Add `codecov` to CI Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Add `codecov` badge for `main` to `README.md` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * Addressed code review Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-03-14 16:21:27 +08:00
Charles-Edouard Brétéché	de6fa9fd19	fix: generate api reference docs (#3377 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-11 20:02:59 +05:30
Charles-Edouard Brétéché	78239a2947	chore: gen helm crds from config crds (#3356 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 15:07:48 +00:00
Shubham Nazare	4c1a8336b0	Add new test-case-selector flag to test command (#3183 ) * added new test-case flag to test command Signed-off-by: Shubham Nazare <shubham4443@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-03-09 07:40:53 +00:00
Charles-Edouard Brétéché	51501cce9d	chore: check helm docs are up to date (#3310 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-08 15:10:53 +00:00
Charles-Edouard Brétéché	51db68ba20	chore: verify codegen in CI (#3343 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-07 15:13:36 +05:30
Prateek Pandey	4846bd0293	fetch tag across all branches instead of current branch (#3324 ) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-03-01 11:59:28 -08:00
Naman Lakhwani	985e2cc158	adding check for digest and update git command Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-03-01 18:36:16 +05:30
Naman Lakhwani	6b5bcfcc42	correcting makefile latest tag (#3314 ) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-02-28 19:02:24 +00:00
Charles-Edouard Brétéché	b7f6fc81db	feat: gen kyverno-policies helm chart docs (#3301 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-25 16:22:00 +00:00
Sambhav Kothari	c4075af3d1	Improve CLI test times by instantiating openapi controller once (#3297 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-24 23:34:12 +08:00
Sambhav Kothari	e9e96e7b1c	Run E2E tests on all supported k8s versions (#3256 )	2022-02-23 15:52:08 +00:00
Naman Lakhwani	a9c9b25bb5	latest will point to main (#3285 ) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-23 15:30:49 +00:00
skuethe	016771acde	feat: add linux/s390x builds (#3277 ) Signed-off-by: skuethe <56306041+skuethe@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-22 23:40:46 +08:00
Sambhav Kothari	8c7f037c72	Improve E2E test CI timings (#3250 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-17 17:47:35 -08:00
Sambhav Kothari	25c2ad11e4	Fix unused tagTest in helm chart tests (#3174 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-04 23:12:12 +00:00
treydock	4e0d8ca612	Update kyverno-policies chart with latest pod-security policies (#3126 ) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-04 14:47:36 +08:00
shuting	ae4d148318	Update dev image tag in Make targets (#3159 ) * - update dev images tag; - update chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update to use dev tag when setting up e2e tests infra Signed-off-by: ShutingZhao <shuting@nirmata.com> * default chart test image tag for busybox to latest Signed-off-by: ShutingZhao <shuting@nirmata.com> * set image tag to latest for chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * correct tag Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test tag in e2e.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-03 15:41:58 +08:00
Rob Best	7a8c19e0cb	Support registry keychain from cloud providers (#3036 ) * Enable cloud provider registry keychains It's desirable that Kyverno supports using workload identity and other cloud provider metadata services for registry credentials. Signed-off-by: Rob Best <robertbest89@gmail.com> * Always initialize registry keychain This supports using docker configuration on disk and credentials from cloud providers without having to specify image pull secrets. Signed-off-by: Rob Best <robertbest89@gmail.com> * Get pull secrets from kyverno service account It was previously using 'default'. I think it makes more sense to use the service account that Kyverno actually runs with. Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't split empty pull secrets list Signed-off-by: Rob Best <robertbest89@gmail.com> * Add KYVERNO_SVC_ACCOUNT to config manifests Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't retrieve secrets from service account Signed-off-by: Rob Best <robertbest89@gmail.com> * Reduce scope of keychain changes Just enable cloud provider keychains. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-26 07:28:36 +00:00
Naman Lakhwani	1580837526	refactoring github actions to remove duplication and enhancement for versioned sbom's (#2979 ) * initial commit Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * adding docker-buildx-builder to makefile Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * reverting git describe in makefile Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * uploading sbom for each kyverno image Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * small nits Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * scanning image before pushing and removed cosign.pub Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>	2022-01-18 15:07:59 -08:00
Sambhav Kothari	1af9e48b0d	Add image data to validate image configs (#2946 ) * Add image data to validate image configs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add tests for image context Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add e2e test cases for image size policy Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-17 04:06:44 +00:00
Naman Lakhwani	8350aadc58	Fix: CI job to release images (#2929 ) * making required changes in images workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> * making required changes in release workflow Signed-off-by: Namanl2001 <namanlakhwani@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-10 14:10:44 +00:00
Naman Lakhwani	760ec6830d	removing docker buildx (#2922 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 16:09:32 +00:00
Naman Lakhwani	cda6310249	fix in image workflow (#2921 ) Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>	2022-01-06 22:48:20 +08:00
shuting	df105ff596	Improve endpoint check (#2902 ) * improve endpoint checks Signed-off-by: ShutingZhao <shuting@nirmata.com> * update make target for the local build Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove debug log Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-05 07:47:42 +00:00
shuting	9631d1d196	fix buildversion for local build (#2887 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-03 20:40:55 +05:30
Abhinav Sinha	2076f07b9f	added support for --git-branch flag and directory in git path for kyverno test cmd (#2763 ) * added support for --git-branch flag and directory in git path for kyverno test cmd Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added cli tests Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * replaced hard-coded Makefile test-cmd branch names with var GIT_BRANCH Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * moved `test-cmd` job from Makefile to github workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> * added `release*` branch to `e2e` workflow Signed-off-by: Abhinav Sinha <zeborg3@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-12-20 14:09:53 +08:00
shuting	f4614213e5	Test publishing dev-test images (#2848 ) * publish dev-* images Signed-off-by: ShutingZhao <shuting@nirmata.com> * add LD_FLAGS_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * add IMAGE_TAG_LATEST_DEV Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test statement Signed-off-by: ShutingZhao <shuting@nirmata.com>	2021-12-17 02:46:59 +00:00
Jim Bugwadia	b17e76493e	tighten and clarify Kyverno roles and permissions (#2799 ) * update roles and rolebindings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert label and fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * restrict role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix whitespace Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests and roles Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove ingress extensions/v1beta1 Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * tighten and clarify Kyverno roles and permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fake commit to trigger workflows Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert tests and update test role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add newlines Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove update role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove invalid param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cleanup roles in Helm templates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove `mutate` cluster role binding Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-12-10 04:34:06 +00:00
Prateek Pandey	911bebcf4d	[docs]: sync api docs with latest api changes (#2808 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-09 14:44:29 +00:00
Batuhan Apaydın	b5615b6380	feat: create new builder for buildx (#2703 ) Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Turkal <furkan.turkal@trendyol.com>	2021-11-10 21:07:40 +01:00
treydock	6c46ffffd9	Allow Helm CRD management to be disabled (#2655 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-11-01 19:21:10 -07:00
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Marcus Noble	a923dce631	Cleanup imports (#2635 ) Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>	2021-10-29 12:24:26 +02:00
ShubhamPalriwala	a0c963c48b	rename make command to remove warning Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-10-29 10:18:16 +05:30
ShubhamPalriwala	5417b9d3c1	feat: shift sigs and sbom Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>	2021-10-13 21:34:04 +05:30
Kumar Mallikarjuna	254be4c1d3	Leader Election for initContainer (#2489 ) * Local build Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Leader Election for initContainer Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Lease deletion Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Use wrc client Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * log error out Signed-off-by: ShutingZhao <shutting06@gmail.com> Co-authored-by: ShutingZhao <shutting06@gmail.com>	2021-10-06 16:12:07 -07:00
NoSkillGirl	5ca33ce902	Merge branch 'main' of github.com:kyverno/kyverno into feat/support_mutate_in_cli	2021-10-05 12:23:34 +05:30
vivek kumar sahu	ae6f6c327f	Added Code to support the test command for mutate policy (#2279 ) * Added test-e2e-local in the Makefile * Added a proper Indentation * Added 3 more fields * Added getPolicyResourceFullPath function * Updating the patchedResource path to full path * Converts Namespaced policy to ClusterPolicy * Added GetPatchedResourceFromPath function * Added GetPatchedResource function * Checks for namespaced-policy from policy name provided bu user * Generalizing resultKey for both validate and mutate. Also added kind field to this key * Added Type field to PolicySpec * To handle mutate case when resource and patchedResource are equal * fetch patchResource from path provided by user and compare it with engine patchedResource * generating result by comparing patchedResource * Added kind to resultKey * Handles namespaced policy results * Skip is required * Added []response.EngineResponse return type in ApplyPolicyOnResource function namespaced policy only surpasses resources having same namespace as policy * apply command will print the patchedResource whereas test will not * passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case * default namespace will printed in the output table if no namespace is being provided by the user * Added e2e test for mutate policy and also examples for both type of policies * Created a separate function to get resultKey * Changes in the resultKey for validate case * Added help description for test command in the cli * fixes code for more test cases * fixes code to support more cases and also added resources for e2e-test * some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc. * Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice. * Added kind in the result section of test.yaml for all test-cases * engineResponse will handle different types of response * GetPatchedResource() uses GetResource function to fetch patched resource Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-10-05 11:11:54 +05:30

1 2 3 4 5 ...

324 commits