21 commits

Author	SHA1	Message	Date
Charles-Edouard Brétéché	ab6fc0ad1b	fix: reduce tls package dependencies (part 2) (#8109) ... Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-25 11:24:52 +00:00
Charles-Edouard Brétéché	59c2a5d813	fix: reduce tls package dependencies (#8107) ... Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-24 11:52:57 +00:00
Fish-pro	fdfdcc058f	Remove dependency on github.com/pkg/errors (#6165) ... Signed-off-by: Fish-pro <zechun.chen@daocloud.io>	2023-02-01 14:38:04 +08:00
Charles-Edouard Brétéché	c8185feb11	fix: use lister for CA secret (#5598) ... Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-07 14:08:37 +08:00
Charles-Edouard Brétéché	090b68e55d	feat: make cert renewer private and add server name support (#4904) ... * fix: remove unnecessary dependencies from tls package Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: make cert renewer private and add server name support Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-13 09:46:05 +00:00
Charles-Edouard Brétéché	205bb28b52	feat: add typed client support and metrics wrapper (#4724) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-29 17:12:50 +05:30
shuting	3bf3dcc1af	Add the metric "kyverno_client_queries_total" (#4359) ... * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-31 11:33:47 +05:30
Charles-Edouard Brétéché	666bcb3c15	chore: make k8s api import aliases consistent (#3950) ... * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 22:14:31 +08:00
Charles-Edouard Brétéché	97cf1b3e95	feat: gracefull certificates rotation support (#3890) ... * refactor: remove deployment hash on certs secrets Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add label on kyverno webhooks Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: implement update ca bundle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * test: set very low validity and expiration intervals Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: writing secret Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add renew ca Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * decouple ca and tls validity duration Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactored code, everything is in place to finalize implementation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * use real validity periods Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-05-12 14:07:25 +00:00
Charles-Edouard Brétéché	8f825bb040	refactor: remove deployment hash on certs secrets (#3886) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 16:58:14 +02:00
Charles-Edouard Brétéché	c2602d8181	refactor: cleanup tls package (#3854) ... * refactor: init certs with certs renewer directly Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: cleanup tls package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 08:05:13 +00:00
Charles-Edouard Brétéché	a32d0f8029	fix: include ca key in secret (#3804) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-11 07:11:50 +00:00
Charles-Edouard Brétéché	2064a69b8a	refactor: make config vars private (#3823) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-11 06:14:30 +00:00
Charles-Edouard Brétéché	bfc4290285	chore: enable more linters (#3862) ... * chore: enable deadcode and unused linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: enable more linters Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 21:20:04 +05:30
Charles-Edouard Brétéché	967ad7cb8e	refactor: remove the need for self-signed annotation on cert secret (#3850) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-10 08:58:51 +00:00
Charles-Edouard Brétéché	a6924a11ab	refactor: use typed k8s client in tls package (#3678) ... Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-26 20:18:14 +00:00
Kumar Mallikarjuna	037a320fba	Added TLS annotation check in the initContainer (#2956) ... * Added TLS annotation check in the initContainer Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor annotation addition code Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Strict error reporting Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Error handling for Secrets Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated error conditions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update for nil error Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-11 08:47:24 +00:00
Kumar Mallikarjuna	4410b6adc3	Fix condition for rolling update (#2930)	2022-01-07 17:33:01 +00:00
Kumar Mallikarjuna	214f338ec3	Fix TLS inconsitency in HA (#2910) ... * Fix TLS inconsitency in HA Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add error checks Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove rendundant err definitions Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Handle all Secret errors Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-06 09:11:16 +00:00
shuting	e9952fbaf2	Remove secret from default resourceCache (#1878) ... Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-05-04 22:10:01 -07:00
shuting	c816cf3d69	Add certificate renewer in webhook registration controller (#1692) ... * load TLS pair from existing secret, if applicable Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove Kyverno managed secrets during shutdown Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add certificate renewer; - re-structure certificate package Signed-off-by: Shuting Zhao <shutting06@gmail.com> * commit un-saved file Signed-off-by: Shuting Zhao <shutting06@gmail.com> * eliminate throttling requests while registering webhook configs Signed-off-by: Shuting Zhao <shutting06@gmail.com> * disable webhook monitor (in old pod) during rolling update Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove webhook cleanup logic from init container Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update PR template Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update link to the website repo Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update repo name Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-03-16 11:31:04 -07:00