kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Author	SHA1	Message	Date
Vishal Choudhary	83f2846572	feat: add TSA cert chain support in cosign (#9961 ) * feat: add TSA cert chain support in cosign Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add unit test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-03-30 20:50:07 +00:00
Vishal Choudhary	1a1954002f	fix: add rekor opts to cosign certificate verification and make rekor url optional (#9957 ) * fix: add rekor opts to cosign certificate verification and make rekor url optional Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-03-28 18:17:24 -07:00
rdark	0655f9c59d	Make ports configurable for background-controller & reports-controller (#9939 ) Signed-off-by: Richard Clark <richard@rvvup.com> Co-authored-by: Richard Clark <richard@rvvup.com>	2024-03-28 15:05:19 +00:00
Vishal Choudhary	baa9eb2fd3	chore: bump controller gen to 0.14.0 (#9953 ) * chore: update controller-gen version and cmd controller gen throws an error when multiple instances of the same generator 'crd' in this case is specified. See: kubernetes-sigs/controller-tools#829 Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: generate code Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-03-28 09:33:17 +01:00
Chip Zoller	299e4a0829	Default exclusions in webhooks (#9948 )	2024-03-27 14:49:36 +01:00
Khaled Emara	bd6eff61cb	chore(gctx): document schema better (#9923 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-03-20 19:34:40 +00:00
Khaled Emara	429e84be10	fix(globalcontext): panics and validation (#9903 )	2024-03-14 16:12:39 +00:00
Chahdro	bb0cf4c985	fix: Adjust chart templates to handle hostNetwork set to true (#9864 ) * fix(kyverno-chart): Adjust templates to handle hostNetwork set to true Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> * Change containerPort of cleanup-controller to use server port instead Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> --------- Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-03-12 12:29:01 +00:00
Khaled Emara	511df7a466	fix(globalcontext): old WaitGroup not stopping (#9813 ) * fix(globalcontext): old waitgroup not stopping Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): add AGE Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): add lastRefreshTime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): unhandled intormer run exception Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): comment wording Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): codegen Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): linter Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-02-27 18:24:39 +00:00
Jim Bugwadia	a95cd808a4	update versions (#9783 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2024-02-26 07:26:37 +00:00
Khaled Emara	2b2587469d	feat: enhance global context (#9710 ) * feat(globalcontext): add event handling Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): handle cache sync error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): ensure api is called during init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(events): decouple events from policies a bit Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): use status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): make status optional Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): status update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): codegen Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): delete yaml annotations Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): fix status in tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcotext): update enqueue func Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): rbac Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): retry logic Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): unknown api call in test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * bump Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: set unique name for each testing resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update readme Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: log msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: delay gctce creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: check Kyverno status Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: update chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: revert chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * test(globalcontext): print actual status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add necessary delays and check status before applying Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): long refreshInterval Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: log success Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print informer data Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): use client instead of informer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print status after update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print ResourceVersion Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: remove gcecontroller from other controllers Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): update status only once Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore: remove excess logs Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add store to cleanup controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-23 10:34:04 +00:00
Charles-Edouard Brétéché	7775541b46	fix: reports aggregation (#9697 ) * chore: rename admission to ephemeral in reports aggregation controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reports aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * second queue Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-08 10:36:01 +00:00
Charles-Edouard Brétéché	37340266ba	fix: add missing migrations (#9657 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-05 20:11:35 +01:00
Khaled Emara	589446da5d	chore(globalcontext): drop globalcontext flag (#9652 ) Signed-off-by: Khaled Emara <mail@KhaledEmara.dev> Co-authored-by: shuting <shuting@nirmata.com>	2024-02-05 16:31:08 +00:00
Khaled Emara	8a4d9941de	feat: add globalcontext loader and interface (#9602 ) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-05 11:24:37 +00:00
Anushka Mittal	dd46f9eaf0	sanity check in parent chart for crd-controller mismatch (#9608 ) * samity check in parent chart for crd-controller mismatch Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * shift checks to validate.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 18:28:05 +00:00
Charles-Edouard Brétéché	b532525321	fix: global context crd improvements (#9621 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 17:42:20 +00:00
Charles-Edouard Brétéché	2b712107d2	feat: consider maxAPICallResponseLength (#9620 ) * chore: move global context package out of engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: consider maxAPICallResponseLength Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 15:35:57 +00:00
Vishal Choudhary	10ae9e306c	feat: update refreshInterval in globalcontext CRD to use a duration (#9615 )	2024-02-02 12:06:51 +00:00
Charles-Edouard Brétéché	03af9831f3	feat: add global context support in helm chart (#9614 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 11:37:58 +00:00
Khaled Emara	226fa9515a	feat: add globalcontext controller (#9601 ) * feat: add globalcontext controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * rework controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cmd Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * resync zero Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 10:41:35 +00:00
Charles-Edouard Brétéché	1e0bac2d6f	feat: add global context crd to codegen (#9595 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 12:32:13 +00:00
Anushka Mittal	ce0c704086	Deploy specific controllers (#8849 ) * Initial changes for deploy specific controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Include correct values in values.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Remove check for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Sanity checks for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * resolve lint errors Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add separate flags for all crds; conditions for controller crd relation Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 10:14:05 +00:00
Swastik Gour	141e7d056f	feat: added ability to bump version using in-file editing (#8857 ) * added ability to bump version using in-file editing Signed-off-by: swastik959 <Sswastik959@gmail.com> * corrected error Signed-off-by: swastik959 <Sswastik959@gmail.com> * changed the name and added one Signed-off-by: swastik959 <Sswastik959@gmail.com> * added corrections Signed-off-by: swastik959 <Sswastik959@gmail.com> * few corrections Signed-off-by: swastik959 <Sswastik959@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm tmp Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: swastik959 <Sswastik959@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-31 22:24:56 +08:00
shuting	635f160ae0	feat (generate): add `orphanDownstreamOnPolicyDelete` to preserve downstream on policy deletion (#9579 ) * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add .orphanDownstreamOnPolicyDelete Signed-off-by: ShutingZhao <shuting@nirmata.com> * update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-31 13:50:38 +02:00
Charles-Edouard Brétéché	2b824be667	fix: omit events flag (#9572 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 23:41:13 +00:00
Sanskar Gurdasani	e738dd0124	configured backoff limit in chart cronjobs (#9569 ) * configured backoff limit in chart cronjobs Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Update charts/kyverno/values.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update charts/kyverno/values.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 22:37:07 +00:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
Mariam Fahmy	831bf3c074	feat: reuse --protectManagedResources flag in the cleanup controller (#8566 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-30 07:08:30 +00:00
Charles-Edouard Brétéché	2f9951ed26	fix: helm chart jobs (#9555 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 00:34:09 +00:00
Chip Zoller	bf21328d39	Add Helm note for AKS users (#9552 ) * add note for AKS Signed-off-by: chipzoller <chipzoller@gmail.com> * add README paragraph Signed-off-by: chipzoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: chipzoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 23:42:42 +00:00
Charles-Edouard Brétéché	3234d0c1df	replace wildcard permissions with explicit resources/operations (#9516 ) * replace wildcard permissions with explicit resources/operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * core extra resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 13:35:05 +00:00
Charles-Edouard Brétéché	90cff77300	fix: CRDs codegen (#9542 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 09:45:52 +00:00
Marco Maurer (-Kilchhofer)	2ee9db072a	fix(policies): Add ability to configure skipBackgroundRequests (#9532 ) * fix(policies): Add ability to configure skipBackgroundRequests Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> * fix: Drop trailing spaces to fix CI Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> --------- Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-27 17:42:22 +00:00
shuting	7170cbb0c2	feat:Webhook config per policy (#9483 ) * add spec.webhookConfigurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * update crd Signed-off-by: ShutingZhao <shuting@nirmata.com> * configure webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * register webhook handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * skip storing finegrained policies in cache Signed-off-by: ShutingZhao <shuting@nirmata.com> * update resource validate handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate resource handler for fine-grained policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-27 13:00:22 +00:00
Brian Dunnigan	0ffb382282	#9529 Support adding extra elements to the default resourceFilters list (#9530 ) Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2024-01-26 22:46:20 +00:00
Mariam Fahmy	f01f0d6dc4	feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-26 18:43:07 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Charles-Edouard Brétéché	451d362104	feat: add more granular rbac rules to remove wildcards (#9507 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-24 16:07:18 +00:00
Khaled Emara	3ef598c155	chore(helm): omit normal events by default (#9493 ) * chore(helm): omit normal events by default Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(tests): fix tests related to events Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-24 13:16:18 +01:00
Vishal Choudhary	87c7ce254a	feat: add skipImageReferences in verify images (#8633 ) * feat: add skipImageReferences in verify images Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-23 12:27:39 +00:00
Charles-Edouard Brétéché	0ec8e2292c	fix: align clusterroles and bindings names (#9482 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 15:37:20 +00:00
Charles-Edouard Brétéché	2f4b823030	feat: improve crd migration helm hooks (#9481 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 14:13:29 +00:00
Mariam Fahmy	5fc7e96890	feat: migrate existing cleanup policies to the new storage version in helm hook (#9420 ) * feat: migrate existing cleanup policies to the new storage version in helm hook Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use kyverno CLI migrate command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-22 12:53:36 +01:00
Khaled Emara	566db3abfd	helm: add profiling support (#9338 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-22 02:08:43 +00:00
Mariam Fahmy	ea748276bb	feat: migrate existing policy exceptions to the new storage version in helm hook (#9412 ) * feat: migrate existing policy exceptions to the new storage version in helm Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add permissions for the admission controller to patch exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * move migration hook to a separate directory Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * use cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update admission controller permissions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-21 20:13:56 +00:00
shuting	6e5e7c745a	update bitnami/kubectl (#9408 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-16 06:04:29 +00:00
Mariam Fahmy	303fff21e3	feat: add podLabels to the hook jobs pod template (#9391 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-14 12:58:47 -05:00
treydock	cde4ac7154	Add global nodeSelector (#9339 ) Allow a global node selector to apply to all pods in the kyverno Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2024-01-05 23:28:16 +08:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00

1 2 3 4 5 ...

804 commits