mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4520 commits 16 branches 550 tags 288 MiB
Commit graph

28 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
fc1a4601a7
refactor: introduce wildcard utils package (#4406) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 05:23:01 +00:00
Vyankatesh Kudtarkar
530e38a6f4
fix check depreciated api issue (#4243) 2022-07-21 13:11:39 +08:00
Prateek Pandey
c0cc4b781c
use the unstructured list instead of interface type (#4210) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-07-12 15:07:40 +00:00
Charles-Edouard Brétéché
5aaf2d8770
chore: make kyverno api import aliases consistent (#3939) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 13:12:43 +02:00
Afzal Ansari
3845225db1
refactor: imported pkg redeclared and a few other unused func (#3827) 
* Removes paths redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes v1 redeclared

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes mergeSucceededResults func never used

Signed-off-by: afzal442 <afzal442@gmail.com>

* fixes func unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors getNamespacesForRule unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors policyNamespace unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors replacing loop with ...

Signed-off-by: afzal442 <afzal442@gmail.com>

* refactors func buildPolicyLabel unused

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused func

Signed-off-by: afzal442 <afzal442@gmail.com>

* removes unused comment

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-07 16:44:57 +00:00
Charles-Edouard Brétéché
bb6e9a1ada
refactor: move config controller in controllers package (#3790) 
* refactor: use typed informers and add tombstone support to webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: remove unstructured usage from webhookconfig

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: cert manager controller

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: move config controller in controllers package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-04 16:05:03 +00:00
Charles-Edouard Brétéché
a93ac45586
refactor: move some helpers in utils package (#3539) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-04 18:58:22 +00:00
Charles-Edouard Brétéché
04740c52fa
refactor: use more policy interface (#3510) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-31 12:14:00 +05:30
shuting
d1bf3d4742
clean up dependencies (#3469) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-03-25 08:40:25 +00:00
shuting
ad56087b91
list resources once per policy in the background reconcilliation (#3026) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-19 16:42:01 +00:00
shuting
b6447e0649
Remove resourceCache from engine (#3013) 
* update log messages

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove resourceCache from the background controller when:
- register resource scope
- list resources per namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* - use client call for configmap lookup;
- remove resourceCache from policy controller, webhook server and generate controller

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-18 12:59:35 +00:00
Jose Armesto
1ff16ba5d4
Do not log error when resource is not namespaced (#2730) 
Signed-off-by: Jose Armesto <github@armesto.net>
 2021-11-17 15:09:00 +01:00
Jim Bugwadia
e701b7aceb
re-apply policies to managed pods (#2648) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-11-01 11:08:24 -07:00
Jose Armesto
831a9826d1
Restructure project to follow standards (#2632) 
Signed-off-by: Jose Armesto <github@armesto.net>
 2021-10-29 18:13:20 +02:00
Arsh Sharma
7e9be24d90
updating minio verison (#1956) 2021-06-09 19:16:26 -07:00
Vyankatesh Kudtarkar
299547f376
Matched list to configure the matched resources (#1844) 
* Fix Dev setup

* initial commit

* add testcases for matchlist

* fix e2e issue

* fix comment

* fix issue

* fix lock issue

* revert changes

* fix cache issue

* Fix cache test

* fix policy object

* fix comments

* fix public methos issue

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-05-06 12:02:06 -07:00
shuting
72fd921cb6
fix exclude logic (#1756) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-31 22:02:36 -07:00
shuting
c692263177
Refactor resourceCache; Reduce throttling requests (background controller) (#1500) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-29 17:38:23 -08:00
shuting
e54776ee7e
Bug fix - namespace is not returned properly (#1491) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-22 17:56:41 -08:00
shuting
62a4a3a7da
Reduce throttling - skip sending API request for filtered resources (#1489) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-21 18:58:53 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058) 
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
 2020-08-19 09:07:23 -07:00
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
Shivkumar Dudhani
5b8ab3842b
Support variable substitution (#549) 
* initial commit

* variable substitution

* update tests

* update test

* refactor engine packages for validate & generate

* update vendor

* update toml

* support variable substitution in overlay mutation

* missing update

* fix indentation in logs

* store context values as single JSON document using merge patches.

* remove duplicate functions

* fix message string

* Handle processing of policies in background (#569)

* remove condition check while generating mutation patch as conditions are verified in the first iteration

* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* fix order to correct policy registration

* update comment

Co-authored-by: shuting <shutting06@gmail.com>

* refactor

Co-authored-by: shuting <shutting06@gmail.com>
 2019-12-30 17:08:50 -08:00
shivkumar dudhani
e7607fae87 refactor cluster and oplicy violation cleanup 2019-11-27 11:23:29 -08:00