mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4520 commits 16 branches 550 tags 288 MiB
Commit graph

17 commits

Author SHA1 Message Date
Prateek Pandey
9226873e68
feat: split policy report per policy bases (#4147) 
* feat: split policy report per policy bases

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add policy name as a handler key

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* update merge change request logic

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* handle the delete resource update on policy report

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* add splitPolicyReport feature gate

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* delete old reports if splitPolicyReport feature enable

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* use trim policyname as label and create name

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* fix change request result

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-06-28 15:27:57 +00:00
shuting
77fb10a430
Clean up RCRs if the count exceeds the threshold (#4148) 
* Clean up RCRs if the count exceeds the limit

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Sets reports to inactive on resourceExhausted error

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix linter

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Add a container flag changeRequestLimit

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Skip generating RCRs if resourceExhausted error occurs

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* set default RCR limit to 1000

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Update log messages and CHANGELOG.md

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Address review comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Extract mapper to a separate file

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-06-28 06:18:57 +00:00
Charles-Edouard Brétéché
41a3f6c388
chore: make kyverno informers and listers import aliases consistent (#3958) 
* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make dclient api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make clients import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make kube informers and listers import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make kyverno informers and listers import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-05-18 04:02:31 +00:00
Charles-Edouard Brétéché
5aaf2d8770
chore: make kyverno api import aliases consistent (#3939) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 13:12:43 +02:00
Charles-Edouard Brétéché
0099ef54ad
chore: enable gofmt and gofumpt linters (#3931) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-17 06:19:03 +00:00
Charles-Edouard Brétéché
97e5e64fd4
chore: enable whitespace linter (#3864) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-05-10 17:01:29 +00:00
Charles-Edouard Brétéché
6e07acdd87
refactor: replace clientset by inteface (#3774) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-05-02 20:30:07 +00:00
Marcus Noble
8690f8b142
Handle reports with missing result property (#2696) 
* Handle reports with missing result property

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Make use of type structs

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Fix import

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>

* Fix cast from map to struct

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
 2021-11-09 12:03:15 +01:00
Jose Armesto
831a9826d1
Restructure project to follow standards (#2632) 
Signed-off-by: Jose Armesto <github@armesto.net>
 2021-10-29 18:13:20 +02:00
Frank Jogeleit
c522343c03
Update PolicyReport CRDs to wgpolicyk8s.io/v1alpha2 (#1825) 2021-08-21 10:35:17 -07:00
shuting
104cd310e8
Cleanup Report Change Requests (#2134) 
* clean up RCRs if retry fails

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup report change request when background scan starts

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add verb deletecollection to ClusterRole kyverno:customresources

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-07-14 09:57:16 -07:00
shuting
fd9acf21a7
Auto-recover policy report (#1730) 
* auto-recover policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add flag background-scan to tune this interval

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup webhook configurations when Kyverno deployment is deleted

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reconcile policy reports if Kyverno Configmap changes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-25 12:28:03 -07:00
shuting
6fc349716c
Switch to use annotations to store resource info in cluster/reportChangeRequest (#1625) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes #1480

* store resource name and kind in (c)rcr's annotation
 2021-02-19 09:09:41 -08:00
shuting
8dcfa185b1
Remove duplicate results' entries from policy report (#1559) 
* remove duplicate results' entries from policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* improve error reporting when removing duplicate result entries

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-08 14:42:17 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
Shuting Zhao
2d8092d97c fixes https://github.com/kyverno/kyverno/issues/1238 2020-11-18 14:31:43 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00