kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00

Author	SHA1	Message	Date
Frank Jogeleit	deab83d62f	reconcile only PolicyReports managed by kyverno (#10794 ) Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-06 12:43:47 +00:00
Charles-Edouard Brétéché	6e1def1004	feat: remove v1alpha2 group/version (#10500 ) * feat: remove v1alpha2 group Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 08:08:15 +00:00
shuting	fb9c66f455	feat(perf): add new linter `prealloc` to enforce slice declarations best practice (#10250 ) * feat(perf): add new linter prealloc to enforce slice declarations best practice Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(linter): prealloac slices Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-20 14:46:35 +05:30
Vishal Choudhary	e66a550560	fix: fetch only adopted ephemeral report (#10148 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-04-30 15:17:24 +00:00
Khaled Emara	c9055ac2ff	fix(autogen): only generate rule for request kind (#9984 ) * fix(autogen): only generate rule for request kind Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(autogen): use jsoniter instead of std for json Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(atogen): use sets instead of manipulating strings Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(autogen): formatting linter Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(autogen): backwards compatability Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * revert(autogen): old behavior Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: builds error Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: ShutingZhao <shuting@nirmata.com>	2024-04-04 08:09:30 +00:00
Charles-Edouard Brétéché	7775541b46	fix: reports aggregation (#9697 ) * chore: rename admission to ephemeral in reports aggregation controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reports aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * second queue Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-08 10:36:01 +00:00
Charles-Edouard Brétéché	6f440ab6c0	chore: rename admission to ephemeral in reports aggregation controller (#9690 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-07 10:29:56 +00:00
Charles-Edouard Brétéché	64176cdbea	fix: don't delete garbage collected policy reports (#9679 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-07 07:10:51 +00:00
Charles-Edouard Brétéché	e969e29eb8	chore: remove reports aggregation per namespace (#9570 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 23:08:47 +00:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Charles-Edouard Brétéché	6cf57ee81f	fix: make sure we don't modify reports not owned by kyverno (#8502 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-22 04:01:21 +00:00
Charles-Edouard Brétéché	c1978d97a6	fix: use vap map in report aggregation (#8458 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-20 08:32:38 +00:00
Charles-Edouard Brétéché	2444b7c670	refactor: add per resource reports aggregation (#8426 ) * refactor: add per resource reports aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * added controller implementation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * vaps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-20 14:51:32 +08:00
Charles-Edouard Brétéché	fa36f76cf9	refactor: move per namespace reports aggregator in a sub package (#8419 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-09-15 08:41:36 +00:00
Mariam Fahmy	d3dbd52f75	fix typo (#8399 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-09-14 13:52:24 +00:00
Mariam Fahmy	8732183cc6	feat: generate backgroundscan reports for validating admission policies (#8135 ) * feat: generate backgroundscan reports for validating admission policies Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: skip validate check images if errors are encourted when validating the resource Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-09-05 11:42:17 +00:00
Charles-Edouard Brétéché	7d74eb3ab0	fix: propagate registration and error in controllerutils pkg (#8192 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-08-31 20:08:29 +00:00
Frank Jogeleit	5d5011d5d9	feat: hold custom labels (#7416 ) * feat: hold custom labels Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> * fix: remove unnecessary SetLabels Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com> --------- Signed-off-by: Frank Jogeleit <frank.jogeleit@lovoo.com>	2023-06-05 10:37:28 +00:00
Charles-Edouard Brétéché	1e30aacbd9	fix: replace more refect.DeepEqual (#6674 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-03-24 10:01:49 +00:00
Charles-Edouard Brétéché	aaab55a036	feat: improve background scan reports enqueue logic (#5810 ) * feat: improve background scan reports enqueue logic Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl timeout Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-01-03 13:51:37 +00:00
Charles-Edouard Brétéché	3975323362	chore: bump deps including k8s ones (#5751 ) * chore: bump deps including k8s ones Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-12-21 22:33:51 +00:00
Charles-Edouard Brétéché	a6aaffded3	feat: add cleanup handler (#5576 ) * feat: add cleanup handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * service Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-12-07 10:30:47 +00:00
Charles-Edouard Brétéché	56aae9f505	fix: admission reports stacking up (#5457 ) * fix: admission reports stacking up Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * warmup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix logger Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-24 14:21:08 +01:00
Charles-Edouard Brétéché	786e595c06	feat: add policy label to policy reports (#5198 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-04 07:55:41 +00:00
Charles-Edouard Brétéché	076f2c3c49	fix: deletion of reports not belonging to kyverno (#5194 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-02 10:08:54 +00:00
Charles-Edouard Brétéché	547771a221	fix: use pagination to aggregate reports (#5190 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-02 15:10:48 +08:00
Charles-Edouard Brétéché	c4b3301ab0	fix: go routines not gracefully shut down in controllers (#5022 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-10-19 08:54:48 +00:00
Charles-Edouard Brétéché	cdfac95cdb	fix: account for policy/rule deletion in aggregated reports (#5048 ) * fix: account for policy/rule deletion in aggregated reports Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce delay Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-19 08:16:28 +00:00
Charles-Edouard Brétéché	5a09a78350	feat: add controller logger helper (#5029 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-18 14:42:43 +00:00
Charles-Edouard Brétéché	1509fa6251	refactor: non leader controllers management (#4831 )	2022-10-06 18:38:35 +08:00
Charles-Edouard Brétéché	25cf8d6c1e	fix: add workers to the controller interface (#4776 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-03 07:55:59 +00:00
yinka	688b4fb8e3	add package logger in files (#4766 ) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché	287eb84d07	refactor: use context in controllers instead of chan (#4761 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-30 16:54:47 +05:30
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30

35 commits