mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
1266 commits 17 branches 550 tags 289 MiB
Commit graph

605 commits

Author SHA1 Message Date
Shuting Zhao
cac41d9fda using anyPattern for allowed image registries 2019-10-07 14:34:32 -07:00
Shuting Zhao
87d9cdd9dd best practice: volume white list 2019-10-07 12:46:34 -07:00
Shuting Zhao
16a851cd8b update sysctl 2019-10-07 11:35:04 -07:00
Shuting Zhao
c80f9e0f9d best_practice: sysctl 2019-10-07 11:21:14 -07:00
Shuting Zhao
2243e9e2e7 best practice: validate container capability 2019-10-04 18:15:39 -07:00
Shuting Zhao
0c09ba53eb best-practice: validate default proc mount 2019-10-04 17:48:57 -07:00
Shuting Zhao
1bd8663e4c add selinux best practice 2019-10-04 17:28:42 -07:00
Shuting Zhao
04c147eb77 add security context "fsgroup" 2019-10-04 16:50:23 -07:00
Shuting Zhao
57456e5f06 improve code 2019-10-03 18:19:47 -07:00
Shuting Zhao
ae393f567d make validation checks on different block internally 2019-10-03 17:53:46 -07:00
Shuting Zhao
e20d86f45c remove duplicate code: hasMutate.. 2019-10-03 17:00:05 -07:00
Shuting Zhao
c56c5c365d Provide more details to policy validation errors 2019-10-03 16:49:41 -07:00
Shuting Zhao
572418795a add validate checks for generate 2019-10-03 14:47:50 -07:00
Shuting Zhao
9d0b4c7d30 validate anchor in mutate and validate rule 2019-10-03 12:52:58 -07:00
shivkumar dudhani
c4e263564f CR: uncomment deadcode 2019-10-01 16:59:26 -07:00
shivkumar dudhani
7782c776f1 merge with master 2019-10-01 16:28:54 -07:00
Shivkumar Dudhani
e02d334dfc
Merge pull request #358 from nirmata/346_validate_policy 
346 validate policy
 2019-10-01 16:25:09 -07:00
Shuting Zhao
3ee2d57694 ignore kinds check on exclude resource description 2019-10-01 15:01:24 -07:00
shivkumar dudhani
515a31199e update equality operator 2019-10-01 13:08:34 -07:00
Shuting Zhao
a620c14c58 fix PR comment 2019-10-01 12:41:10 -07:00
shivkumar dudhani
17d80a08c0 introduce equality anchor 2019-10-01 12:35:14 -07:00
Shuting Zhao
8b174235df add unit tests 2019-10-01 11:50:10 -07:00
shivkumar dudhani
c3a2256c1c process policy in namespaces 2019-09-28 15:39:06 -07:00
shivkumar dudhani
56b2d2990b clean up 2019-09-28 14:20:39 -07:00
shivkumar dudhani
808cccb421 update validation logic 2019-09-28 14:09:46 -07:00
Shuting Zhao
28bb9c80b4 validate existing anchor of validate rule 2019-09-27 19:03:55 -07:00
Shuting Zhao
a72a73b8a9 fix warning 2019-09-27 16:35:09 -07:00
Shuting Zhao
8a7250ffef refactor policy validation, moved to pkg/api/kyverno 2019-09-27 16:31:27 -07:00
Shuting Zhao
76ad9406b1 only allow one type of rule defined in a single rule 2019-09-26 18:02:24 -07:00
shivkumar dudhani
ae3059b858 unit test initial check 2019-09-26 11:00:30 -07:00
shivkumar dudhani
087efffd96 support existance on list type 2019-09-25 21:01:45 -07:00
shivkumar dudhani
974fff169a support evaluation of nested values 2019-09-25 16:06:37 -07:00
shivkumar dudhani
c65f12b97b initial commit 2019-09-25 15:12:33 -07:00
Shuting Zhao
5e0415911a add best-practice: policy_validate_disallow_default_serviceaccount 2019-09-16 14:16:54 -07:00
shuting
3d02f81434
Merge pull request #351 from nirmata/348_feature_wildcardsNamespaces 
support wild cards for namespaces in rule resource description
 2019-09-12 23:06:51 -07:00
shivkumar dudhani
44af35d6e4 support wild cards for namespaces in rule resource description 2019-09-12 17:11:55 -07:00
shivkumar dudhani
5dab189743 fix event resource name + add filtered kinds to policy controller & namespace + fix messages 2019-09-12 15:04:35 -07:00
Shuting Zhao
e6a5b1ceb8 add namespace_quota testrunner 2019-09-10 12:27:21 -07:00
Shuting Zhao
2e22c21164 add policy_validate_disallow_node_port.yaml 2019-09-10 11:57:33 -07:00
Shuting Zhao
6ecec2f5a7 add resource_quota testrunner 2019-09-09 23:55:14 -07:00
Shuting Zhao
3237f3d799 add policy_validate_not_readonly_rootfilesystem.yaml 2019-09-09 18:13:38 -07:00
Shuting Zhao
3eeba1a32b add policy_validate_hostPID_hosIPC.yaml 2019-09-09 17:34:25 -07:00
Shuting Zhao
d0fd3e69ef update testrunner, unit test for validate_host_network_port 2019-09-09 16:08:15 -07:00
Shuting Zhao
0fe5a065dd add validate_hostpath testrunner 2019-09-09 15:06:54 -07:00
Shuting Zhao
b494dec7f3 add validate_namespace test runner 2019-09-09 14:33:55 -07:00
Shuting Zhao
d92026f94a add disallow_priviledgedprivelegesecalation test runner 2019-09-09 10:56:19 -07:00
Shuting Zhao
ae8264deae Merge branch 'best_practice_policies' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/policy_validate_container_disallow_priviledgedprivelegesecalation.yaml
#	examples/best_practices/policy_validate_container_security_context.yaml
#	examples/best_practices/validate_container_security_context.yaml
 2019-09-09 10:36:56 -07:00
Shuting Zhao
b667c47587 update testrunner for examples/best_practices/policy_validate_container_security_context.yaml 2019-09-06 18:54:19 -07:00
Shuting Zhao
bc087d7918 Merge branch 'master' of https://github.com/nirmata/kyverno into best_practice_policies 
# Conflicts:
#	examples/best_practices/validate_default_namespace.yaml
 2019-09-06 17:04:44 -07:00
shivkumar dudhani
2669b0ae6b set default ValidationFailureAction to 'audit' 2019-09-06 10:18:45 -07:00