mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3425 commits 16 branches 550 tags 288 MiB
Commit graph

3425 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arsh Sharma
7e9be24d90
updating minio verison (#1956) 2021-06-09 19:16:26 -07:00
Vyankatesh Kudtarkar
9d00348a52
Fix: mutate policies kept applying to these terminating Pods (#1978) 
* Fix Dev setup

* Fix mutate policies kept applying to these terminating Pods

* fix patch resource issue

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-06-09 18:34:10 -07:00
Vineeth Reddy
6d2cb87370
change min support kubernetes version to 1.16 for kyverno 1.4 (#1935) 
* change min support kubernetes version to 1.16 for kyverno 1.4

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* migrate deployment to apps/v1

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>
 2021-06-08 13:14:28 -07:00
Shuting Zhao
2ca824210d tag v1.4.0-rc1 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-08 13:09:20 -07:00
shuting
e9a972a362
feat: HA (#1931) 
* Fix Dev setup

* webhook monitor - start webhook monitor in main process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leaderelection

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* - add isLeader; - update to use configmap lock

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add initialization method - add methods to get attributes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove newContext in runLeaderElection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to GenerateController

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add leader election to generate cleanup controller

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Gracefully drain request

* HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920)

* enable leader election for webhook register

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* extract certManager to its own process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* leader election for cert manager

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* certManager - init certs by the leader

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy report controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* rebuild leader election config

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start informers in leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start policy informers in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* enable leader election in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* move eventHandler to the leader election start method

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add clusterrole leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixed generate flow (#1936)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* - init separate kubeclient for leaderelection - fix webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup Kyverno managed resources on stopLeading

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* tag v1.4.0-beta1

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix cleanup process on Kyverno stops

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* bump kind to 0.11.0, k8s v1.21 (#1980)

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
Co-authored-by: vyankatesh <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
 2021-06-08 12:37:19 -07:00
Jim Bugwadia
eaa96f3def
Merge pull request #1974 from vyankyGH/update/e2e-test 
Update e2e tests
 2021-06-08 11:56:20 -07:00
Ahmed Waleed Malik
3c4c6dae92
Remove runAsUser specification from Security Context (#1972) 
This fails on openshift since we cannot specify users within this range. Also, this template should be as close as possible to the vanilla manifest for deployment https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml

Vanilla manifest omits the user specification https://github.com/kyverno/kyverno/blob/main/definitions/release/install.yaml#L2478

Signed-off-by: Waleed Malik <ahmedwaleedmalik@gmail.com>
 2021-06-08 10:14:20 -07:00
RinkiyaKeDad
d1be681773 replacing pod security standard from default to baseline 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-08 13:02:02 +05:30
vyankatesh
ab959d0ca4 bump kind to 0.11.0, k8s v1.21 2021-06-08 11:18:48 +05:30
vyankatesh
4ae3f2469f Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-06-08 11:02:43 +05:30
Vyankatesh Kudtarkar
8eb1d4c7fb
Update variable paths when auto generate the controller rules (#1914) 
* Fix Dev setup

* Update variable paths

* fix testcase issue

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-06-07 13:35:53 -07:00
Yashvardhan Kukreja
a931f8f8f5
added: admission_request_timestamp for kyverno_admission_review_latency_milliseconds and a small fix (#1970) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-06-07 12:53:13 -07:00
Pooja Singh
e227636271
1947/e2e generate policy (#1951) 
* fixed generate flow

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added test for generate policy with clone

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small conflict fix

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* print logs for e2e

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changing log level

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added wait while creating policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* remove log level from e2e

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added a clusterpolicy check while creating a namespaced resource in e2e tests

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated the github_action name for e2e tests

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changing waiting time to 1 sec

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* remove log

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-07 12:36:00 -07:00
Yashvardhan Kukreja
10e23da431
added: JSON for Grafana Dashboard (#1952) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-06-03 13:33:58 -07:00
Jim Bugwadia
5dfd16ce44
Merge pull request #1946 from RinkiyaKeDad/1944_more_than_fix 
fix operator matching with spacing
 2021-06-02 23:06:03 -07:00
vyankatesh
eceaa3c77a Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-06-03 11:33:25 +05:30
RinkiyaKeDad
29c6e901ab added test, removed comment 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-03 11:16:50 +05:30
Pooja Singh
d9ad564989
fixed generate flow (#1948) 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-02 12:09:48 -07:00
Pooja Singh
605d182ee3
e2e test cases for generate (#1835) 
* added sample test

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when creating the new namespace without the label, there should not have any generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when adding the matched label to the namespace, the target resource should be generated

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* trying to check updated network policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when synchronize flag is set to true in the policy, one cannot delete the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* trying to check updated generate policy

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: change synchronize to false in the policy, the label in generated resource should be updated to policy.kyverno.io/synchronize: disable

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: when changing the content in generate.data, the change should be synced to the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* case: with synchronize==false, one should be able to delete the generated resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* handling error

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added retrying

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* minor e2e fixes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* e2e fixes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logs of mutate error

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing configmap using BY

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing print statements

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* print configmap name

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* printing complete configmap

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-02 11:48:28 -07:00
RinkiyaKeDad
e94479717c fixed spacing problem in operators 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-02 12:16:54 +05:30
shuting
1412c1f84e
- update version to v1.3.6; - split Kustomization manifests; - revert release/install.yaml (#1945) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-01 21:58:37 -07:00
William Montgomery
42131482fa
BugFix: move app: kyverno to labels for tutorial (#1943) 
While trying out the tutorial found a recent change that caused the tutorial to not work.

```bash
$ k create -f install.yaml
namespace/kyverno created
customresourcedefinition.apiextensions.k8s.io/clusterpolicies.kyverno.io created
customresourcedefinition.apiextensions.k8s.io/clusterpolicyreports.wgpolicyk8s.io created
customresourcedefinition.apiextensions.k8s.io/clusterreportchangerequests.kyverno.io created
customresourcedefinition.apiextensions.k8s.io/generaterequests.kyverno.io created
customresourcedefinition.apiextensions.k8s.io/policies.kyverno.io created
customresourcedefinition.apiextensions.k8s.io/policyreports.wgpolicyk8s.io created
customresourcedefinition.apiextensions.k8s.io/reportchangerequests.kyverno.io created
serviceaccount/kyverno-service-account created
clusterrole.rbac.authorization.k8s.io/kyverno:admin-policies created
clusterrole.rbac.authorization.k8s.io/kyverno:admin-policyreport created
clusterrole.rbac.authorization.k8s.io/kyverno:admin-reportchangerequest created
clusterrole.rbac.authorization.k8s.io/kyverno:customresources created
clusterrole.rbac.authorization.k8s.io/kyverno:generatecontroller created
error: error validating "install.yaml": error validating data: ValidationError(ClusterRole.metadata): unknown field "app"
f you choose to ignore these errors, turn validation off with --validate=false
```

Signed-off-by: William Montgomery <wmontgomery@apexclearing.com>
 2021-06-01 17:22:56 -07:00
Nicolas Lamirault
62c4cd7e3d
Recommanded Kubernetes labels and custom labels (#1873) 
* Add: Recommanded Kubernetes labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: feature to add custom labels to resources metadata

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: manage labels with Kustomize

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label for chart

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: make kustomize-crds

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: refactoring labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: clean kustomize code

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: typo

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: application version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-06-01 11:54:33 -07:00
Bricktop
d8ad5ba8c8
Remove unneeded fmt error (#1927) 
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-06-01 10:54:21 -07:00
Jim Bugwadia
8ffe9c0c5d
Merge pull request #1934 from kyverno/readme/add-contributing-details 
add details on contributing
 2021-05-27 13:14:35 -07:00
Jim Bugwadia
e6a0f387d9 add details on contributing 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-05-27 12:29:53 -07:00
shuting
cd4d738667
Merge pull request #1877 from yashvardhan-kukreja/prometheus-integration-setup 
feat: Prometheus metrics integration
 2021-05-26 12:31:21 -07:00
Yashvardhan Kukreja
b0ef84c581 added e2e tests: ensuring the availability of kyverno's prometheus metrics-server 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:09:17 +05:30
Yashvardhan Kukreja
8eae8ec492 feat: added support for exposing the metrics via kyverno-svc service 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:06:40 +05:30
Yashvardhan Kukreja
72aa739395 feat: added kyverno_admission_review_latency_milliseconds metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:06:40 +05:30
Yashvardhan Kukreja
b8f8a47d8d feat: added kyverno_policy_rule_execution_latency_milliseconds metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:06:36 +05:30
Yashvardhan Kukreja
43a138a12b feat: added kyverno_policy_rule_results_info metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:05:14 +05:30
vyankatesh
e5a4dc180d Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-05-21 18:22:16 +05:30
windowsrefund
69ba308687 eliminate duplicate env key 2021-05-20 11:21:47 -04:00
Shuting Zhao
4f79f44f9f tag v1.3.6 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-17 11:39:39 -07:00
vyankatesh
34fc83f677 Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-05-17 11:26:10 +05:30
Yashvardhan Kukreja
833d097c0a
feat: added kyverno_policy_changes_info metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 18:07:32 +05:30
Yashvardhan Kukreja
fea074f493
feat: added kyverno_policy_rule_info_total metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 18:07:32 +05:30
Yashvardhan Kukreja
bb80e1b641
added: initial prometheus client setup 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 13:06:14 +05:30
Shuting Zhao
5dcb03e6f5 tag v1.3.6-rc5 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-13 12:44:34 -07:00
Max Goncharenko
158b58f819
Fix {{@}} behavior (#1908) 
* fixed {{@}} behavior

Signed-off-by: Max Goncharenko <kacejot@fex.net>

* removed white space from test

Signed-off-by: Max Goncharenko <kacejot@fex.net>
 2021-05-13 12:27:45 -07:00
shuting
adcb89a1b5
Update to use gvk to store OpenAPI schema (#1906) 
* bump swagger doc to 1.21.0

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* stores openapi schema by gvk

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix schema validation in CLI

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add missing resource lists

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add e2e tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address review doc comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-13 12:03:13 -07:00
Vyankatesh Kudtarkar
d48f21f6fd
Fix GVK issue for policy cache (#1904) 
* Fix Dev setup

* fix GVK Issue for policy cache

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-05-11 12:45:34 -07:00
vyankatesh
e6db5c7a59 Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-05-11 11:13:36 +05:30
Shuting Zhao
edd33a6d09 tag v1.3.6-rc4 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-10 10:18:38 -07:00
Simon Metzger
a65a85e55c
allow only supplementalGroups greater 0 (#1901) 
Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
 2021-05-10 10:14:08 -07:00
Jim Bugwadia
c6b43d65df
Merge pull request #1899 from kyverno/feature/update_readme 
update star link
 2021-05-10 09:52:02 -07:00
vyankatesh
445394a442 Merge branch 'main' of https://github.com/kyverno/kyverno into main 2021-05-10 12:02:59 +05:30
Jim Bugwadia
27af5066d2 update star link 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-05-07 19:26:57 -07:00
Shuting Zhao
55a987ed5e tag v1.3.6-rc3 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-05-07 19:03:43 -07:00