mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3103 commits 16 branches 550 tags 288 MiB
Commit graph

59 commits

Author SHA1 Message Date
shuting
c816cf3d69
Add certificate renewer in webhook registration controller (#1692) 
* load TLS pair from existing secret, if applicable

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove Kyverno managed secrets during shutdown

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add certificate renewer; - re-structure certificate package

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* commit un-saved file

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* eliminate throttling requests while registering webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* disable webhook monitor (in old pod) during rolling update

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove webhook cleanup logic from init container

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update PR template

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update link to the website repo

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update repo name

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-16 11:31:04 -07:00
Yashvardhan Kukreja
d141f74015
performed cleanups (#1552) 2021-02-07 21:19:25 -08:00
shuting
39b27a16ed
Reduce throttling requests (GET) (#1522) 
* add resource lister to even handler

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* use lister to get Kyverno deployment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add lister for webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:10 -08:00
Shuting Zhao
54b0afb8b9 clean up old webhooks before registering new ones 2020-12-08 15:04:24 -08:00
shuting
624b481df3
Fix 1351 - policy report (#1359) 
* ignore Kyverno CRDs existence check when server is not available

* clean up cluster / reportChangeRequest

* resolve PR comments

* - fixes #1351; - clean up code

* fo fmt
 2020-12-04 10:04:46 -08:00
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2020-11-30 11:22:20 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor (#1318) 
* update webhook registration and monitor

* update log

* fix test

* improve logs

* improve logs

* format changes

* decrease interval for webhook config checks
 2020-11-26 16:07:06 -08:00
Jim Bugwadia
f304be6feb fix typo 2020-11-25 14:20:23 -08:00
Shuting Zhao
61e4088a53 improve eventGen logging 2020-11-03 16:07:02 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
shuting
931d7cd47c
Set mutating webhhok reinvocationPolicy to IfNeeded (#1097) 
* add watch policy to clusterrole kyverno:customresources

* fix build

* fix nil pointer

* skip json patches if the mutation is re-invoked

* set resource mutating webhook invocation policy to IfNeeded
 2020-09-03 08:54:37 -07:00
Mohan B E
f60deecdce
Feature/namespaced policy 280 (#1058) 
* namespaced policy crd and cache

* modified main.go

* removed kyverno

* implemented policy violation generator for namespaced policy on audit

* modified cache

* added validation for cluster resource types

* install.yaml

* install.yaml

* removed namespaces from crd and refactored code

* modified NamespacePolicy to Policy

* added ClusterRole aggregate for policies

* modified clusterrole
 2020-08-19 09:07:23 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
shuting
39de46fe39
983 kustomize support (#1026) 
* prototype - strategic merge patch

* add end to end test

* add engine strategic merge patch support

* set webhook reinvocationPolicy to IfNeeded

* refactor engine mutate code

* support JMESPath in strategic merge patch

* implement patchesJson6902

* update doc

* resolve pr comments
 2020-08-05 09:11:23 -07:00
shuting
87fa77fbcc
965 add validate audit handler (#967) 
* store policy names cache to reduce lookup time

* add validate audit handler

* fix #958, remove auto-gen annotation on Pod

* formatting code

* update processTime to readable format

* #586, add back unit test

* update logging info

* remove unused interface

* handle generate policy in a single thread in weboook

* resolve pr comments
 2020-07-09 11:48:34 -07:00
Jim Bugwadia
65193feccb
update logging, naming, and event retry (#959) 
* update logging and naming

* check per policy patch count
 2020-06-30 11:53:27 -07:00
Shuting Zhao
0670abe2d2 set log level 2020-05-18 21:16:48 -07:00
Shuting Zhao
416f5ecc00 Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/utils/util.go
#	pkg/webhooks/server.go
 2020-05-18 18:05:22 -07:00
Yuvraj
277402ba4c
Feature - Add checks for k8s version when Kyverno starts (#831) 
* Added k8s version check for mutating and validating'

* version check adde

* middelware added

* formate

* Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check

* Fixed test cases

* Removed log

* Update kubernetes version check

* Added check for mutate and validate

* Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14

* Update return object AdmissionResponse

* fixed condition for skiping mutation

* Handle condition for skip feature in case of kubernetes version 1.14.2
 2020-05-18 17:00:52 -07:00
Shuting Zhao
ad4f06f22d Merge branch 'master' into 744_deny_requests 
# Conflicts:
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2020-05-18 12:32:42 -07:00
Jim Bugwadia
304c75403e - skip resource schema validation when no mutate rules are applied 
- cleanup webhook registration logic and logs
 2020-05-17 14:37:05 -07:00
Jim Bugwadia
bf1aaba99b allow cross platform builds 2020-05-17 09:51:46 -07:00
shravan
7a3f0012a9 744 untested prototype 2020-04-22 20:15:16 +05:30
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shravan
c4a8efbd7b Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-29 14:34:15 +05:30
Shivkumar Dudhani
f4406bbefc
linter fixes (#656) 
* cleanup phase 1

* linter fixes phase 2

* linter fixes

* linter fixes
 2020-01-24 16:27:51 -08:00
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
shravan
81ea5ba157 253 fixing circle ci issues 2020-01-24 23:40:05 +05:30
shravan
12076f6183 Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-24 23:32:15 +05:30
shravan
53a795e414 resolving merge conflicts 2020-01-24 23:24:20 +05:30
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
Shuting Zhao
b26ed89880 - set failurepolicy of webhookconfiguraitons to ignore; - disable auto-gen on policy disabllow_default_namespace 2020-01-15 18:01:50 -08:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
Shuting Zhao
625e45c847 remove duplicate code 2019-12-12 18:55:40 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
Shuting Zhao
b2ad71cc5e remove channel, introduced a flag to indicate the webhook creation status 2019-12-05 15:49:02 -08:00
Shuting Zhao
183f844029 - move resourcewebhookregister to webhookconfig 2019-12-05 13:51:02 -08:00
shivkumar dudhani
1642682aa2 528_add_webhook_defaults 2019-12-04 17:28:39 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
shivkumar dudhani
0ea1d9986a cleanup resource & policy 2019-12-02 17:15:47 -08:00
Shuting Zhao
f6db1b9e87 create policy webhookcfgs after verifying webhook status 2019-11-25 18:22:05 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
Shuting Zhao
8b0fb4b801 remove VerifyMutatingWebhook during shutdown 2019-11-25 13:08:02 -08:00
shivkumar dudhani
0d4bbb5a38 refactor 2019-11-19 10:13:03 -08:00
shivkumar dudhani
40b685c9db merge with v1.1.0 2019-11-18 11:48:36 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501) 
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
 2019-11-18 11:41:37 -08:00
shivkumar dudhani
a315c22e2f refer informer cache in policy controller for mutatingwebhookconfigs 2019-11-15 14:01:40 -08:00
Shuting Zhao
eab9609c6a update api in tests 2019-11-13 13:56:07 -08:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00