mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
4196 commits 16 branches 550 tags 288 MiB
Commit graph

4196 commits

This branch
This branch
All branches
Author SHA1 Message Date
Charles-Edouard Brétéché
1293ef4691
refactor: reduce usage of reflect.DeepEqual (#3328) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-02 17:20:27 +00:00
Charles-Edouard Brétéché
93ad2d6011
fix: update codegen (#3329) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-02 22:19:21 +05:30
Charles-Edouard Brétéché
8cc883becc
fix: naming typos (#3327) 
fix: naming typos

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-02 07:29:33 +00:00
Charles-Edouard Brétéché
7232de45c6
refactor: introduce autogen package (#3316) 
* refactor: pass only spec instead of whole policy when possible

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: introduce autogen package

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-03-01 23:19:31 +00:00
Charles-Edouard Brétéché
1154612489
refactor: pass only spec instead of whole policy when possible (#3315) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-03-01 22:42:19 +00:00
Prateek Pandey
4846bd0293
fetch tag across all branches instead of current branch (#3324) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-03-01 11:59:28 -08:00
Naman Lakhwani
fd7addd2fa
add separate step for digest (#3321) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-03-01 20:05:14 +05:30
Naman Lakhwani
985e2cc158
adding check for digest and update git command 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-03-01 18:36:16 +05:30
Naman Lakhwani
6b5bcfcc42
correcting makefile latest tag (#3314) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-02-28 19:02:24 +00:00
Charles-Edouard Brétéché
1dd745f9a9
fix: helm install docs (#3312) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-02-28 15:49:19 +00:00
Charles-Edouard Brétéché
fef7bb6f0f
fix: seccomp profile (#3313) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-02-28 14:40:40 +00:00
Charles-Edouard Brétéché
c84939df00
chore: drop helm v2 (#3311) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-02-28 08:50:39 -05:00
Charles-Edouard Brétéché
c13f7a4fea
feat: gen kyverno helm chart docs (#3309) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-02-25 13:25:21 -05:00
Charles-Edouard Brétéché
b7f6fc81db
feat: gen kyverno-policies helm chart docs (#3301) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-02-25 16:22:00 +00:00
Naman Lakhwani
378a1d6b95
Fix workflow using regex in main (#3306) 
* using regex

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* added condition

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-02-25 08:48:11 +00:00
Naman Lakhwani
af98c00724
arranging permissions (#3293) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-25 08:11:22 +00:00
José Hisse
c8a31ab16a
fix: helm chart broken when use generatecontrollerExtraResources (#3302) 
Signed-off-by: José Hisse <josehisse@gmail.com>
 2022-02-25 07:35:34 +00:00
Charles-Edouard Brétéché
c79b66d3a3
feat: support background mode configuration in kyverno-policies chart (#3299) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-24 16:31:51 +00:00
Sambhav Kothari
c4075af3d1
Improve CLI test times by instantiating openapi controller once (#3297) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-24 23:34:12 +08:00
Emin AKTAS
388b160840
Fix namespace typo (#3298) 
Signed-off-by: Emin Aktas <emin.aktas@trendyol.com>
Signed-off-by: eminaktas <eminaktas34@gmail.com>
 2022-02-24 13:39:22 +00:00
skuethe
bf662b1ed4
fix: add support for other platforms before executing docker buildx (#3296) 2022-02-24 11:36:10 +00:00
Prateek Pandey
66969d35ea
validate and block policy based on the matched kind cache (#3283) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-02-23 22:27:18 +05:30
Charles-Edouard Brétéché
447bafbed5
fix: comma separated lists in config (#3290) 
This PR fixes comma separated lists in config.

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-23 16:15:44 +00:00
Sambhav Kothari
e9e96e7b1c
Run E2E tests on all supported k8s versions (#3256) 2022-02-23 15:52:08 +00:00
Naman Lakhwani
a9c9b25bb5
latest will point to main (#3285) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-23 15:30:49 +00:00
Sambhav Kothari
147fc6db56 Shallow clone git repositories for kyverno test command 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-23 23:12:34 +08:00
Naman Lakhwani
81ab535433
update trivy scanning (#3284) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-02-23 10:40:07 +08:00
skuethe
016771acde
feat: add linux/s390x builds (#3277) 
Signed-off-by: skuethe <56306041+skuethe@users.noreply.github.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-22 23:40:46 +08:00
Vyankatesh Kudtarkar
e8bf16a00b
Fix label mutation while updating the secret (#3273) 
* Fix label mutation while updating the secret

* Update util.go

* fix converter issue

* code indentation
 2022-02-22 19:49:03 +08:00
Ryan White
c13aeca7fa
Modify capabilities for compatibility with Pod Security (#3274) 
Kyverno manifests are incompatible with the restricted Pod Security
Standards included with Kubernetes 1.22 and 1.23 because the Pod
Security admission controller looks for "ALL" in securityContext.capabilities.drop,
but does not accept "all".

1b741f89aa/policy/check_capabilities_restricted.go (L88)

Signed-off-by: Ryan White <ryan@alzabo.io>
 2022-02-22 08:14:17 +00:00
treydock
99efd8136f
Fix Helm releasing to preserve creation timestamps (#3268) 2022-02-21 15:50:42 +00:00
Afzal Ansari
9f8d2aef8e
Added kyverno test subcommand for test manifest file (#3264) 
* Adds `kyverno test` subcommand for test manifest file

Signed-off-by: afzal442 <afzal442@gmail.com>

Adds sub cmd

Signed-off-by: afzal442 <afzal442@gmail.com>

Adds usage

Signed-off-by: afzal442 <afzal442@gmail.com>

* Refactors the help command

Signed-off-by: afzal442 <afzal442@gmail.com>

Refactors help cmd

Signed-off-by: afzal442 <afzal442@gmail.com>

* Modifies manifest desc and removes the unused test manifest

Signed-off-by: afzal442 <afzal442@gmail.com>

Adds changes

Signed-off-by: afzal442 <afzal442@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-02-21 05:23:29 +00:00
Abhishek Choudhary
25ffa1abd1
Clean up commented out lines of code (#3263) 
Signed-off-by: Abhishek Choudhary <shreemaan.abhishek@gmail.com>
 2022-02-19 09:40:11 +00:00
Abhishek Choudhary
ae7e636687
Add .DS_store to gitignore (#3255) 
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-18 11:38:04 +00:00
Vyankatesh Kudtarkar
04e5f50cde
fix mutate wildcard issue (#3193) 
Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-18 10:32:10 +00:00
Vyankatesh Kudtarkar
0a5aad39cf
Fix foreach validations precondition issue (#3228) 
* fix foreach validations precondition issue

* added test-cases
 2022-02-18 09:11:41 +00:00
shuting
a30493e550
Fix policy report OwnerReference (#3249) 
* add namespaces/finalizers to clusterrole kyverno:generate

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* set policy report's owner to Kyverno namespace

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove BlockOwnerDeletion

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove namespaces/finalizers permission

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-02-18 00:50:18 -08:00
Sambhav Kothari
8c7f037c72
Improve E2E test CI timings (#3250) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-17 17:47:35 -08:00
Jim Bugwadia
1631f011b1
Add openssf badge (#3246) 
* add openssf badge

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* retrigger CI tests

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-02-17 17:47:14 -08:00
Jim Bugwadia
421a81ce63
Fix old object validation check (#3248) 
* fix validation check on UPDATE

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* prevent policy bypass using preconditions

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* separate replace

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add error handling

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-02-17 09:18:49 -08:00
Tathagata Paul
b91ff5a7f2
Bug fix: negation of string kernel version caused Cluster Policy to fail (#3229) 
* fixed bug where negation of kernel version caused cpolr to fail

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

* small fix in function validateString

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

* Added necessary tests

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

Added one more test

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

* Add more tests and added a policy to the test folder

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

* added policy for test cli

Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-02-17 09:33:30 +05:30
Rahul Sawra
1f60aee4b9
add helm pre-delete hook which deletes all the webhooks (#3148) 
* add helm pre-delete hook for graceful uninstallation of webhooks

Signed-off-by: rahulii <r.sawra@gmail.com>

* remove white spaces

Signed-off-by: rahulii <r.sawra@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-17 00:16:51 +08:00
shuting
2eefe3a544
Skip updating webhook configs if namespaceSelector is nil (#3237) 
* skip updating webhook configs if namespaceSelector is nil

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comment for mutating webhook

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update logs

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-02-16 17:07:09 +05:30
shuting
a970953d51
Sync latest changes to release/install.yaml (#3239) 
* sync latest changes to release/install.yaml

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* bump chart versions

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-02-15 17:24:39 +00:00
shuting
1566d0d5fd
add aggregated role for generaterequest (#3240) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-02-15 16:15:10 +00:00
Adam Kosmin
5c91bb8217
Remove abstraction that doesn't work anyway (#3209) 
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: Trey Dockendorf <tdockendorf@osc.edu>
 2022-02-15 23:01:40 +08:00
Mritunjay Kumar Sharma
5a541567de
Fix image parsing for image referenced as digests (#3196) 
* fixes image break with sha256

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes priority to digest

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-15 08:35:53 +00:00
Batuhan Apaydın
943fe2dd41
feat: ha mode support in helm chart (#3207) 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: @necatican @f9n
Signed-off-by: Emin Aktas <eminaktas34@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
 2022-02-15 15:57:23 +08:00
Jim Bugwadia
bd1a145678
Fix keyless attest (#3219) 
* allow root cert for keyless attestations checks

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add logs and improve var names

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* make fmt

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* handle err in sig loading

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-13 20:35:11 -08:00
Jim Bugwadia
14111aaa05
update dependencies (#3221) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-02-13 11:20:24 +00:00