1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Commit graph

4765 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
ac3b5eed22
feat: add startup probes support (#4896)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: treydock <tdockendorf@osc.edu>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
2022-10-16 18:50:28 +02:00
Charles-Edouard Brétéché
7aefa89839
feat: add policy-reporter to argocd lab (#4988)
* feat: add policy-reporter to argocd lab

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* readme

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
2022-10-16 17:39:43 +02:00
Charles-Edouard Brétéché
3686f6506c
docs: add resource exclusions note in helm docs (#4989)
* docs: add resource exclusions note in helm docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-16 06:58:56 -04:00
Charles-Edouard Brétéché
42b224aa26
chore: add myself in approvers (#4990)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-15 23:55:00 +00:00
Samuel Torres
8dc56d3f68
feat: Add container registry setting on Helm Chart (#4281)
To make the customization of the container registries easier, eg.
a custom private registry, this change adds a new property on the
images configuration to allow setting a custom image registry
without needing to customize the repository of the image.

Signed-off-by: Samuel Torres <samuelpirestorres@gmail.com>
2022-10-15 11:48:36 -04:00
Charles-Edouard Brétéché
5f6b04ca69
fix: config reloading not working correctly (#4951)
* fix: config reloading not working correctly

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 17:36:46 +00:00
Charles-Edouard Brétéché
1f3c429cd7
fix: missing autogen rules in status (#4971)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 17:02:10 +00:00
Charles-Edouard Brétéché
afe9036347
fix: add user info in admission request logs (#4969)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 16:29:48 +00:00
Charles-Edouard Brétéché
f0703a5c6b
fix: don't produce empty admission reports (#4966)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 15:55:51 +00:00
Charles-Edouard Brétéché
47780bf37f
fix: improve banned types management in reports (#4953)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-14 23:20:30 +08:00
Charles-Edouard Brétéché
e749907302
fix: missing watchers in resource report controller (#4967)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 13:55:50 +00:00
Batuhan Apaydın
29a26e54f7
chore: Push and sign install manifests to GHCR (#4895)
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Stefan Prodan <@stefanprodan>
Co-authored-by: Charles-Edouard Brétéché <@eddycharly>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-10-14 12:48:32 +00:00
Pratik Shah
caab013a86
Fixed issue-4530: Added separate attestor type for secrets and KMS (#4733)
Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Vyankatesh <vyankateshkd@gmail.com>
2022-10-14 09:40:46 +00:00
Charles-Edouard Brétéché
064980bd9a
fix: admission reports printer (#4950)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 08:22:00 +00:00
Charles-Edouard Brétéché
7ceea1a08f
chore: bump a few deps (#4943)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-14 07:13:19 +00:00
Pratik Shah
8a0083105d
Added support to specify key signature algorithm in verifyImages (#4855)
Signed-off-by: Pratik Shah <pratik@infracloud.io>

Signed-off-by: Pratik Shah <pratik@infracloud.io>
2022-10-14 05:39:57 +00:00
Charles-Edouard Brétéché
16aca2816f
fix: don't report ready until certs are valid (#4934)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-14 04:23:42 +00:00
Chip Zoller
b7247b5935
Update issue templates and scan for vulns action (#4952)
* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump JasonEtco/create-an-issue

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump versions in drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix background mode scan with request.operation

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Revert "bump versions in drop-downs"

This reverts commit 5fcea048dd.

* Revert "bump JasonEtco/create-an-issue"

This reverts commit f0d44c7aca.

* update version drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump action version

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: kyverno-bot <104836976+kyverno-bot@users.noreply.github.com>
2022-10-13 22:11:58 +00:00
Chip Zoller
3c70843fdf
Fix background scan with request.operation (#4947)
* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump JasonEtco/create-an-issue

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump versions in drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* fix background mode scan with request.operation

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Revert "bump versions in drop-downs"

This reverts commit 5fcea048dd.

* Revert "bump JasonEtco/create-an-issue"

This reverts commit f0d44c7aca.

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-13 16:34:49 +00:00
Charles-Edouard Brétéché
56d90888e0
fix: consider generateName when matching resources (#4945)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 16:02:01 +00:00
Charles-Edouard Brétéché
a62a0c1f9f
fix: probes should work in debug mode (#4926)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-13 14:40:35 +00:00
Charles-Edouard Brétéché
9e933e8d21
fix: set operation in context when necessary (#4940)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 19:33:49 +05:30
Batuhan Apaydın
38a15a948f
chore: add COSIGN_REPOSITORY env to ko-publish-dev step (#4922) 2022-10-13 10:55:39 +00:00
Charles-Edouard Brétéché
ed88e9f8d2
fix: panic when bad variable substitution (#4928)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-13 10:16:47 +00:00
Charles-Edouard Brétéché
090b68e55d
feat: make cert renewer private and add server name support (#4904)
* fix: remove unnecessary dependencies from tls package

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: make cert renewer private and add server name support

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* nits

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 09:46:05 +00:00
Charles-Edouard Brétéché
cd5e0cfa74
chore: bump a couple of deps (#4925)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 11:04:23 +02:00
XDRAGON2002
03c41e7746
[Cleanup] Disable PolicySkipped events (#4913)
* remove skip events

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* update conditions

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* improve conditions

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

* remove redundant function

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-13 08:32:20 +00:00
Sandesh More
17ba925490
add filter for validation policies when ValidationFailureActionOverrides is used (#4809)
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>

Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
2022-10-13 07:59:10 +00:00
Charles-Edouard Brétéché
4f3656abc6
chore: update controller-tools to v0.10.0 (#4918)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-10-13 07:23:44 +00:00
Charles-Edouard Brétéché
8f7db3d4be
fix: use constants defined in openapi controller (#4919)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 06:29:38 +00:00
Batuhan Apaydın
f45584bfd6
chore: signing helm releases (#4801)
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-12 20:14:44 +00:00
Charles-Edouard Brétéché
25963aba60
fix: openapi controller discovery (#4912)
* refactor: openapi controller part 2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename 2

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: openapi controller discovery

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 12:23:47 -07:00
Charles-Edouard Brétéché
b3021f5a57
refactor: openapi controller part 2 (#4910)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 22:24:16 +05:30
Charles-Edouard Brétéché
7cef1c00d9
fix: clean background scan reports (#4908)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 21:13:33 +05:30
James Callahan
33b5bb2a8a
fix: don't specify rules when aggregationRule is set (#4867)
Fixes #4866

Signed-off-by: James Callahan <jamescallahan@bitgo.com>

Signed-off-by: James Callahan <jamescallahan@bitgo.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-12 14:17:51 +00:00
Charles-Edouard Brétéché
de67a507cd
refactor: openapi controller part 1 (#4901)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-12 11:38:48 +00:00
Charles-Edouard Brétéché
d25dccbd9c
fix: remove unnecessary dependencies from tls package (#4903)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 09:36:26 +00:00
Charles-Edouard Brétéché
8e15982448
fix: reduce webhook controller logs (#4897)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 10:39:27 +02:00
Charles-Edouard Brétéché
c213deab4b
chore: add argocd lab (#4884)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 07:25:48 +00:00
Charles-Edouard Brétéché
4aed9359cb
refactor: manage webhooks with webhook controller (#4846)
* refactor: add config support to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: add client config to webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* migrate verify webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* v1

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: move policy webhooks management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy validating webhook config

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watch policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: migrate resource webhook management in webhook controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* auto update and wildcard policies

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* policy readiness

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: can't use v1 admission

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* reduce reconcile

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* health check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* runtime utils

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* watchdog check

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove delete from mutating webhook

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* cleanup

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-10-12 06:52:42 +00:00
Charles-Edouard Brétéché
7d897016e9
fix: auto gen enabled when using names (#4863)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-10-12 06:09:02 +00:00
Charles-Edouard Brétéché
465f9d204b
fix: non watchable resources in report controller (#4888)
* fix: non watchable resources in report controller

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix events

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-12 13:36:24 +08:00
XDRAGON2002
f6cb33de95
Fix result colour (#4885)
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Signed-off-by: Anant Vijay <anantvijay3@gmail.com>
2022-10-11 20:36:31 +00:00
Charles-Edouard Brétéché
f7db09fcc2
fix: background scan labels (#4865)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-11 19:54:22 +00:00
Prateek Pandey
23ab7390a3
fix: hardening policy validation for generate cloneList (#4881)
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-10-11 23:35:07 +05:30
Charles-Edouard Brétéché
ea37d46137
docs: add section in helm docs to install with argocd (#4878)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-11 17:48:30 +02:00
XDRAGON2002
df12c80b95
fix test output numbering (#4853)
Signed-off-by: Anant Vijay <anantvijay3@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-11 12:30:11 +00:00
Batuhan Apaydın
2860775dc3
feature: use cert extension oid as key (#4854)
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-10 12:39:09 -07:00
Charles-Edouard Brétéché
afaee3dedb
chore: add launch.json for vscode debugging (#4856)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-10 13:50:04 +00:00
Chip Zoller
5346bce5ca
Add workflow to detect and report on image vulns (#4850)
* update version drop-down

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add workflow to detect and report on image vulnerabilities

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* pin deps

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
2022-10-10 15:10:16 +02:00