mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
4169 commits 15 branches 540 tags 276 MiB
Commit graph

181 commits

Author SHA1 Message Date
Charles-Edouard Brétéché
2e1534bd9d
fix: api reference docs link (#3664) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-25 21:07:42 +08:00
Charles-Edouard Brétéché
201e55fcfb
chore: remove e2e tests for kube 1.20 (#3665) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-04-25 11:43:11 +08:00
shuting
8d24582286
Update GH workflow config (#3588) 2022-04-12 07:37:37 -07:00
Shubham Gupta
f70cd4222f
Update hash of dependencies instead of mutable version (#3582) 
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-04-12 10:22:38 +01:00
Charles-Edouard Brétéché
975f6ba7c8
test: pass lock by value (#3481) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-04-05 15:52:13 +00:00
Abhi Kapoor
18d4dadab6
Do not generate preconditions not met warning for audit policies (#3487) 
* Do not generate preconditions not met warning for audit policies

Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com>

* Update PR template to reeference the closing keyword

Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com>

* Update pkg/engine/validation.go

Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>

* Update pkg/engine/validation.go

Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>

Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-04-05 10:08:01 +00:00
Prateek Pandey
1b2a3c1085
fix: use github repo env instead of hardcoded repo name (#3513) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-03-31 17:36:21 +08:00
Charles-Edouard Brétéché
80d1ccb26d
chore: add autogen internals e2e tests (#3492) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-29 16:35:27 +00:00
Charles-Edouard Brétéché
20069c13c3
feat: stop mutating rules (#3410) 
* feat: stop adding autogen annotation

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: stop mutating rules

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: stop mutating rules

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: use toggle

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix: review comments

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-28 22:01:27 +08:00
Chip Zoller
e454c71aa6
PR and issue template updates per contributors' meetings (#3428) 
* add cherry pick requirement

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* adopt github issue forms

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update PR template with test checklist reminders

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Add "other" issue template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add "triage" label to all new issues

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2022-03-19 21:31:54 -04:00
Charles-Edouard Brétéché
33df85cc0c
chore: remove check-helm-docs workflow (#3408) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-16 13:55:21 -07:00
Abhinav Sinha
9bb7238a22
Add codecov to CI (#3382) 
* Add `codecov` to CI

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

* Add `codecov` badge for `main` to `README.md`

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

* Addressed code review

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
 2022-03-14 16:21:27 +08:00
Charles-Edouard Brétéché
51501cce9d
chore: check helm docs are up to date (#3310) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-03-08 15:10:53 +00:00
Charles-Edouard Brétéché
8187b9331e
fix: invalid path in helm-test workflow (#3344) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: Sambhav Kothari <skothari44@bloomberg.net>
 2022-03-08 01:08:46 +00:00
Charles-Edouard Brétéché
51db68ba20
chore: verify codegen in CI (#3343) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-03-07 15:13:36 +05:30
Prateek Pandey
4846bd0293
fetch tag across all branches instead of current branch (#3324) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-03-01 11:59:28 -08:00
Naman Lakhwani
fd7addd2fa
add separate step for digest (#3321) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-03-01 20:05:14 +05:30
Naman Lakhwani
985e2cc158
adding check for digest and update git command 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-03-01 18:36:16 +05:30
Naman Lakhwani
378a1d6b95
Fix workflow using regex in main (#3306) 
* using regex

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* added condition

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-02-25 08:48:11 +00:00
Naman Lakhwani
af98c00724
arranging permissions (#3293) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-25 08:11:22 +00:00
Sambhav Kothari
c4075af3d1
Improve CLI test times by instantiating openapi controller once (#3297) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-24 23:34:12 +08:00
skuethe
bf662b1ed4
fix: add support for other platforms before executing docker buildx (#3296) 2022-02-24 11:36:10 +00:00
Sambhav Kothari
e9e96e7b1c
Run E2E tests on all supported k8s versions (#3256) 2022-02-23 15:52:08 +00:00
Naman Lakhwani
a9c9b25bb5
latest will point to main (#3285) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>
 2022-02-23 15:30:49 +00:00
Naman Lakhwani
81ab535433
update trivy scanning (#3284) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-02-23 10:40:07 +08:00
treydock
99efd8136f
Fix Helm releasing to preserve creation timestamps (#3268) 2022-02-21 15:50:42 +00:00
Sambhav Kothari
8c7f037c72
Improve E2E test CI timings (#3250) 
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-02-17 17:47:35 -08:00
Chip Zoller
3dcf165d77
Issue forms and PR template adjustment (#3213) 
* add cherry pick requirement

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* adopt github issue forms

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2022-02-12 16:51:05 +00:00
treydock
4e0d8ca612
Update kyverno-policies chart with latest pod-security policies (#3126) 
* Update kyverno-policies chart with latest pod-security policies
Fixes #3063
Fixes #2277

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Update README to have better example

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use chart testing during e2e to test against ci values

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix e2e tests for Helm chart

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Fix Kyverno chart testing to actually test values, and fix networkpolicy template

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Update README for exclusion

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Allow adding 'other' policies via Helm

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Update Chart.yaml for kyverno-policies

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Bump minimum Kubernetes version in charts

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Update kyverno-policies chart readme

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use version that should catch all pre-releases

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use version that should catch all pre-releases (part 2)

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Use same logic to get git tag by using Makefile target for updating Helm values

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
 2022-02-04 14:47:36 +08:00
shuting
ae4d148318
Update dev image tag in Make targets (#3159) 
* - update dev images tag; - update chart testing

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update to use dev tag when setting up e2e tests infra

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* default chart test image tag for busybox to latest

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* set image tag to latest for chart testing

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* correct tag

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove test tag in e2e.yaml

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-02-03 15:41:58 +08:00
shuting
c479b41d34
update workflow configurations to fix CI failure (#3060) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-01-24 04:39:15 +00:00
Mritunjay Kumar Sharma
cdedf11a1c
bumps k8s libraries for k8s v1.23 upgrade for kyverno (#3043) 
* bumps k8s libraries for k8s v1.23 upgrade for kyverno

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* fixes kustomize version

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* updates golang to v1.17 to test fails

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* updates logr package to 1.2.2

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>

* Fixed tests for `pkg/cosign` and `pkg/webhooks/generation`

Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>

* fix go-logr deps version issue

Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>

* fix kube-openapi commit hash

Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: Abhinav Sinha <abhinav@nirmata.com>
Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>
 2022-01-22 20:26:53 +08:00
Naman Lakhwani
73a02a5df3
fixing bildx version (#3023) 
Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-01-19 22:14:48 +08:00
Sambhav Kothari
8ddfcacd79
Fix permissions for image publish workflows (#3021) 
All of the jobs in this workflow use the same set of permissions and this workflow is only run on pushes to master. Adding the appropriate permissions to read repository contents, publish packages and ID token for cosign.

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-19 11:39:51 +00:00
Naman Lakhwani
1580837526
refactoring github actions to remove duplication and enhancement for versioned sbom's (#2979) 
* initial commit

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* adding docker-buildx-builder to makefile

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* reverting git describe in makefile

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* uploading sbom for each kyverno image

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* small nits

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>

* scanning image before pushing and removed cosign.pub

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
 2022-01-18 15:07:59 -08:00
Roee Landesman
665d2022d8
add top level permissions to remaining github workflows (#2995) 
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>
 2022-01-16 03:57:35 +00:00
Roee Landesman
3e524b5586
Add github token permissions to improve ossf scorecard (#2992) 
* Fix autogen issue with cronjob generator and foreach pod generator (#2989)

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add baseline read-all permissions

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* remove extra read-all

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

* Add arm64 goarch to go releaser (#2991)

Signed-off-by: Roee Landesman <roee.landesman@gmail.com>

Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-15 17:14:22 -08:00
Jim Bugwadia
116f36622b
move guidelines up (#2976) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-13 18:33:24 +08:00
Shubham Palriwala
1257388b97
feat: pin dependencies in gh actions (#2952) 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-01-13 05:23:05 +00:00
Naman Lakhwani
8350aadc58
Fix: CI job to release images (#2929) 
* making required changes in images workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* making required changes in release workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2022-01-10 14:10:44 +00:00
Sambhav Kothari
9a9326928c
Fix the PR template checkboxes to render empty instead of brackets (#2942) 
The current PR template doesn't render the checkboxes by default as unticked and instead as square brackets. This change
allows contributors to use the rendered UI to check boxes instead of manually fixing markdown.

Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
 2022-01-09 12:02:57 -08:00
Naman Lakhwani
68c8790139
adding permissions in jobs (#2924) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 19:35:45 +00:00
Naman Lakhwani
2f8bfc78b1
removing spaces (#2923) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 17:12:11 +00:00
Naman Lakhwani
cda6310249
fix in image workflow (#2921) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-06 22:48:20 +08:00
Naman Lakhwani
f330886af7
fixing cosign command (#2915) 
Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-05 13:02:17 -08:00
Naman Lakhwani
d126280184
keyless signing kyverno images with digest (#2896) 
* signing with digest

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* keyless signing

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* adding annotations

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>

* keyless image signing with digest in release workflow

Signed-off-by: Namanl2001 <namanlakhwani@gmail.com>
 2022-01-04 08:08:28 -08:00
Abhinav Sinha
2076f07b9f
added support for --git-branch flag and directory in git path for kyverno test cmd (#2763) 
* added support for --git-branch flag and directory in git path for kyverno test cmd

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* added cli tests

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* replaced hard-coded Makefile test-cmd branch names with var GIT_BRANCH

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* moved `test-cmd` job from Makefile to github workflow

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

* added `release*` branch to `e2e` workflow

Signed-off-by: Abhinav Sinha <zeborg3@gmail.com>

Co-authored-by: shuting <shutting06@gmail.com>
 2021-12-20 14:09:53 +08:00
shuting
f4614213e5
Test publishing dev-test images (#2848) 
* publish dev-* images

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add LD_FLAGS_DEV

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add IMAGE_TAG_LATEST_DEV

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove test statement

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2021-12-17 02:46:59 +00:00
Shubham Palriwala
ea3529f2d0
Trivy now scans local images (#2744) 
* fix: trivy now scans entire container

Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>

* update github.com/docker/cli package for vulnerabilities

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix go.mod vulnerabilities

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2021-11-22 20:57:51 +08:00
Chip Zoller
7c5142b26a
Contributors updates, Kyverno CLI acknowledgements (#2644) 
* add platform to bug template

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Helm value updates

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* linting, formatting, link updates

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* linting, formatting, updates

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Updates per contributors meeting; linting, fixes

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Updated templates with acknowledgement of CLI parity

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* git => GitHub

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
 2021-11-06 11:08:42 -04:00