mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity
3549 commits 20 branches 550 tags 288 MiB
Commit graph

30 commits

Author SHA1 Message Date
Arsh Sharma
42d4948537
adding pod anti-affinity to Kyverno (#1985) 
* added for deployment.yaml

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added for helm

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* to be tested

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* removed not needed ends

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* made changes to pass the test

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* removed hard from values.yaml

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added condition to disable pod-affinity

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* changed with to if condition

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small fix for trailing spaces

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small fix

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

Co-authored-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-09-20 15:52:46 +05:30
Yashvardhan Kukreja
5fcd9b83d9
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-09-10 14:39:12 -07:00
James Callahan
95786f5033
Cleanup kustomizations (#2274) 
- Remove dead newName specification
  - Un-hardcode namespace from resources
  - Create 'bundle' kustomization that keeps namespace hardcoding
    This should be used (as a base) to generate static manifests
  - Turn 'release' directory into kustomization that is only place with version numbers

Signed-off-by: James Callahan <jamescallahan@bitgo.com>
 2021-09-01 18:53:28 -07:00
Vineeth Reddy
c7dbbe4924
updated kyverno deployment strategy (#2006) 
* updated kyverno deployment strategy

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* update helm chart

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* minor changes

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>

* make updatestrategy configurable

Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>
 2021-08-18 15:49:35 +05:30
shuting
1412c1f84e
- update version to v1.3.6; - split Kustomization manifests; - revert release/install.yaml (#1945) 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-06-01 21:58:37 -07:00
Nicolas Lamirault
62c4cd7e3d
Recommanded Kubernetes labels and custom labels (#1873) 
* Add: Recommanded Kubernetes labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: feature to add custom labels to resources metadata

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: manage labels with Kustomize

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: app label for chart

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: make kustomize-crds

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: refactoring labels

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: clean kustomize code

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: typo

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: application version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: version v1.3.6

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-06-01 11:54:33 -07:00
Yashvardhan Kukreja
8eae8ec492 feat: added support for exposing the metrics via kyverno-svc service 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:06:40 +05:30
Nicolas Lamirault
9bdde7abea
Resources for initContainers (#1871) 
* Add: resources for initContainers

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Update: increase memory limit for init container

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Add: init container resources

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>

* Fix: kustomize CRD

Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
 2021-05-07 09:53:00 -07:00
shuting
9dab21619f
Match endpoint to the exact Kyverno Pod's IP (#1787) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* match endpoint ip with the exact pod ip

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add tag "app.kubernetes.io/name"; - reduce throttling requests when deletes webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add [SelfSubjectAccessReview,*,*] to resource filters

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-12 20:29:51 -07:00
treydock
91713ee566
Check webhooks are present during liveness (#1748) 
Fixes #1747

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-03-31 12:44:56 -07:00
Shuting Zhao
669f01e9d2 add flag to kyverno's manifest 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-22 19:19:12 -07:00
shuting
c8a41d83f7
Update Dockerfile; remove securityContext runAsUser (#1695) 
* - run Kyverno with specific uid; - remove "runAsUser" from deployment manifest

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add LD_FLAGS when push Kyverno images

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start Kyverno with UID 10001

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update initContainer and CLI Dockerfiles

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-10 14:47:09 -08:00
Shuting Zhao
db1bfba3f8 release v1.3.2-rc3 2021-02-08 18:15:28 -08:00
shuting
3908808e7a
Rename filterK8Resources to filterK8sResources (#1452) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources
 2021-01-07 11:27:50 -08:00
Shuting Zhao
8b1d84f32c increase memory limit to 256 Mi 2020-12-15 17:55:01 -08:00
shuting
f73c40ab4e
Migrate image to GitHub registry (#1299) 
* migrate image to GitHub registry

* remove registry login
 2020-11-24 11:49:08 -08:00
shuting
bc2e7fcbb3
Revert "Migrate image to GitHub registry" 2020-11-19 13:59:26 -08:00
Shuting Zhao
4d2d4b9985 Update install.yaml 2020-11-19 12:31:08 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Jim Bugwadia
f1fd0a5c7a fix ports 2020-10-22 12:48:04 -07:00
Jim Bugwadia
022c227bce update pod security context and ports 2020-10-22 11:26:22 -07:00
shuting
d6062fdd47
Add go fmt (#1055) 
* remove empty flag

* format code

* revert change in install.yaml
 2020-08-14 12:21:06 -07:00
Yuvraj
4ee523dccf
default exclude group role (#1052) 2020-08-13 14:30:25 -07:00
Shuting Zhao
41667038e0 tag 1.1.9 2020-08-10 17:20:48 -07:00
Yuvraj
73840e3c5f
configrable rules added (#1017) 
* configrable rules added

* fix exclude group logic from code

* flag added in yaml

* exclude username added

* exclude username added

* config interface implimented

* configure exclude username

* get role ref

* test case fixed

* panic fix

* move from interface to slice

* exclude added in mutate

* trim strings

* configmap changes added

* kustomize changes for configmap

* k8s resources added
 2020-08-07 17:09:24 -07:00
Yuvraj
9c0d54f35a
e2e workflow added (#1021) 
* e2e flow added

* add kustomize image change in ci
 2020-08-06 11:56:31 +05:30
Shuting Zhao
71ff4b911d tag 1.1.8 2020-07-21 11:06:42 -07:00
Shuting Zhao
06db774cdd tag v1.1.7-rc4 2020-07-14 20:59:45 -07:00
Yuvraj
4535f43283
Added Synchronize flag in Generate Request (#980) 
* fix Synchronize flag issue
 2020-07-14 02:12:11 +05:30
Yuvraj
d96f3e6c89 remove duplicate crd changes 2020-06-05 13:42:53 -07:00