kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-01-20 18:52:16 +00:00

Author	SHA1	Message	Date
Vyankatesh Kudtarkar	b1861081be	support for Disallow pod exec operation (#2138 )	2021-07-14 11:42:10 -07:00
Vyankatesh Kudtarkar	081cca8f23	Fix wildcards issue for match/exclude kind block (#2137 ) * Fix wildcards issue for match/exclude kind block * fix typo	2021-07-14 11:19:15 -07:00
shuting	104cd310e8	Cleanup Report Change Requests (#2134 ) * clean up RCRs if retry fails Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup report change request when background scan starts Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add verb deletecollection to ClusterRole kyverno:customresources Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-07-14 09:57:16 -07:00
Vyankatesh Kudtarkar	521ee0e683	remove duplicate (#2132 )	2021-07-13 10:29:48 -07:00
Jim Bugwadia	13caaed8b7	Feature/cosign (#2078 ) * add image verification * inline policy list Signed-off-by: Jim Bugwadia <jim@nirmata.com> * cosign version and dependencies updates Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add registry initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add build tag to exclude k8schain for cloud providers Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate deep copy and other fixtures Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix deep copy issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * mutate images to add digest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add certificates to Kyverno container for HTTPS lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align flag syntax Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update docs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update dependencies Signed-off-by: Jim Bugwadia <jim@nirmata.com> * patch image with digest and fix checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * hardcode image for demos Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add default registry (docker.io) before calling reference.Parse Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix definition Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase webhook timeout Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix args Signed-off-by: Jim Bugwadia <jim@nirmata.com> * run gofmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rename for clarity Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix HasImageVerify check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * align make test commands Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle API conflict and retry Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reviewdog issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix make for unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * improve error message Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix durations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle errors in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * print policy name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add retries and duration to error log Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix time check in tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * round creation times in test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix retry loop Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove timing check for policy creation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix e2e error - policy not found Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update string comparison method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix test Generate_Namespace_Label_Actions Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add debug info for e2e tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix error Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix generate bug Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for update operations Signed-off-by: Jim Bugwadia <jim@nirmata.com> * increase time for deleteing a resource Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix check Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Shuting Zhao <shutting06@gmail.com>	2021-07-09 18:01:46 -07:00
Pooja Singh	20ac2a6556	Merge pull request #2112 from realshuting/bugfixes/inconsistent-polr Fix inconsistent polr for audit policy	2021-07-09 18:12:46 +05:30
shuting	6afe86c54e	Apply pod's rules if the owner is not k8s pod-controllers (#2107 ) * apply pod's rules if the owner is not k8s pod-controllers Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add unit tests Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-07-09 14:44:38 +05:30
Shuting Zhao	5fdec77c6c	fix inconsistent polr for audit policy Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-07-08 18:51:31 -07:00
Vyankatesh Kudtarkar	66aa4d0e4f	fix Helmchart doesn't respect metricsService.create flag (#2103 )	2021-07-08 12:12:34 -07:00
Vyankatesh Kudtarkar	7342675a1e	Merge pull request #2102 from ercpereda/add-topologySpreadConstraints-to-helm-chart Add topologySpreadConstraints to helm charts	2021-07-07 22:34:40 +05:30
Vineeth Reddy	eeb4e4ff0f	turn preconditions error to info log (#1926 ) * turn preconditions error to info log Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * minor change Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * further changes Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * resolve conflicts Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * add precondition flag Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in> * NotFoundError -> Info Signed-off-by: vineethvanga18 <reddy.8@iitj.ac.in>	2021-07-07 17:37:44 +05:30
Ernesto R. C. Pereda	f691a93f03	Add topologySpreadConstraints to helm charts Signed-off-by: Ernesto R. C. Pereda <ernesto.cruz@alayacare.com>	2021-07-06 15:31:54 -04:00
Arsh Sharma	e74a5c803c	adding a note to deprecate name in favour of names (#2096 ) Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-07-06 11:34:06 -07:00
Vyankatesh Kudtarkar	4595f2cf30	Add autogen-support for test command (#2093 ) * Add autogen-support for test command * Fix e2e test issue * Add test cases for autogen-support * Fix testcase issue * add testcases for cronjob	2021-07-06 10:44:43 +05:30
Max Goncharenko	fdaa73b175	Forbid variables in match/exclude/patchesJson6902.path sections (#1940 ) * forbid variables in match/exclude/patchesJson6902.path sections Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix e2e test Signed-off-by: Max Goncharenko <kacejot@fex.net> * edits related to the PR comments Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-07-02 19:17:40 +05:30
Max Goncharenko	6d0ad5598e	Jmespath notfound error (#1907 ) * return err, if variable path could not be resolved Signed-off-by: Max Goncharenko <kacejot@fex.net> * fixed {{@}} behavior Signed-off-by: Max Goncharenko <kacejot@fex.net> * fix json merge logic Signed-off-by: Max Goncharenko <kacejot@fex.net> * add e2e tests for Flux use case Signed-off-by: Maxim Goncharenko <goncharenko.maxim@apriorit.com>	2021-07-01 22:56:50 -07:00
Vyankatesh Kudtarkar	b72a3d4a8c	Merge pull request #2037 from Retna-Gjensidige/issue-2036 fix: added envVars to containers	2021-07-02 10:58:59 +05:30
Retna	933e6ae274	Merge branch 'main' into issue-2036 Signed-off-by: Retna Ramachandran <retna.ramachandran@gjensidige.no>	2021-07-01 15:17:18 +02:00
Retna	7983229d75	fix: Formatting	2021-07-01 14:58:36 +02:00
Vyankatesh Kudtarkar	3de5d37b21	Merge pull request #1919 from windowsrefund/fix-envVars Helm chart: Eliminate duplicate env key when iterating over envVars	2021-07-01 16:46:16 +05:30
Pooja Singh	5ad07b28b1	Merge pull request #2091 from NoSkillGirl/2085-e2e-generate-policy e2e test cases for generate policy with clone (changes in workflow)	2021-07-01 16:11:33 +05:30
NoSkillGirl	2025fd0f70	fixing clone source replication Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-07-01 15:44:15 +05:30
NoSkillGirl	6894f1d85c	added case - generated resource is not deleted after the source is deleted Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-07-01 10:13:15 +05:30
NoSkillGirl	e768b8ae94	added case - generated resource is not updated if the source resource is updated Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-07-01 10:10:57 +05:30
NoSkillGirl	7008cb9d98	added case - generated resource is not deleted after the generate policy is gone Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-07-01 10:09:43 +05:30
Vyankatesh Kudtarkar	07910edd15	2074 : Fix Policy cache returns the duplicated policies (#2082 ) * Fix Policy cache returns the duplicated policies * Add testcases	2021-06-30 12:20:21 -07:00
Pooja Singh	cd9e596e7e	[Improvement] Kyverno should not delete downstream resources when a generate policy using the clone behavior has synchronize: true (#1880 ) * debuging issue Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * issue fixed Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * remove policy name in source resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed deletion of GR on source updation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function in common Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removing comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added generated resource list to the log Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-30 12:00:02 -07:00
shuting	2c9e52af98	update podSecurityStandard from default to baseline (#2084 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-29 15:54:17 -07:00
Valentin Velkov	63f4c9a884	Configurable success events on policies & resources. Generating failure events on policies by default. (#1939 ) * Remove unused event.Reason const Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate failure events on policies Signed-off-by: Velkov <valentin.velkov@sap.com> * Generate success events on policy Signed-off-by: Velkov <valentin.velkov@sap.com> * Introduce 'generateSuccessEvents' flag Signed-off-by: Velkov <valentin.velkov@sap.com> * Unit tests & chart fix Signed-off-by: Velkov <valentin.velkov@sap.com>	2021-06-29 14:43:11 -07:00
Chip Zoller	436d44050b	Helm chart README fixes (#2062 ) * fix link to PR doc Signed-off-by: Chip Zoller <chipzoller@gmail.com> * fix description Signed-off-by: Chip Zoller <chipzoller@gmail.com> * chart README fixes Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Helm chart README clean-up Signed-off-by: Chip Zoller <chipzoller@gmail.com> * linting Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Revert "fix description" This reverts commit `e128152cd7`. Signed-off-by: Chip Zoller <chipzoller@gmail.com>	2021-06-29 13:48:26 -07:00
treydock	c479517c53	Fix Helm release during tag (#2081 ) Fixes #2057 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-06-29 13:36:30 -07:00
Pooja Singh	23d1a92b99	Merge pull request #2026 from NoSkillGirl/caching_endpoint Adding endpoint check for policy creation	2021-06-29 12:11:35 +05:30
NoSkillGirl	a8ab5e74ed	added comment Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-06-29 11:52:24 +05:30
Arsh Sharma	fbc80cdfae	adding support for multiple names in match and exclude blocks (#2010 ) * add names in rd struct Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * added checking logic Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * updated yamls Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * wip: fix empty set problem Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * working with exclude Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * fixing name and names Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * added error if both name and names are specified Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * added tests Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * changed empty set logic, fixed whitespaces and comments Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com> * fix match and exclude bug Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-06-28 22:31:22 -07:00
Vyankatesh Kudtarkar	8556cf6c91	Merge pull request #2066 from MarcusNoble/fix_helm_deployment_name fix: set deployment name env var	2021-06-28 15:30:54 +05:30
Nicolas Lamirault	4ca208da25	FIX Custom labels indentation (#2073 ) * Fix: custom labels indentation Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * Update: bump chart version Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>	2021-06-25 13:28:30 -07:00
Shuting Zhao	f9a89c4672	tag v1.4.1 Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-24 15:13:15 -07:00
shuting	0a13ce9c73	Revert "Fix Helm deployment name issue" (#2070 )	2021-06-24 14:22:34 -07:00
Pooja Singh	54a85c5da1	Merge pull request #2045 from vyankyGH/fix_deployment_name Fix Helm deployment name issue - install kyverno with helm release name != kyverno	2021-06-24 19:19:19 +05:30
vyankatesh	235038e712	fix deployment issue	2021-06-24 13:07:51 +05:30
vyankatesh	11a05496de	fix helm deployment name	2021-06-24 13:03:15 +05:30
Marcus Noble	443d56fd4d	fix: set deployment name env var Signed-off-by: Marcus Noble <m.noble@elsevier.com>	2021-06-24 08:17:14 +01:00
treydock	3b1fd912cb	Move log to debug for wildcard pattern matching (#2064 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2021-06-23 16:48:09 -07:00
Mahfuza Humayra Mohona	9e769d1fd0	Integrate LitmusChaos - Pod Memory Hog experiment (#2014 ) * updating readme Signed-off-by: Mahfuza Humayra Mohona <mhmohona@gmail.com> Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ> * Updating GetWithRetry function Signed-off-by: Mahfuza Humayra Mohona <mhmohona@gmail.com> Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ> * Updating GetWithRetry function Signed-off-by: Mahfuza Humayra Mohona <mhmohona@gmail.com> Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ> * Updating GetWithRetry function Signed-off-by: Mahfuza Humayra Mohona <mhmohona@gmail.com> Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ> * removing update Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ> * Update utils.go Signed-off-by: Mahfuza Mohona <mahfuza.mohona@LEADSOFT.BIZ>	2021-06-23 14:16:49 -07:00
Arsh Sharma	9efd58f667	deleted bot (#2059 ) Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>	2021-06-23 00:23:33 -07:00
shuting	3b06378142	remove selector from Helm chart (#2056 ) Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-06-22 23:10:04 -07:00
Vyankatesh Kudtarkar	09909a56f2	Merge pull request #2054 from DarthBenro008/fix/2031 add: http/https regex to kyverno CLI	2021-06-23 10:10:25 +05:30
DarthBenro008	e82e7e7596	refactor: fix minor typos Signed-off-by: DarthBenro008 <hkpdev008@gmail.com>	2021-06-23 00:37:41 +05:30
Pooja Singh	c6c803511c	Merge pull request #1977 from RinkiyaKeDad/1818_default_to_baseline replacing pod security standard from default to baseline	2021-06-22 23:35:39 +05:30
vivek kumar sahu	faa88699af	fix typo in policy struct (#1992 ) * Updates L-30 Signed-off-by: viveksahu26 vivekkumarsahu650@gmail.com Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com> * compile the code using Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>	2021-06-22 10:03:15 -07:00

1 2 3 4 5 ...

3380 commits