mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity
3918 commits 16 branches 550 tags 287 MiB
Commit graph

261 commits

Author SHA1 Message Date
shuting
a4a66a11cd
update test resource to a valid k8s obejct (#683) 2020-02-10 07:32:44 -08:00
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
Shivkumar Dudhani
af824f28b0
add annotation to ns (#621) 2020-01-13 17:43:13 -08:00
Shivkumar Dudhani
dabe592d46
fix the bugs and add pre-condition checks (#606) 
* fix the bugs and add pre-condition checks

* add precondition documentation
 2020-01-13 11:21:14 -08:00
shivkumar dudhani
eb34437f30 add annotation to variable 2020-01-11 11:14:47 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
Shivkumar Dudhani
ffd2179b03
538 (#587) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* cleanup

* CR fixes

* fix logs
 2020-01-07 10:33:28 -08:00
Shuting Zhao
dd97cdd95f Merge commit '337e0f7d1d6985b5683ddb7b7a42df0ef8130708' into 544_documentation 2019-12-13 16:16:45 -08:00
shivkumar dudhani
10fc1b47ba Merge branch 'master' into v1.1.0 2019-12-12 16:54:42 -08:00
shivkumar dudhani
66e0181157 update tests 2019-12-10 10:26:04 -08:00
Shivkumar Dudhani
ffe3bdb677
remove newline from engine response strings (#537) 
* remove newline from engine response strings

* add scenario file updates

* cr: remove . in trailing msg string
 2019-12-04 18:04:42 -08:00
Shuting Zhao
51642cbcf3 skip process mutate patches if conditon tag is not present 2019-11-27 19:40:47 -08:00
Shuting Zhao
261560eafb mutate rule: do not ignore empty key in resource if overlay has nested anchor 2019-11-27 16:07:15 -08:00
shuting
ae53fa1bfc
Merge pull request #512 from nirmata/local_test 
Add generate rule for default limitrange
 2019-11-18 17:33:43 -08:00
shivkumar dudhani
830e66f80c update scenario file 2019-11-15 21:43:08 -08:00
Shuting Zhao
8343eaf0a8 add generate rule for default limitrange 2019-11-15 18:32:24 -08:00
Jim Bugwadia
eb24b7502b update policy name 2019-11-13 23:31:04 -08:00
Shuting Zhao
79a7bde4ab - fix test; - improve logging 2019-11-13 18:44:18 -08:00
Shuting Zhao
051eba058f update api in samples/ 2019-11-13 13:56:20 -08:00
Shuting Zhao
dcfe76acdc fix test 2019-11-13 00:44:07 -08:00
Shuting Zhao
45dc0bd358 Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info 
# Conflicts:
#	test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
 2019-11-13 00:31:07 -08:00
Shuting Zhao
fb2cc2db9c fix tests 2019-11-11 21:40:42 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00
Jim Bugwadia
3ffb0cfa39 add disallow_sysctl and move policies 2019-11-11 17:17:09 -08:00
Jim Bugwadia
05503e4fd1 update other policies 2019-11-11 14:09:07 -08:00
Jim Bugwadia
dd4d091c23 update restrict_automount_sa_token 2019-11-10 21:57:20 -08:00
Jim Bugwadia
5b2fd96131 update LimitNodePort 2019-11-10 21:34:22 -08:00
Jim Bugwadia
5e8b6c4183 update add_networkPolicy 2019-11-10 21:27:50 -08:00
Jim Bugwadia
244909ebb3 update require_probes 2019-11-10 21:18:17 -08:00
Jim Bugwadia
c1be682a93 update require_pod_requests_limits 2019-11-10 21:06:49 -08:00
Jim Bugwadia
f668113904 update add_ns_quota 2019-11-10 20:58:57 -08:00
Jim Bugwadia
a6d5fb6e30 update restrict_image_registries 2019-11-10 18:13:01 -08:00
Jim Bugwadia
f31abbffab update disallow_latest_tag 2019-11-10 17:54:38 -08:00
Jim Bugwadia
7f54e8e2e3 Merge branch '451_fix_disallow_host_net_port' into 452_make_sample_policy_rule_names_consistent 
# Conflicts:
#	samples/best_practices/disallow_host_network_hostport.yaml
#	test/scenarios/samples/best_practices/disallow_host_network_port.yaml
 2019-11-10 17:35:43 -08:00
Jim Bugwadia
20736e5e81 update disallow_default_namespace and disallow_host_network_port and disallow_host_pid_ipc 2019-11-10 15:50:18 -08:00
Jim Bugwadia
170e2a5179 update disallow_docker_sock_mount and disallow_host_network_port 2019-11-10 12:53:48 -08:00
Jim Bugwadia
fd1a26db29 update DisallowBindMounts 2019-11-09 16:33:19 -08:00
Jim Bugwadia
fae8ac0325 update RequireReadOnlyRootFS 2019-11-09 16:18:33 -08:00
Jim Bugwadia
121b81a83b update disallow new capabilities 2019-11-09 16:07:16 -08:00
Jim Bugwadia
cba79c69a2 update disallow_priviledged 2019-11-08 20:04:42 -08:00
Jim Bugwadia
5ce8fd7a9a update disallow_root_user 2019-11-08 19:25:43 -08:00
Jim Bugwadia
6baa678e27 rename add_safe_to_evict 2019-11-08 19:02:49 -08:00
Jim Bugwadia
a0d3f728da fix disallow_host_network_hostport policy 2019-11-08 18:26:58 -08:00
Jim Bugwadia
ab2e671df5 update test scenario and change rule to audit mode 2019-11-07 19:28:48 -08:00
Jim Bugwadia
4aac8f43a9 fix test 2019-11-07 19:19:33 -08:00
Shuting Zhao
ec331b8d17 remove resource info in the validation error 2019-11-07 12:30:58 -08:00
Shuting Zhao
59fb1c90cd fix test 2019-11-07 12:13:35 -08:00
Shuting Zhao
a30b8a604d update format 2019-11-07 12:13:35 -08:00
Shuting Zhao
443619757e update tests/scenario 2019-11-07 12:13:35 -08:00
Shuting Zhao
58054ef5b6 remove duplicate test 2019-11-07 12:13:34 -08:00