mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity
3628 commits 15 branches 540 tags 276 MiB
Commit graph

3628 commits

This branch
This branch
All branches
Author SHA1 Message Date
treydock
b460490984
Improve init container to use DeleteCollection to remove policy reports (#2477) 
* Improve init container to use DeleteCollection to remove policy reports

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Do not use go routine for each namespace

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-10-06 11:25:38 -07:00
shuting
c2751828d1
update the flag to "autoUpdateWebhooks" (#2482) 
Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-06 11:24:51 -07:00
Anushka Mittal
3914c513a8
Changing flag names for consistency (#2467) 
* changing flag names for consistency

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* changes for backward compatibility

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* updated the CHANGELOG.md

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 10:32:48 -07:00
Anushka Mittal
7963263776
Adding log statements in context.go (#2483) 
* adding logs in context.go

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>

* minor modifications

Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
 2021-10-06 10:29:28 -07:00
Shubham Palriwala
ae4fb488bf
fix: sign kyverno-cli (#2480) 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
 2021-10-05 22:28:40 -07:00
shuting
b7473b018b
update deepcopy methods for types.fo (#2478) 2021-10-05 16:57:10 -07:00
Jim Bugwadia
04a7e5703c
Merge pull request #2438 from ShubhamPalriwala/sign-and-generate-sbom 
Sign images and generate and sign SBOM
 2021-10-05 14:49:58 -07:00
Jim Bugwadia
8437582622
Merge branch 'main' into sign-and-generate-sbom 2021-10-05 14:49:06 -07:00
Jim Bugwadia
b849341aee
Merge pull request #2472 from ShubhamPalriwala/scan-with-trivy 
Scan Kyverno images on build
 2021-10-05 14:46:45 -07:00
Shubham Palriwala
38f3eac4d7
Merge branch 'kyverno:main' into scan-with-trivy 2021-10-05 22:52:31 +05:30
Pooja Singh
ca62172b6f
Merge pull request #2462 from NoSkillGirl/feat/support_mutate_in_cli 
Kyverno CLI | Support mutate policies for `test` command
 2021-10-05 21:27:31 +05:30
ShubhamPalriwala
92ca609c7c ci: scan kyverno-image on each build 
Signed-off-by: ShubhamPalriwala <spalriwalau@gmail.com>
 2021-10-05 16:38:55 +05:30
NoSkillGirl
364174d372 removed print statements 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 14:57:48 +05:30
shuting
b10947b975
Dynamic webhooks (#2425) 
* support k8s 1.22, update admissionregistration.k8s.io/v1beta1  to admissionregistration.k8s.io/v1

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add failurePolicy to policy spec; - fix typo

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - add schema validation for failurePolicy; - add a printer column

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* set default failure policy to fail if not defined

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* resolve conflicts

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix missing type for printerColumn

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* refactor policy controller

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add webhook config manager

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - build webhook objects per policy update; - add fail webhook to default webhook configurations

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix panic on policy update

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* - set default webhook configs rule to empty; - handle policy deletion

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* reset webhook config if policies with a specific failurePolicy are cleaned up

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* handle wildcard pocliy

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update default webhook timeout to 10s

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* cleanups

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* added webhook informer to re-create it immediately if missing

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* update tag webhookTimeoutSeconds description

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix e2e tests

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* fix linter issue

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* correct metric endpoint

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add pol.generate.kind to webhooks

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-10-05 00:15:09 -07:00
NoSkillGirl
98f756fcdd change test case as master branch 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 12:42:23 +05:30
NoSkillGirl
0614c2db1f fixed rule pointer 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 12:39:58 +05:30
NoSkillGirl
5ca33ce902 Merge branch 'main' of github.com:kyverno/kyverno into feat/support_mutate_in_cli 2021-10-05 12:23:34 +05:30
NoSkillGirl
a2e106a87a fixed global variable test cases 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
8e0ac567e1 fixed test-validate-image-tag-ignore test case 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
7b94a7477b panic fix 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
1bf48c54a8 improving if condition 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
NoSkillGirl
f4e9543b40 updated apply policy on resource function 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-05 11:11:54 +05:30
vivek kumar sahu
ae6f6c327f Added Code to support the test command for mutate policy (#2279) 
* Added test-e2e-local in the Makefile
* Added a proper Indentation
* Added 3 more fields
* Added getPolicyResourceFullPath function
* Updating the patchedResource path to full path
* Converts Namespaced policy to ClusterPolicy
* Added GetPatchedResourceFromPath function
* Added GetPatchedResource function
* Checks for namespaced-policy from policy name provided bu user
* Generalizing resultKey for both validate and mutate. Also added kind field to this key
* Added Type field to PolicySpec
* To handle mutate case when resource and patchedResource are equal
* fetch patchResource from path provided by user and compare it with engine patchedResource
* generating result by comparing patchedResource
* Added kind to resultKey
* Handles namespaced policy results
* Skip is required
* Added []*response.EngineResponse return type in ApplyPolicyOnResource function
* namespaced policy only surpasses resources having same namespace as policy
* apply command will print the patchedResource whereas test will not
* passing engineResponse instead of validateEngineResponse because it supports results for both validate and mutate case
* default namespace will printed in the output table if no namespace is being provided by the user
* Added e2e test for mutate policy and also examples for both type of policies
* Created a separate function to get resultKey
* Changes in the resultKey for validate case
* Added help description for test command in the cli
* fixes code for more test cases
* fixes code to support more cases and also added resources for e2e-test
* some small changes like adding brackets, clubbing 2 if cond into one, changing variable name, etc.
* Rearrange GetPatchedResourceFromPath function to get rid from repetion of same thing twice.
* Added kind in the result section of test.yaml for all test-cases
* engineResponse will handle different types of response
* GetPatchedResource() uses GetResource function to fetch patched resource

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2021-10-05 11:11:54 +05:30
Kumar Mallikarjuna
aba2e58f09
Added PodDisruptionBudget in kustomize & helm (Rebased) (#2463) 
* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* added pdb in helm & kustomize

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* changed for comments

Signed-off-by: Christopher Haar <chhaar30@googlemail.com>

* Updating minAvailable

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Removed redundant lines

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

* Updated README

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: Christopher Haar <christopher@DKBs-MBP.localdomain>
Co-authored-by: Christopher Haar <chhaar30@googlemail.com>
 2021-10-04 22:39:24 -07:00
Vyankatesh Kudtarkar
9541d2be3e
Validate GVK while installing policy & Fix any/all matching logic (#2458) 
* Handle case-sensitive GVK & Fix any/all matching logic

* Fix any/all matching logic in the background controller

* fix cli issue

* fix any all issue

* add exclude block

* add validation for exclude block

* fix exclude issue
 2021-10-04 12:00:57 -07:00
Kumar Mallikarjuna
b7c8368569
Adding deprecation warning for any and all (Rebased) (#2466) 
* added deprecation warning for any and all

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* Updated schemas

Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>

Co-authored-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-10-04 11:57:39 -07:00
Jim Bugwadia
705e029ff0
Merge pull request #2443 from JimBugwadia/feature/foreach_validate 
Feature/foreach validate
 2021-10-04 00:05:36 -07:00
Jim Bugwadia
94335d58c9 fix golangci-lint issues 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:39:55 -07:00
Jim Bugwadia
6cf9fdd502 fix compile errors 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:23:45 -07:00
Jim Bugwadia
ee6aafa7bb fix linter issues 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 23:07:40 -07:00
Jim Bugwadia
529a3509d5 fix deployment-missing-labels test 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 22:36:06 -07:00
Jim Bugwadia
c9ec282764 format 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 04:00:06 -07:00
Jim Bugwadia
77ae92e784 improve messages 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 03:28:58 -07:00
Jim Bugwadia
731ffde0e7 fix messages and tests 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 03:15:22 -07:00
Jim Bugwadia
086194ffab fix reporting 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-03 01:31:05 -07:00
Jim Bugwadia
8b7d404ea2 generate CRDs and validate handling of skip/error 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-02 18:29:25 -07:00
Jim Bugwadia
89d1e4afab format 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-02 16:57:40 -07:00
Jim Bugwadia
e0e6074afc add validation; add 'element' to context 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-10-02 16:53:02 -07:00
Pooja Singh
c32002837d
supporting request object for generate policies (#2455) 
* supporting request object for generate policies

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* updated naming for operation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* run make kustomize-crd

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-10-01 11:39:29 -07:00
Jim Bugwadia
1ebd2c99f2 add messages and set rule to skip when pattern does not match 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-09-30 23:34:04 -07:00
Jim Bugwadia
6ae3063038 merge main 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-09-30 11:53:33 -07:00
Jim Bugwadia
5b5a85c16a change RuleStatus values to lowercase 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-09-30 00:04:13 -07:00
shuting
af944b9cd5
Add new fields webhookTimeoutSeconds and failurePolicy to the policy Spec (#2456) 
* add tag WebhookTimeoutSeconds to policy spec

Signed-off-by: ShutingZhao <shutting06@gmail.com>

* add spec.failurePolicy

Signed-off-by: ShutingZhao <shutting06@gmail.com>
 2021-09-29 20:53:34 -07:00
Anita-ihuman
575f3627fc
Updating the Contributing.md file (#2450) 
* create configuration for behaviour bot

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* adding contributor images

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* fixed typo in config.yml

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* including config file to ignore.

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* refined the contributing.md file

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* updated  the contributing.md file

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* updated  the contributing.md file

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>

* updated  the contributing.md file

Signed-off-by: Anita-ihuman <charlesanita403@gmail.com>
 2021-09-29 20:52:03 -07:00
Pooja Singh
22789443a8
Merge pull request #2420 from NoSkillGirl/debug_2406_flacky_unit_test 
Fix for flaky unit test
 2021-09-29 17:02:54 +05:30
Vyankatesh Kudtarkar
edc29c5546
Merge pull request #2451 from vyankyGH/any/All_backgroundScan 
Fix No warning about background mode when using any / all in match
 2021-09-29 14:17:38 +05:30
Vyankatesh Kudtarkar
34da0a993e Fix No warning about background mode when using any / all in match 2021-09-29 11:02:48 +05:30
NoSkillGirl
9513cca68f removing commented test case 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-09-29 11:02:07 +05:30
NoSkillGirl
ff540bfb06 removing print statement 
Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-09-29 10:59:54 +05:30
Anushka Mittal
dc6694029c
Update anti-affinity to the soft limit (#2441) 2021-09-28 14:00:49 -07:00