mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
2956 commits 15 branches 540 tags 276 MiB
Commit graph

196 commits

Author SHA1 Message Date
Gregory May
a6be0912ae
add Seccomp securityContext example (#1411) 
Signed-off-by: gmay <mrgregmay@gmail.com>
 2020-12-21 11:04:41 -08:00
Jim Bugwadia
673b3bfd22
Merge pull request #1347 from chipzoller/main 
add drop all policy
 2020-12-01 22:47:16 -08:00
Jonas Mai
c3d204af8a changes the pod requests and limits example policy, indicating that configuring memory limits is recommended 2020-12-01 20:29:10 +01:00
Chip Zoller
42b101d8b3 add drop all policy 2020-12-01 10:37:46 -05:00
Chip Zoller
f5d48721e6
new samples around image practices (#1302) 2020-11-25 11:48:21 -08:00
Chip Zoller
7ee346b0de
column misspelling (#1290) 
* column misspelling

* edit description with tip about conditional adds

* Enhance bug report template
 2020-11-23 14:05:46 -08:00
Chip Zoller
2c86496728
Add new sample policies (#1272) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos

* add EnsurePodProbesDifferent

* add DisallowSecrets policy

* add AddDefaultLabels policy

* typo
 2020-11-18 14:58:32 -08:00
Shuting Zhao
e985ee4031 correct misspelled words 2020-11-17 12:01:01 -08:00
Chip Zoller
c52f07b615
new samples; updates (#1259) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos
 2020-11-16 13:39:59 -08:00
Chip Zoller
763af0655b update with release, typos 2020-11-12 18:23:20 -05:00
Chip Zoller
a9911246a2 linting, MD updates 2020-11-12 12:32:10 -05:00
Chip Zoller
e76ce41b95 add sample policy for deployments 2020-11-12 12:31:03 -05:00
Chip Zoller
2e5c26e31e fix snippet in MD 2020-11-12 09:50:12 -05:00
Chip Zoller
a0539f1d76 update README with new policies 2020-11-11 20:30:59 -05:00
Chip Zoller
b268935aa3 add samples for Pod labels 2020-11-11 20:17:48 -05:00
Chip Zoller
16dc96b898 manifest fixes; typos; linting 2020-11-11 13:07:01 -05:00
Shuting Zhao
2152d354a9 migrate repo 2020-10-07 15:09:52 -07:00
Shuting Zhao
d4c37aebad add annotation in best practice policy require-pod-probes 2020-10-07 15:09:13 -07:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Mohan B E
bd406f5bb8
added conversion of overlay to patch strategic merge (#1138) 
* added conversion of overlay to patch strategic merge and modified unittest for the same

* updated best practice policy
 2020-09-22 16:19:09 -07:00
shuting
3fa745bc3e
Bugfix policymutation (#1119) 
* fix policy mutation - autogen does not have exclude

* update doc
 2020-09-15 22:58:55 -07:00
Yuvraj
2641120907
Generate policy does not work on namespace update (#1085) 
* added logic for handling generate request

* generate rules added

* added label condition for generate

* remove extra logs

* remove extra logs

* buf fixed

* bug fixed

* added logic for delete gr

* log fixed

* documentation changed

* remove best practices changes

* bug fix

* added best pratice
 2020-08-31 11:25:13 -07:00
Jim Bugwadia
3fb1c8e87e
add validateFailureAction to all policies (#1068) 2020-08-19 14:04:58 -07:00
Jim Bugwadia
66b660d717 fix policy 2020-08-19 01:08:53 -07:00
Jim Bugwadia
550f9d89b4 update policy markdowns 2020-08-18 21:44:11 -07:00
Jim Bugwadia
23fd317eee turn off auto-gen policies for add new capabilities 2020-08-18 21:41:15 -07:00
Jim Bugwadia
293281596b fix disallow root user policy 2020-08-18 21:03:38 -07:00
Yuvraj
4535f43283
Added Synchronize flag in Generate Request (#980) 
* fix Synchronize flag issue
 2020-07-14 02:12:11 +05:30
NoSkillGirl
fed8d7f967 small fixes 2020-07-11 18:12:35 +05:30
NoSkillGirl
f0fab9499e temp 2020-07-11 17:56:14 +05:30
Jim Bugwadia
87cdf80e09
fixes #928 (#957) 2020-06-26 18:28:52 -07:00
Jim Bugwadia
32cd23963a
Bugfix/878 fix disallow sysctls (#899) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* only check sysctls if security context is defined
 2020-06-03 17:46:01 -07:00
shuting
5f20cdfb07
remove cpu limit in BP require_pod_requests_limits.yaml (#807) 
* remove cpu limit in BP require_pod_requests_limits.yaml

* update test
 2020-04-13 09:29:11 -07:00
Shuting Zhao
c0eda74b98 update doc 2020-03-04 17:40:33 -08:00
Shuting Zhao
f4cc5d30fc Add rules to disallow default namespace for pod controllers. 2020-03-04 17:37:51 -08:00
Jim Bugwadia
3903a20dd3
Remove autogen annotation 
Remove `pod-policies.kyverno.io/autogen-controllers: none`
 2020-02-07 17:13:56 -08:00
Shuting Zhao
b26ed89880 - set failurepolicy of webhookconfiguraitons to ignore; - disable auto-gen on policy disabllow_default_namespace 2020-01-15 18:01:50 -08:00
Shuting Zhao
5330138048 fix build error 2020-01-10 19:35:29 -08:00
Shuting Zhao
8de265d8a4 - update samples/policy - retag 1.1.0 2020-01-10 19:26:09 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
shuting
2d022d457a
Merge pull request #584 from nirmata/371_omitempty 
add anchors for omitempty tag
 2020-01-02 11:17:31 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller 
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
 2020-01-02 10:32:17 -08:00
Shuting Zhao
e9ac8b8b28 update markdown 2019-12-30 16:45:22 -08:00
Shuting Zhao
456190b7f8 remove failure action 2019-12-30 13:55:02 -08:00
Shuting Zhao
d33a89cc0f add anchors for omitempty tag 2019-12-30 13:53:51 -08:00
Shuting Zhao
bae2865550 - add =() to volumes; - update error msg 2019-12-27 14:59:12 -08:00
shivkumar dudhani
66e0181157 update tests 2019-12-10 10:26:04 -08:00
shivkumar dudhani
4894577ba1 update documentation 2019-12-10 09:51:15 -08:00
shivkumar dudhani
ee20fcd4a0 Update Name 2019-12-09 15:33:21 -08:00
shuting
ae53fa1bfc
Merge pull request #512 from nirmata/local_test 
Add generate rule for default limitrange
 2019-11-18 17:33:43 -08:00