kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Jim Bugwadia	bc07943c81	handle subresources (#3841 ) * handle subresources Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logger name Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix webhook and logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-09 18:50:50 -07:00
Charles-Edouard Brétéché	27e7b2d326	refactor: webhookconfig package (part 3) (#3834 ) * refactor: webhookconfig package (part 1) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhook config package (part 2) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: webhookconfig package (part 3) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-09 14:31:35 +00:00
Charles-Edouard Brétéché	306b22a5db	fix: policy deletion in webhookconfig (#3832 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-07 21:09:19 +01:00
Charles-Edouard Brétéché	5d2e2faf72	fix: autogen rules in status (#3728 ) * refactor: autogen package logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: add rules to status only when necessary Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-05-05 15:11:26 +00:00
Danny Kulchinsky	810369d876	webhookconfig: if services resource, add services/status as well (#3740 ) Signed-off-by: Danny Kulchinsky <dkulchinsky@fastly.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-03 05:54:08 +00:00
Charles-Edouard Brétéché	c79223393b	refactor: dclient package (#3775 ) * refactor: replace clientset by inteface Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: dclient package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 13:30:04 +08:00
Charles-Edouard Brétéché	6e07acdd87	refactor: replace clientset by inteface (#3774 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 20:30:07 +00:00
Charles-Edouard Brétéché	18af55ed49	refactor: wait for cache sync (#3765 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-03 01:41:39 +08:00
Charles-Edouard Brétéché	972be16ad3	refactor: remove unstructured usage from webhookconfig (#3737 ) * refactor: use typed informers and add tombstone support to webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: remove unstructured usage from webhookconfig Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-02 18:58:04 +08:00
Charles-Edouard Brétéché	87880ad6f1	refactor: use typed informers and add tombstone support to webhookconfig (#3736 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-02 08:19:39 +00:00
Jim Bugwadia	ef71102b22	Fix verify all images (#3748 ) Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-05-01 23:02:49 +00:00
Charles-Edouard Brétéché	de84b8071d	refactor: autogen package logger (#3727 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-29 09:12:21 +00:00
Charles-Edouard Brétéché	7fca026678	fix: remove supported from autogen status (#3714 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-28 16:14:48 -07:00
Jim Bugwadia	ab5171cee5	Verify digest (#3679 ) * add verifyDigest to check all tags are converted to digests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add required to check for image verification annotation Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * generate CRD Signed-off-by: Jim Bugwadia <jim@nirmata.com> * adding imageverify true/false patch Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * patch addition logic Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * image verify CLI tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixes and unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix digest mutate Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix policy cache Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: anushkamittal20 <anumittal4641@gmail.com>	2022-04-27 15:09:52 +00:00
Ioannis Bouloumpasis	a205bc3e2e	fix: webhooks are not configured correctly (#3660 ) * Fix webhook rules equality when internal is empty The current implementation of the 'webhookRulesEqual' didn't check for the corner case were both the internal representation and the API have length of one, but the internal representation has 1 rule with no selectors. In this case the 'webhookRulesEqual' should return false, as the 2 configurations are not the same. Signed-off-by: Ioannis Bouloumpasis <buluba@arrikto.com> * Fix tests Add a small time delay when checking if a Policy is ready in tests to ensure that the Policy is actually ready. Signed-off-by: Ioannis Bouloumpasis <buluba@arrikto.com>	2022-04-25 15:19:39 +00:00
shuting	2a656f6de0	feat: mutate existing resources (#3669 ) * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing, replace GR by UR in webhook server (#3601) * add attributes for post mutation Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR informer to webhook server Signed-off-by: ShutingZhao <shuting@nirmata.com> * - replace gr with ur in the webhook server; - create ur for mutateExsiting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace gr by ur across entire packages Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix missing policy.kyverno.io/policy-name label (#3599) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * refactor cli code from pkg to cmd (#3591) * refactor cli code from pkg to cmd Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes in imports Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes tests Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixed conflicts Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * moved non-commands to utils Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> * add YAMLs Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs & fix unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add UR deletion handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * add api docs for v1beta1 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix clientset method Signed-off-by: ShutingZhao <shuting@nirmata.com> * add-kms-libraries for cosign (#3603) * add-kms-libraries Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> * Shifted providers to cosign package Signed-off-by: anushkamittal20 <anumittal4641@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Add support for custom image extractors (#3596) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net> * Update vulnerable dependencies (#3577) Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix v1beta1 client registration Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: mutate existing - generates UR for admission requests (#3623) Signed-off-by: ShutingZhao <shuting@nirmata.com> * updating version in Chart.yaml (#3618) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Allow kyverno-policies to have preconditions defined (#3606) * Allow kyverno-policies to have preconditions defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix docs Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * replace with UR in policy controller generate rules (#3635) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable mutate engine to process mutateExisting rules; - add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * implemented ur background reconciliation for mutateExisting policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix webhook update error Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporary comment out new unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * Image verify attestors (#3614) * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix logs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * support multiple attestors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * rm CLI tests (not currently supported) Signed-off-by: Jim Bugwadia <jim@nirmata.com> * apply attestor repo Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix entryError assignment Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * format Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add intermediary certs Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Allow defining imagePullSecrets (#3633) * Allow defining imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use dict for imagePullSecrets Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Simplify how imagePullSecrets is defined Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix race condition in pCache (#3632) * fix race condition in pCache Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact: remove unused Run function from generate (#3638) Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * Remove helm mode setting (#3628) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * refactor: image utils (#3630) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * -resolve lift comments; -fix informer sync issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * refact the update request cleanup controller Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> * - fix delete request for mutateExisting; - fix context variable substitution; - improve logging Signed-off-by: ShutingZhao <shuting@nirmata.com> * - enable events; - add last applied annotation Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate existing on policy creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * update autogen code Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * add unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * address list comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix "Implicit memory aliasing in for loop" Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove unused definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * update api docs Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-25 12:20:40 +00:00
Charles-Edouard Brétéché	594a04db01	refactor: simplify autogen package (#3532 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-04-05 15:12:22 +00:00
Charles-Edouard Brétéché	2f81c77850	refactor: use GetFailurePolicy method (#3545 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-05 04:49:30 +08:00
Charles-Edouard Brétéché	857cd1209c	refactor: separate kube utils package (#3527 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-01 08:34:25 +00:00
Charles-Edouard Brétéché	c59affb248	refactor: factorize policy interface (#3496 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 15:52:45 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	4efcabffb5	refactor: use abstract policy interface in webhookconfig (#3466 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-25 14:43:47 +00:00
Charles-Edouard Brétéché	65409890b4	refactor: remove ns lister from webhookconfig (#3452 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-23 16:04:02 +08:00
Vyankatesh Kudtarkar	e268be9e88	support for deprecated API's (#3439 ) * support for deprecated API's * add testcase * update condition * fix logic	2022-03-22 18:25:35 +00:00
Thomas Hartland	0360ad25c1	Fix check for generated webhook rules being equal to what the API server has (#3407 ) * Add webhookRulesEqual function and test Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk> * Handle edge cases in webhookRulesEqual function Signed-off-by: Thomas Hartland <thomas.hartland@diamond.ac.uk>	2022-03-21 12:41:53 +00:00
Charles-Edouard Brétéché	0c8e8c1212	feat: move GetRules() at the policy level (#3420 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 15:18:32 +00:00
Charles-Edouard Brétéché	30261b5235	feat: add conditions support (#3378 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 22:00:01 +08:00
Charles-Edouard Brétéché	9e623bbf6e	feat: add rules to status (#3376 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add rules to status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-15 14:49:16 +00:00
Charles-Edouard Brétéché	8d08250e07	feat: add autogen controllers to policy status (#3332 ) * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 23:51:29 +08:00
Charles-Edouard Brétéché	ce5f648f30	refactor: introduce rules getters and setters (#3350 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-03-09 15:28:31 +00:00
shuting	ae4ff4f6b9	Fix dynamic webhook for namespace policies (#3044 ) * fix dynamic webhook for namespace policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * improve policy listing to reduce duplicate processing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logger Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-01-22 07:55:14 +00:00
Kumar Mallikarjuna	e39489f838	SharedInformers for WebhookConfigurations (#3007 ) * SharedInformers for WebhookConfigurations Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to typed resources Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Remove default informers from Resource Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Formatted files Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com>	2022-01-19 15:57:32 +00:00
Kumar Mallikarjuna	771d62b735	Added Kyverno specific SharedInformerFactory (#2987 ) * Added Kyverno specific SharedInformerFactory Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace ToUnstructured() Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Add GVK to returned resource Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-18 15:52:48 +00:00
Kumar Mallikarjuna	3f61e2dd3a	Added report generation for verifyImage rules (#2782 ) * Add report generation for verifyImage rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Add flag comment Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Mutation: handleDelete() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Remove redundant delete Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Test validation failure Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Validation force rules test Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Default validation behaviour Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Manual rules Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update Config Manager Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Move Delete check Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2022-01-05 07:07:44 +00:00
Prateek Pandey	f6e40b5dd1	feat(validation): support for ephemeral containers (#2875 ) Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2021-12-28 14:22:52 +00:00
Steven E. Harris	f90b982903	Allow use of "pods/binding" subresource (#2721 ) For cases where a policy matches the "Bindings" kind in the "core/v1" API group and version, adjust the pertinent Webhook configuration rule to use the "pods/binding" subresource. Doing so allows observing and reacting to the Kubernetes scheduler (and its "extenders") assigning pods to nodes, before any other system actors observe that assignment. This is an opportune moment in between the pod' creation and a kubelet starting it running. Signed-off-by: Steven E. Harris <seh@panix.com>	2021-11-16 22:26:22 +01:00
Danny__Wei	84c44c0827	obtain webhook config name dynamically (#2698 )	2021-11-08 20:09:19 -08:00
Pooja Singh	0e8341166d	ignoring generate kinds from mutate webhook (#2656 ) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-11-06 23:06:00 +05:30
Jose Armesto	831a9826d1	Restructure project to follow standards (#2632 ) Signed-off-by: Jose Armesto <github@armesto.net>	2021-10-29 18:13:20 +02:00
Jamie	caf2180dca	fix: found a handful other magic strings that needed some webhook love (#2546 ) Signed-off-by: Random J Developer <interns@coreweave.com> Signed-off-by: Jamie Roberts <jroberts@coreweave.com>	2021-10-15 09:54:07 -07:00
ShutingZhao	28183be24f	fix webhook update for PodExecOptions Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-14 13:22:07 -07:00
shuting	9dc2c2b4bf	Bugfixes - handle verifyImage rules for webhooks configurations (#2501 ) * dynamic webhooks for verifyImages rule Signed-off-by: ShutingZhao <shutting06@gmail.com> * add namespace env to the initContainer Signed-off-by: ShutingZhao <shutting06@gmail.com> * add debug log Signed-off-by: ShutingZhao <shutting06@gmail.com> * update operator schema validation tag Signed-off-by: ShutingZhao <shutting06@gmail.com> * set policy to ready if auto-update-webhook disabled Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-07 13:50:30 -07:00
ShutingZhao	b42c44eff0	update policy status to false if error occurs	2021-10-06 20:48:36 -07:00
ShutingZhao	08d75245a2	matching resources should be updated separate for mutate and validate rules Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-06 20:43:19 -07:00
shuting	b10947b975	Dynamic webhooks (#2425 ) * support k8s 1.22, update admissionregistration.k8s.io/v1beta1 to admissionregistration.k8s.io/v1 Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add failurePolicy to policy spec; - fix typo Signed-off-by: ShutingZhao <shutting06@gmail.com> * - add schema validation for failurePolicy; - add a printer column Signed-off-by: ShutingZhao <shutting06@gmail.com> * set default failure policy to fail if not defined Signed-off-by: ShutingZhao <shutting06@gmail.com> * resolve conflicts Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix missing type for printerColumn Signed-off-by: ShutingZhao <shutting06@gmail.com> * refactor policy controller Signed-off-by: ShutingZhao <shutting06@gmail.com> * add webhook config manager Signed-off-by: ShutingZhao <shutting06@gmail.com> * - build webhook objects per policy update; - add fail webhook to default webhook configurations Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix panic on policy update Signed-off-by: ShutingZhao <shutting06@gmail.com> * build default webhook: match empty if autoUpdateWebhooks is enabled, otherwise match all Signed-off-by: ShutingZhao <shutting06@gmail.com> * - set default webhook configs rule to empty; - handle policy deletion Signed-off-by: ShutingZhao <shutting06@gmail.com> * reset webhook config if policies with a specific failurePolicy are cleaned up Signed-off-by: ShutingZhao <shutting06@gmail.com> * handle wildcard pocliy Signed-off-by: ShutingZhao <shutting06@gmail.com> * update default webhook timeout to 10s Signed-off-by: ShutingZhao <shutting06@gmail.com> * cleanups Signed-off-by: ShutingZhao <shutting06@gmail.com> * added webhook informer to re-create it immediately if missing Signed-off-by: ShutingZhao <shutting06@gmail.com> * update tag webhookTimeoutSeconds description Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix e2e tests Signed-off-by: ShutingZhao <shutting06@gmail.com> * fix linter issue Signed-off-by: ShutingZhao <shutting06@gmail.com> * correct metric endpoint Signed-off-by: ShutingZhao <shutting06@gmail.com> * add pol.generate.kind to webhooks Signed-off-by: ShutingZhao <shutting06@gmail.com>	2021-10-05 00:15:09 -07:00

45 commits