Charles-Edouard Brétéché
900002fcf9
chore: bump a bunch of deps ( #5440 )
...
* chore: bump a bunch of deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-23 14:03:16 +08:00
Charles-Edouard Brétéché
4b11292835
chore: bump sigstore deps ( #5376 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-11-21 21:48:34 +00:00
Nikhil Sharma
d44dc97990
feat: add cleanupPolicy validation code ( #5279 )
...
* validate the cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* add validation for DELETE permission for cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* add separate binary for cleanupPolicy
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
* fix linter issues
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Signed-off-by: Nikhil Sharma <nikhilsharma230303@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-11-14 10:43:32 +01:00
Charles-Edouard Brétéché
6091af6fba
fix: wrong logger used ( #5311 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-11-11 12:16:27 +05:30
Batuhan Apaydın
cbbd8488c8
feat: oci pull/push support for policie(s) ( #5026 )
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-24 18:47:20 +00:00
shuting
5279958943
Remove old version of golang.org/x/sys ( #5125 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-10-24 09:11:19 +00:00
Charles-Edouard Brétéché
7ceea1a08f
chore: bump a few deps ( #4943 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-14 07:13:19 +00:00
Charles-Edouard Brétéché
cd5e0cfa74
chore: bump a couple of deps ( #4925 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-13 11:04:23 +02:00
Charles-Edouard Brétéché
ecb0ad32ec
chore: bump a couple of deps ( #4842 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 15:37:12 +05:30
Charles-Edouard Brétéché
7849fbbc8a
refactor: leader controllers management ( #4832 )
...
* refactor: leader controllers management
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* rename
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix start
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* fix deps
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
* remove dead code
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-07 07:38:38 +00:00
yinka
266f2d397f
upgrade controller-runtime dependency ( #4829 )
...
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-10-06 11:07:37 +00:00
ShutingZhao
d3a18d0c83
Bump k8s libraries to v0.25.2
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-10-06 03:50:39 +08:00
Charles-Edouard Brétéché
f7dde0ab96
chore: use concurrent map v2 (generics) ( #4803 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-06 00:35:09 +08:00
Charles-Edouard Brétéché
83bd8bdbb5
chore: bump a couple of deps ( #4802 )
...
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2022-10-04 12:21:47 +05:30
Charles-Edouard Brétéché
5fef84afd1
chore: bump a few deps ( #4790 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
2022-10-03 13:18:23 +00:00
Jim Bugwadia
081330d564
update cosign and k8s-manifest-sigstore ( #4781 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-10-03 14:46:20 +08:00
yinka
bb2e193d44
feat: allow users enable JSON logging with a --loggingFormat=json flag ( #4661 )
...
* feat: add feature flag to disable background scan (#4638 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* allow users configure JSON logging with a --logging-format=json flag
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* Clean up changes
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* added kubeconfig and context flag to kyverno apply (#4524 )
Signed-off-by: Sandesh More <sandesh.more@infracloud.io>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: publish sbom result to a different repositry from an image (#4665 )
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* Fix issue for wildcard versions (#4670 )
* Fix wildcard issue
Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>
* Delete res.yaml
Co-Authored-By: vyankd <51167361+vyankd@users.noreply.github.com>
Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: bump minimum go version (#4677 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: namespaced policy not validated in engine (#4653 )
* fix: namespaced policy not validated in engine
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix test
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: handle auth permission for cloneList validation (#4684 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: bump net standard lib (#4685 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* small fixes
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* add json logger
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix import
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix go mod
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix go mod
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: simplify go mod (#4692 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: jmespath random error handling (#4697 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* refactor: replace signal package by signal.NotifyContext (#4691 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: namespaced policy targets namespace validation and scoping them to the policy's namespace (#4671 )
Signed-off-by: praddy26 <pradeep.vaishnav4@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: shutdown controllers workers gracefully (#4681 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: split webhook handlers per failure policy (#4650 )
* fix: split webhook handlers per failure policy
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix handlers
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* rolling update
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* better error message
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* refactor: use pod name as leader id (#4680 )
* refactor: use pod name as leader id
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* fix manifests
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* makefile
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* leader client
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* fix: missing client wrapper (#4703 )
* fix: missing client wrapper
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* v1beta1
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* v1alpha2
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
* policy report
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* chore: refactor manifests related makefile targets (#4706 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
* deps
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: damilola olayinka <holayinkajr@gmail.com>
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Sandesh More <34198712+sandeshlmore@users.noreply.github.com>
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: vyankd <51167361+vyankd@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>
2022-09-29 07:49:29 +00:00
Prateek Pandey
01dbf7389d
fix: containerd dependency vulnerability ( #4629 )
...
upgrade the containerd indirect deps to
fixed version
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: shuting <shuting@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-09-29 05:40:55 +00:00
Abhinav Sinha
a1182859ad
Added x509_decode
JMESPath function ( #4664 )
...
* Added `x509_decode` JMESPath function
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Use `crypto/x509` stdlib
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Return result as `map[string]interface{}`
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Made minor fixes
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Fixed error with unmarshalling decoded certificate
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Added e2e test for decoding X.509 certs
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Reverted to using `smallstep/zcrypto` for X.509
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Minor fix
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Addressed reviews
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
* Removed redundant dependency on `pkg/errors`
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-09-28 18:15:39 +00:00
Charles-Edouard Brétéché
e0ab72bb9a
feat: reports v2 implementation ( #4608 )
...
This PR refactors the reports generation code.
It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds.
The new reports system is based on 4 controllers:
Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation
Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes
Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace)
Resources controller is responsible for watching reports that need background scan reports
I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong.
I also added a flag to split reports in chunks to avoid creating too large resources.
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché
7209445cd3
chore: simplify go mod ( #4692 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-26 18:25:03 +05:30
Charles-Edouard Brétéché
9e872305a2
fix: bump net standard lib ( #4685 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-09-26 08:22:29 +00:00
Prateek Pandey
1807bd9a6f
chore: bump cosign 1.12.0 to fix vulnerabilities ( #4631 )
...
bump the cosign version to fix vulnerabilities with
blob verification, CVE-2022-36056
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-09-16 07:48:22 -07:00
Charles-Edouard Brétéché
bc4bf5ee27
chore: switch to github.com/IGLOU-EU/go-wildcard ( #4563 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-09-10 17:30:13 +00:00
Anurag
560cec329e
add random filter ( #4527 )
...
* add random filter
Signed-off-by: Anurag <contact.anurag7@gmail.com>
* update go.mod file
Signed-off-by: Anurag <contact.anurag7@gmail.com>
* update go.sum
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* linter fix
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: Anurag <contact.anurag7@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2022-09-07 16:22:30 +00:00
Charles-Edouard Brétéché
fffd6aa9a0
chore: upgrade golang to 1.18 ( #4505 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-09-05 09:32:45 +05:30
ToLToL
1b9a2fca21
Extend Pod Security Admission ( #4364 )
...
* init commit for pss
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add test for Volume Type control
* add test for App Armor control except ExemptProfile. Fix PSS profile check in EvaluatePSS()
* remove unused code, still a JMESPATH problem with app armor ExemptProfile()
* test for Host Process / Host Namespaces controls
* test for Privileged containers controls
* test for HostPathVolume control
* test for HostPorts control
* test for HostPorts control
* test for SELinux control
* test for Proc mount type control
* Set to baseline
* test for Seccomp control
* test for Sysctl control
* test for Privilege escalation control
* test for Run as non root control
* test for Restricted Seccomp control
* Add problems to address
* add solutions to problems
* Add validate rule for PSA
* api.Version --> string. latest by default
* Exclude all values for a restrictedField
* add tests for kyverno engine
* code to be used to match kyverno rule's namespace
* Refacto pkg/pss
* fix multiple problems: not matching containers, add contains methods, select the right container when we have the same exclude.RestrictedField for multiple containers:
* EvaluatePod
* Use EvaluatePod in kyverno engine
* Set pod instead of container in context to use full Jmespath. e.g.: securityContext.capabilities.add --> spec.containers[*].securityContext.capabilities.add
* Check if PSSCheckResult matched at least one exclude value
* add tests for engine
* fix engine validation test
* config
* update go.mod and go.sum
* crds
* Check validate value: add PodSecurity
* exclude all restrictedFields when we only specify the controlName
* ExemptProfile(): check if exclud.RestrictedField matches at least one restrictedField.path
* handle containers, initContainers, ephemeralContainers when we only specify the controlName (all restrictedFields are excluded)
* refacto pks/pss/evaluate.go and add pkg/engine/validation_test.go
* add all controls with containers in restrictedFields as comments
* add tests for capabilities and privileged containers and fix some errors
* add tests for host ports control
* add tests for proc mount control
* add tests for privilege escalation control
* add tests for capabilities control
* remove comments
* new algo
* refacto algo, working. Add test for hostProcess control
* remove unused code
* fix getPodWithNotMatchingContainers(), add tests for host namespaces control
* refacto ExemptProfile()
* get values for a specific container. add test for SELinuxOptions control
* fix allowedValues for SELinuxOptions
* add tests for seccompProfile_baseline control
* refacto checkContainers(), add test for seccomp control
* add test for running as non root control
* add some tests for runAsUser control, have to update current PSA version
* add sysctls control
* add allowed values for restrictedVolumes control
* add some tests for appArmor, volume types controls
* add tests for volume types control
* add tests for hostPath volume control
* finish merge conflicts and add tests for runAsUser
* update charts and crds
* exclude.images optional
* change volume types control exclude values
* add appAmor control
* fix: did not match any exclude value for pod-level restrictedFields
* create autogen for validate.PodSecurity
* clean code, remove logs
* fix sonatype lift errors
* fix sonatype lift errors: duplication
* fix crash in pkg/policy/validate/ tests and unmarshall errors for pkg/engine tests
* beginning of autogen implement for validate.exclude
* Autogen for validation.PodSecurity
* working autogen with simple tests
* change validate.PodSecurity failure response format
* make codegen
* fix lint errors, remove debug prints
* fix tags
* fix tags
* fix crash when deleting pods matching validate.podSecurity rule. Only check validatePodSecurity() when it's not a delete request
* Changes requested
* Changes requested 2
* Changes requested 3
* Changes requested 4
* Changes requested and make codegen
* fix host namespaces control
* fix lint
* fix codegen error
* update docs/crd/v1/index.html
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix path
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update crd schema
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update charts/kyverno/templates/crds.yaml
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
2022-08-31 09:16:31 +00:00
Riko Kudo
5f5cda9fee
Yaml signing and verification ( #4235 )
...
* enable YAML verification using k8s-manifest-sigstore
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
comment out role and rolebinding for dryrun
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix log message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
change default value of dryrun option
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
support gpg signature
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* upgrade manifest sigstore version and support multi sigs
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix validate.manifest rule
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd and add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
set cosign experimental env when keyless verification
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* improve default ignoreFields
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* add unit-test for k8smanifest
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update install yaml
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version and support one or more signatures
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
add unit-test for k8smanifest multi-signature
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix manifest verify policy and move dryrun rbac to dryrun dir
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version and resolve conflict
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
enable YAML verification using k8s-manifest-sigstore
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
comment out role and rolebinding for dryrun
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix pubkey setting
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
upgrade manifest sigstore version and support multi sigs
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix validate.manifest rule
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update crd and add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
update k8s-manifest-sigstore version and support one or more signatures
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix verifyManifest result message
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
fix manifest verify policy and move dryrun rbac to dryrun dir
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
add small fix
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* remove generic name
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix sonatype-lift issue and unit-test error
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* fix gofumpt error
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
* update manifest rule to use attestor
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* remove unused value
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* resolve conflict
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix install.yaml
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix to set COSIGN_EXPERIMENTAL env variable when keyless verification
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix misspell
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* enable kyverno cli in validate.manifests rule (#3 )
* enable kyverno cli in validate.manifests rule
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version and improve error handling for better result output
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update crds and deepcopy
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update unit test
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* change to use spec.rules.exclude.subjects instead of skipUsers (#4 )
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix yaml signing sigstore (#5 )
* update k8s-manifest-sigstore version
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* add a comment for dryrun option field
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* enable to include ClusterPolicy/Policy in match resource
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix log style and env variable settings
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* simplify manifest verify func
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix func name
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix sonatype warning
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix default ignoreFields
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix yaml signing sigstore rbac (#6 )
* fix dryrun rbac to have minimal permissions
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix lint error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix unit-test error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix gofumpt error
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* fix log style
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* updated CRD documentation
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* resolve go.mod conflicts
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
* updated helm stuff
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché
888689df54
fix: update go-wildcard to v1.5.0 ( #4444 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-08-29 17:10:01 +00:00
Prateek Pandey
34fe6c9058
bump cosign deps version to 1.11.1 ( #4408 )
...
* bump cosign deps version to 1.11.1
to accommodate latest attestation verification fixes
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* bump github action go version to 1.18
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-08-25 08:24:49 +00:00
dependabot[bot]
0bb575442d
chore(deps): bump github.com/sigstore/cosign from 1.10.0 to 1.10.1 ( #4328 )
...
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign ) from 1.10.0 to 1.10.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v1.10.0...v1.10.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-11 12:38:27 +08:00
Jim Bugwadia
943c3a1929
use failurePolicy to block or allow requests, on policy errors ( #4183 )
...
* use failurePolicy to block or allow requests, on policy errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add warnings
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* codegen
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add unit tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* handle network errors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix title conversion
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix path in generated file
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix test
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix fake metrics
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add check for klog flag initialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* check for flag reinitialization
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix spelling
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix flag init
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-08-02 20:24:02 +05:30
Guilhem Lettron
b03e461f25
feat: auto optimize GOMAXPROCS ( #4277 )
...
Signed-off-by: Guilhem Lettron <guilhem@barpilot.io>
2022-07-29 23:59:47 +08:00
Tathagata Paul
3e2894b6fa
feat: Opentelemetry support for metrics and traces ( #3910 )
...
* integrating opentelemetry
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fix multiple imports
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* fixed cli help statement
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
* added init file for metrics
Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
2022-07-11 17:49:47 +00:00
Furkan Türkal
af3da5e19a
bump cosign to 1.9.1 to fix fulcio panic ( #4117 )
...
Signed-off-by: Furkan <furkan.turkal@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-06-16 16:03:22 +00:00
Vyankatesh Kudtarkar
7245c92dcf
fix vulnerable ( #4027 )
2022-05-26 04:19:00 +00:00
Vyankatesh Kudtarkar
bea0b794d5
add validation check to ensure the annotations quoted ( #3976 )
2022-05-24 12:45:23 +00:00
Prateek Pandey
c79dc82eaa
fix: cleanup old dependencies from go.sum and go.mod ( #3806 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-05-05 08:56:22 +00:00
Prateek Pandey
3e2c9b25c9
Bump cosign and sigstore version ( #3771 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-05-02 20:20:08 +01:00
Sambhav Kothari
05c5f1b340
Allow kyverno jp to take yaml files as inputs ( #3768 )
2022-05-02 17:03:45 +00:00
shuting
2a656f6de0
feat: mutate existing resources ( #3669 )
...
* feat: mutate existing, replace GR by UR in webhook server (#3601 )
* add attributes for post mutation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add UR informer to webhook server
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* replace gr by ur across entire packages
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add YAMLs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update api docs & fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add UR deletion handler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add api docs for v1beta1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix clientset method
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix v1beta1 client registration
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: mutate existing - generates UR for admission requests (#3623 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* replace with UR in policy controller generate rules (#3635 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* - enable mutate engine to process mutateExisting rules; - add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* implemented ur background reconciliation for mutateExisting policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix webhook update error
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* temporary comment out new unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: mutate existing, replace GR by UR in webhook server (#3601 )
* add attributes for post mutation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add UR informer to webhook server
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - replace gr with ur in the webhook server; - create ur for mutateExsiting policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* replace gr by ur across entire packages
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix missing policy.kyverno.io/policy-name label (#3599 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* refactor cli code from pkg to cmd (#3591 )
* refactor cli code from pkg to cmd
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* fixes in imports
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* fixes tests
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* fixed conflicts
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
* moved non-commands to utils
Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
* add YAMLs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update api docs & fix unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add UR deletion handler
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add api docs for v1beta1
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix clientset method
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add-kms-libraries for cosign (#3603 )
* add-kms-libraries
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
* Shifted providers to cosign package
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Add support for custom image extractors (#3596 )
Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>
* Update vulnerable dependencies (#3577 )
Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix v1beta1 client registration
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* feat: mutate existing - generates UR for admission requests (#3623 )
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* updating version in Chart.yaml (#3618 )
* updatimg version in Chart.yaml
Signed-off-by: Prateeknandle <prateeknandle@gmail.com>
* changes from, make gen-helm
Signed-off-by: Prateeknandle <prateeknandle@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Allow kyverno-policies to have preconditions defined (#3606 )
* Allow kyverno-policies to have preconditions defined
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
* Fix docs
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* replace with UR in policy controller generate rules (#3635 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - enable mutate engine to process mutateExisting rules; - add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* implemented ur background reconciliation for mutateExisting policies
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix webhook update error
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* temporary comment out new unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Image verify attestors (#3614 )
* fix logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix logs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* support multiple attestors
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* rm CLI tests (not currently supported)
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* apply attestor repo
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix linter issues
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix entryError assignment
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* fix tests
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* format
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* add intermediary certs
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
* Allow defining imagePullSecrets (#3633 )
* Allow defining imagePullSecrets
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
* Use dict for imagePullSecrets
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
* Simplify how imagePullSecrets is defined
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* Fix race condition in pCache (#3632 )
* fix race condition in pCache
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refact: remove unused Run function from generate (#3638 )
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* Remove helm mode setting (#3628 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refactor: image utils (#3630 )
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* -resolve lift comments; -fix informer sync issue
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* refact the update request cleanup controller
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
* - fix delete request for mutateExisting; - fix context variable substitution; - improve logging
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* - enable events; - add last applied annotation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* enable mutate existing on policy creation
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update autogen code
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* merge main
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* add unit tests
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* address list comments
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update api docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* fix "Implicit memory aliasing in for loop"
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* remove unused definitions
Signed-off-by: ShutingZhao <shuting@nirmata.com>
* update api docs
Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: Anushka Mittal <55237170+anushkamittal20@users.noreply.github.com>
Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com>
Co-authored-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Prateek Nandle <56027872+Prateeknandle@users.noreply.github.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2022-04-25 12:20:40 +00:00
Shubham Gupta
3cbb8db72e
Update vulnerable dependencies ( #3577 )
...
Signed-off-by: Shubham Gupta <shubham.gupta2956@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-04-14 20:39:55 +00:00
Anushka Mittal
1714a328b6
add-kms-libraries for cosign ( #3603 )
...
* add-kms-libraries
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
* Shifted providers to cosign package
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
2022-04-14 15:24:34 +00:00
Anushka Mittal
746d8efde9
Update to cosign 1.7.1 ( #3587 )
...
Signed-off-by: anushkamittal20 <anumittal4641@gmail.com>
2022-04-12 09:29:26 -07:00
shuting
d1bf3d4742
clean up dependencies ( #3469 )
...
Signed-off-by: ShutingZhao <shuting@nirmata.com>
2022-03-25 08:40:25 +00:00
Charles-Edouard Brétéché
9ac35f9698
chore: add more codegen target and verifications ( #3393 )
...
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>
2022-03-16 15:01:35 +05:30
Christian Kotzbauer
851a81845c
Update cosign to v1.6.0 ( #3341 )
...
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
fix ecr-helper creation
Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-03-11 11:25:10 -08:00
Prateek Pandey
66969d35ea
validate and block policy based on the matched kind cache ( #3283 )
...
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
2022-02-23 22:27:18 +05:30
Jim Bugwadia
14111aaa05
update dependencies ( #3221 )
...
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2022-02-13 11:20:24 +00:00
Rob Best
851ebe3e65
Add cloud provider keychains to DefaultKeychain ( #3116 )
...
Removes the need to specify an image pull secret to make use of cloud
provider credentials. As I understand it, this should be fine outside of
cloud provider contexts.
As part of this, I've switched to using authn/kubernetes, which I believe
is preferable to k8schain.
Signed-off-by: Rob Best <robertbest89@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-01-28 11:33:27 -08:00