mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3201 commits 16 branches 550 tags 288 MiB
Commit graph

44 commits

Author SHA1 Message Date
Vyankatesh Kudtarkar
ab8d077384
Fix Dev setup (#1815) 
Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-04-21 12:35:13 -07:00
shuting
9dab21619f
Match endpoint to the exact Kyverno Pod's IP (#1787) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* match endpoint ip with the exact pod ip

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add tag "app.kubernetes.io/name"; - reduce throttling requests when deletes webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add [SelfSubjectAccessReview,*,*] to resource filters

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-12 20:29:51 -07:00
Shuting Zhao
4d01f76797 - fix variable validation; - update log level 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-31 13:24:36 -07:00
treydock
0131f375f1
Register webhooks only once service endpoint is ready (#1741) 
* Register webhooks only once service endpoint is ready

Fixes #1740

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Wait for webhook to become ready in main loop

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Better error handling and logging around checking endpoint

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>

* Log soft failure as info, remove redundant return

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
 2021-03-30 13:46:01 -07:00
shuting
fd9acf21a7
Auto-recover policy report (#1730) 
* auto-recover policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add flag background-scan to tune this interval

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup webhook configurations when Kyverno deployment is deleted

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reconcile policy reports if Kyverno Configmap changes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-25 12:28:03 -07:00
shuting
c816cf3d69
Add certificate renewer in webhook registration controller (#1692) 
* load TLS pair from existing secret, if applicable

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove Kyverno managed secrets during shutdown

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add certificate renewer; - re-structure certificate package

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* commit un-saved file

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* eliminate throttling requests while registering webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* disable webhook monitor (in old pod) during rolling update

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove webhook cleanup logic from init container

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update PR template

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update link to the website repo

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update repo name

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-16 11:31:04 -07:00
shuting
39b27a16ed
Reduce throttling requests (GET) (#1522) 
* add resource lister to even handler

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* use lister to get Kyverno deployment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add lister for webhook configs

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-02-05 09:58:10 -08:00
Shuting Zhao
54b0afb8b9 clean up old webhooks before registering new ones 2020-12-08 15:04:24 -08:00
shuting
624b481df3
Fix 1351 - policy report (#1359) 
* ignore Kyverno CRDs existence check when server is not available

* clean up cluster / reportChangeRequest

* resolve PR comments

* - fixes #1351; - clean up code

* fo fmt
 2020-12-04 10:04:46 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor (#1318) 
* update webhook registration and monitor

* update log

* fix test

* improve logs

* improve logs

* format changes

* decrease interval for webhook config checks
 2020-11-26 16:07:06 -08:00
Shuting Zhao
61e4088a53 improve eventGen logging 2020-11-03 16:07:02 -08:00
Shuting Zhao
cdc5190c56 update nirmata/kyverno to kyverno/kyverno 2020-10-07 11:12:31 -07:00
Mohan B E
a14828246d
Feature/api version 852 (#1028) 
* apiVersion support for generate

* added apiVersion to crds
 2020-08-07 09:47:33 +05:30
shuting
87fa77fbcc
965 add validate audit handler (#967) 
* store policy names cache to reduce lookup time

* add validate audit handler

* fix #958, remove auto-gen annotation on Pod

* formatting code

* update processTime to readable format

* #586, add back unit test

* update logging info

* remove unused interface

* handle generate policy in a single thread in weboook

* resolve pr comments
 2020-07-09 11:48:34 -07:00
Jim Bugwadia
65193feccb
update logging, naming, and event retry (#959) 
* update logging and naming

* check per policy patch count
 2020-06-30 11:53:27 -07:00
Shuting Zhao
0670abe2d2 set log level 2020-05-18 21:16:48 -07:00
Yuvraj
277402ba4c
Feature - Add checks for k8s version when Kyverno starts (#831) 
* Added k8s version check for mutating and validating'

* version check adde

* middelware added

* formate

* Added timeout flag value to webhook server timeout middelware and refactore kubernetes version check

* Fixed test cases

* Removed log

* Update kubernetes version check

* Added check for mutate and validate

* Skip Validation in handleValidateAdmissionRequest if kubernetes version is below 1.14

* Update return object AdmissionResponse

* fixed condition for skiping mutation

* Handle condition for skip feature in case of kubernetes version 1.14.2
 2020-05-18 17:00:52 -07:00
Jim Bugwadia
304c75403e - skip resource schema validation when no mutate rules are applied 
- cleanup webhook registration logic and logs
 2020-05-17 14:37:05 -07:00
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shravan
c4a8efbd7b Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-29 14:34:15 +05:30
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
shravan
81ea5ba157 253 fixing circle ci issues 2020-01-24 23:40:05 +05:30
shravan
12076f6183 Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-24 23:32:15 +05:30
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
Shuting Zhao
625e45c847 remove duplicate code 2019-12-12 18:55:40 -08:00
shivkumar dudhani
a19785261d Merge branch '524_bug' into v1.1.0 2019-12-12 16:25:50 -08:00
Shuting Zhao
0f5cf40eda - holds resource webhook creation requests in a quene; - remove webhookinformer from policy controller and webhookregistrationclient 2019-12-04 12:31:27 -08:00
shivkumar dudhani
0ea1d9986a cleanup resource & policy 2019-12-02 17:15:47 -08:00
Shuting Zhao
f6db1b9e87 create policy webhookcfgs after verifying webhook status 2019-11-25 18:22:05 -08:00
Shuting Zhao
f506789498 create resource mutating webhook after verifying webhook is active 2019-11-25 18:07:11 -08:00
Shuting Zhao
8b0fb4b801 remove VerifyMutatingWebhook during shutdown 2019-11-25 13:08:02 -08:00
shivkumar dudhani
0d4bbb5a38 refactor 2019-11-19 10:13:03 -08:00
shivkumar dudhani
40b685c9db merge with v1.1.0 2019-11-18 11:48:36 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501) 
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
 2019-11-18 11:41:37 -08:00
shivkumar dudhani
a315c22e2f refer informer cache in policy controller for mutatingwebhookconfigs 2019-11-15 14:01:40 -08:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
shivkumar dudhani
d71ad7004c remove validation webhook configurations for resources 2019-08-28 11:04:38 -07:00
shivkumar dudhani
470862a7b1 endpoint for policy mutation + refactor + graceful shutdown 2019-08-27 16:44:10 -07:00
shivkumar dudhani
6e74892548 reformat name 2019-08-27 14:59:17 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00
shivkumar dudhani
d8c315e339 fix import cylce after merge + seperate webhookconfig client 2019-08-21 01:07:32 -07:00
Renamed from pkg/webhooks/registration.go (Browse further)