mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
4535 commits 15 branches 540 tags 276 MiB
Commit graph

4535 commits

This branch
This branch
All branches
Author SHA1 Message Date
Mritunjay Kumar Sharma
c07f6bd8a8
refactor: to remove generate cleanup controller (#4041) 
- refactored cleanup controller
- handle delete policy

Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com>
 2022-09-01 09:39:06 +00:00
shuting
c1b1cbb7da
Add PodSecurity description (#4475) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-09-01 09:03:41 +00:00
Charles-Edouard Brétéché
1e25bfd16f
feat: remove context api call constraints (#4389) 
* feat: add raw api call support

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* feat: remove context api call constraints

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-01 08:30:04 +00:00
shuting
99f6dedb20
fix logger format (#4474) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-09-01 07:33:36 +00:00
Charles-Edouard Brétéché
599a68e896
feat: enable autogen from makefile (#4467) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-09-01 14:14:56 +08:00
Charles-Edouard Brétéché
f44a2f1a70
chore: speed up local image builds (#4468) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 18:04:47 -07:00
Charles-Edouard Brétéché
6173013a6c
chore: enable cherry-pick bot (#4470) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 19:12:00 +00:00
Charles-Edouard Brétéché
f503be1b23
docs: add section for generated code (#4465) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 16:19:37 +02:00
Charles-Edouard Brétéché
891ab41bef
fix: local image build with docker (#4462) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 10:41:58 +00:00
Charles-Edouard Brétéché
70f2e4e84d
fix: warning in all makefile targets (#4464) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 09:58:27 +00:00
ToLToL
1b9a2fca21
Extend Pod Security Admission (#4364) 
* init commit for pss

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* add test for Volume Type control

* add test for App Armor control except ExemptProfile. Fix PSS profile check in EvaluatePSS()

* remove unused code, still a JMESPATH problem with app armor ExemptProfile()

* test for Host Process / Host Namespaces controls

* test for Privileged containers controls

* test for HostPathVolume control

* test for HostPorts control

* test for HostPorts control

* test for SELinux control

* test for Proc mount type control

* Set to baseline

* test for Seccomp control

* test for Sysctl control

* test for Privilege escalation control

* test for Run as non root control

* test for Restricted Seccomp control

* Add problems to address

* add solutions to problems

* Add validate rule for PSA

* api.Version --> string. latest by default

* Exclude all values for a restrictedField

* add tests for kyverno engine

* code to be used to match kyverno rule's namespace

* Refacto pkg/pss

* fix multiple problems: not matching containers, add contains methods, select the right container when we have the same exclude.RestrictedField for multiple containers:

* EvaluatePod

* Use EvaluatePod in kyverno engine

* Set pod instead of container in context to use full Jmespath. e.g.: securityContext.capabilities.add --> spec.containers[*].securityContext.capabilities.add

* Check if PSSCheckResult matched at least one exclude value

* add tests for engine

* fix engine validation test

* config

* update go.mod and go.sum

* crds

* Check validate value: add PodSecurity

* exclude all restrictedFields when we only specify the controlName

* ExemptProfile(): check if exclud.RestrictedField matches at least one restrictedField.path

* handle containers, initContainers, ephemeralContainers when we only specify the controlName (all restrictedFields are excluded)

* refacto pks/pss/evaluate.go and add pkg/engine/validation_test.go

* add all controls with containers in restrictedFields as comments

* add tests for capabilities and privileged containers and fix some errors

* add tests for host ports control

* add tests for proc mount control

* add tests for privilege escalation control

* add tests for capabilities control

* remove comments

* new algo

* refacto algo, working. Add test for hostProcess control

* remove unused code

* fix getPodWithNotMatchingContainers(), add tests for host namespaces control

* refacto ExemptProfile()

* get values for a specific container. add test for SELinuxOptions control

* fix allowedValues for SELinuxOptions

* add tests for seccompProfile_baseline control

* refacto checkContainers(), add test for seccomp control

* add test for running as non root control

* add some tests for runAsUser control, have to update current PSA version

* add sysctls control

* add allowed values for restrictedVolumes control

* add some tests for appArmor, volume types controls

* add tests for volume types control

* add tests for hostPath volume control

* finish merge conflicts and add tests for runAsUser

* update charts and crds

* exclude.images optional

* change volume types control exclude values

* add appAmor control

* fix: did not match any exclude value for pod-level restrictedFields

* create autogen for validate.PodSecurity

* clean code, remove logs

* fix sonatype lift errors

* fix sonatype lift errors: duplication

* fix crash in pkg/policy/validate/ tests and unmarshall errors for pkg/engine tests

* beginning of autogen implement for validate.exclude

* Autogen for validation.PodSecurity

* working autogen with simple tests

* change validate.PodSecurity failure response format

* make codegen

* fix lint errors, remove debug prints

* fix tags

* fix tags

* fix crash when deleting pods matching validate.podSecurity rule. Only check validatePodSecurity() when it's not a delete request

* Changes requested

* Changes requested 2

* Changes requested 3

* Changes requested 4

* Changes requested and make codegen

* fix host namespaces control

* fix lint

* fix codegen error

* update docs/crd/v1/index.html

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* fix path

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update crd schema

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update charts/kyverno/templates/crds.yaml

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: ShutingZhao <shuting@nirmata.com>
 2022-08-31 09:16:31 +00:00
Charles-Edouard Brétéché
a53ad6a5dd
docs: add section for deploying a local build (#4458) 
* docs: add section for deploying a local build

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* review

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* review

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix merge

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 08:06:12 +00:00
Charles-Edouard Brétéché
f243a7dd84
refactor: make toggles easier to define and use (#4456) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-08-31 06:41:14 +00:00
shuting
3bf3dcc1af
Add the metric "kyverno_client_queries_total" (#4359) 
* Add metric "kyverno_kube_client_queries_total"

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* publish metric for missing queries

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Refactor the way Kyverno registers QPS metric

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Move clientsets to a dedicated folder

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Wrap Kyverno client and policyreport client to register client query metric

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address linter comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* address linter comments

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* Switch to use wrapper clients

Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-08-31 11:33:47 +05:30
shuting
423afb57d8
skip validate rules if conditional anchor key doesn't exist in the resource (#4451) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-08-31 05:09:53 +00:00
Charles-Edouard Brétéché
8ddc72d792
refactor: clearly separate makefile docker targets for build and publish (#4454) 
* refactor: clearly separate makefile ko targets for build and publish

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: clearly separate makefile docker targets for build and publish

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fix

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-31 12:22:46 +08:00
Riko Kudo
5f5cda9fee
Yaml signing and verification (#4235) 
* enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix log message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

change default value of dryrun option

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

support gpg signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

set cosign experimental env when keyless verification

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* improve default ignoreFields

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* add unit-test for k8smanifest

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update install yaml

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add unit-test for k8smanifest multi-signature

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and resolve conflict

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

enable YAML verification using k8s-manifest-sigstore

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

comment out role and rolebinding for dryrun

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix pubkey setting

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

upgrade manifest sigstore version and support multi sigs

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix validate.manifest rule

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update crd and add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

update k8s-manifest-sigstore version and support one or more signatures

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix verifyManifest result message

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

fix manifest verify policy and move dryrun rbac to dryrun dir

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

add small fix

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* remove generic name

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix sonatype-lift issue and unit-test error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>

* update manifest rule to use attestor

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* remove unused value

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve conflict

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix install.yaml

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix to set COSIGN_EXPERIMENTAL env variable when keyless verification

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix misspell

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable kyverno cli in validate.manifests rule (#3)

* enable kyverno cli in validate.manifests rule

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version and improve error handling for better result output

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update crds and deepcopy

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update unit test

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* change to use spec.rules.exclude.subjects instead of skipUsers (#4)

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore (#5)

* update k8s-manifest-sigstore version

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* add a comment for dryrun option field

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* enable to include ClusterPolicy/Policy in match resource

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style and env variable settings

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* simplify manifest verify func

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix func name

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix sonatype warning

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix default ignoreFields

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix yaml signing sigstore rbac (#6)

* fix dryrun rbac to have minimal permissions

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix lint error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix unit-test error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix gofumpt error

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* fix log style

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated CRD documentation

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* resolve go.mod conflicts

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

* updated helm stuff

Signed-off-by: Riko Kudo <rurikudo@ibm.com>

Signed-off-by: Ruriko Kudo <rurikudo@ibm.com>
Signed-off-by: Riko Kudo <rurikudo@ibm.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2022-08-30 10:14:54 -07:00
Charles-Edouard Brétéché
bfffbeabe5
docs: add pushing images section (#4452) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-30 16:10:38 +00:00
Charles-Edouard Brétéché
fc79ca96a2
refactor: clearly separate makefile ko targets for build and publish (#4450) 
* refactor: clearly separate makefile ko targets for build and publish

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* fixes

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-30 17:30:28 +02:00
Charles-Edouard Brétéché
361fb533a8
chore: fix workflows related to ko recent changes (#4441) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-30 14:06:30 +00:00
Charles-Edouard Brétéché
26989b0604
docs: add local image build section (#4449) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-30 15:15:13 +02:00
Charles-Edouard Brétéché
2b495c7ef3
chore: fix workflows related to ko recent changes (#4438) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-08-30 12:59:08 +08:00
Chip Zoller
1f6e7b17ce
Update issue template drop-down version numbers (#4446) 
* add chipzoller to CODEOWNERS

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* update version drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* add explanation section

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* bump versions in issue template drop-downs

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
 2022-08-29 21:41:04 +00:00
Charles-Edouard Brétéché
2a4ae98962
docs: add section for local builds (#4445) 
* docs: add section for dev tools

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* docs: add section for local builds

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* typo

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-29 20:36:04 +00:00
Daniel Schunack
1e5282c707
[Feature] Add ability to get additional policies from restricted (#4416) 
* Add includeRestrictedPolicies function
* Add Test Case

Signed-off-by: dschunack <dschunack@web.de>
 2022-08-29 17:45:29 +00:00
Charles-Edouard Brétéché
888689df54
fix: update go-wildcard to v1.5.0 (#4444) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-29 17:10:01 +00:00
Charles-Edouard Brétéché
c900c6832b
docs: add section for dev tools (#4443) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-29 16:32:56 +00:00
Charles-Edouard Brétéché
504acea12c
chore: remove godownloader and install-cli script (#4442) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-29 17:19:13 +02:00
Ayushman
1394b91898
Added kubeconfig flag support (#4308) 
* Added kubeconfig flag support

Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com>

* removed swp file

Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com>

* changed

Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com>

Signed-off-by: Ayushman Mishra <ayushvidushi01@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-08-29 06:21:42 +00:00
Charles-Edouard Brétéché
8e65e558e4
fix: ko login (#4427) 2022-08-27 12:26:17 +08:00
Charles-Edouard Brétéché
c35e73e39c
fix: ko login (#4425) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-26 16:56:27 +00:00
Charles-Edouard Brétéché
e0da0c996c
fix: ko login (#4424) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-26 15:54:48 +00:00
Charles-Edouard Brétéché
ce4377a54e
fix: ko login (#4423) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-26 23:01:50 +08:00
Charles-Edouard Brétéché
5915f37f4d
fix: ko login (#4422) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
 2022-08-26 14:25:30 +00:00
Charles-Edouard Brétéché
4864be14f1
fix: make ldflags optional in .ko.yaml (#4419) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-26 13:40:27 +00:00
Charles-Edouard Brétéché
9e49b25484
refactor: makefile build targets (#4418) 
* refactor: makefile

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* refactor: makefile build targets

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-26 15:23:04 +08:00
Jason Hall
95f3c0ea48
fix: Add --bare for ko-build-dev targets (#4417) 
Signed-off-by: Jason Hall <jason@chainguard.dev>

Signed-off-by: Jason Hall <jason@chainguard.dev>
 2022-08-25 19:41:50 +00:00
Jason Hall
6055713dfc
Use ko to build images (#4366) 
This updates Makefile targets to build images using `docker buildx
build` to use `ko build` instead.

End-to-end tests are accomplished by building and loading the image
directly into the KinD cluster via ko.

Also:
- use GitHub Actions token to push to ghcr.io (setup-ko sets this up for us)
- allow forks to push to their forked repo's packages (useful for testing)

Signed-off-by: Jason Hall <jason@chainguard.dev>

Signed-off-by: Jason Hall <jason@chainguard.dev>
 2022-08-25 20:32:40 +02:00
Charles-Edouard Brétéché
3454635ece
refactor: makefile (#4403) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 16:59:24 +00:00
Daniel Schunack
7b31f456c9
[Feature] Add posibility to set validationFailureAction by Policy (#4400) 
* Implement validationFailureActionByPolicy
* Update README.md
* Add artifacthub.io/changes entry
* Add Test Case
Signed-off-by: dschunack <dschunack@web.de>
 2022-08-25 15:29:20 +00:00
Charles-Edouard Brétéché
cf0ee93de8
feat: enable autogen internals by default (#4381) 
* feat: enable autogen internals by default

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* change e2e tests

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* change e2e tests matrix

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 23:01:43 +08:00
Prateek Pandey
6db747224a
bump golang 1.18.5 version digest in Dockerfile (#4413) 
Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-08-25 22:07:18 +08:00
Prateek Pandey
34fe6c9058
bump cosign deps version to 1.11.1 (#4408) 
* bump cosign deps version to 1.11.1

to accommodate latest attestation verification fixes

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

* bump github action go version to 1.18

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>

Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com>
 2022-08-25 08:24:49 +00:00
Charles-Edouard Brétéché
961e06adcd
chore: improve docker image tagging (#4409) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 13:13:51 +05:30
Charles-Edouard Brétéché
fc1a4601a7
refactor: introduce wildcard utils package (#4406) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 05:23:01 +00:00
Charles-Edouard Brétéché
9208f91714
fix: chart docs for generatecontrollerExtraResources (#4405) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-25 12:48:31 +08:00
Charles-Edouard Brétéché
6f52d8fecc
chore: enable asasalint linter (#4396) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
 2022-08-24 23:18:18 +05:30
shuting
e2b77641cb
bump cosign version to 1.11.0 (#4398) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-08-24 15:24:44 +00:00
shuting
7b363612ad
Sync 1.7.3 Helm versions (#4395) 
Signed-off-by: ShutingZhao <shuting@nirmata.com>

Signed-off-by: ShutingZhao <shuting@nirmata.com>
 2022-08-24 14:26:21 +00:00
Charles-Edouard Brétéché
91373e1329
fix: goimports check not working in ci job (#4387) 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>
 2022-08-24 13:38:49 +00:00