mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity
5239 commits 15 branches 540 tags 276 MiB
Commit graph

104 commits

Author SHA1 Message Date
shuting
fd9acf21a7
Auto-recover policy report (#1730) 
* auto-recover policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add flag background-scan to tune this interval

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup webhook configurations when Kyverno deployment is deleted

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reconcile policy reports if Kyverno Configmap changes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-25 12:28:03 -07:00
shuting
62a4a3a7da
Reduce throttling - skip sending API request for filtered resources (#1489) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-21 18:58:53 -08:00
shuting
3908808e7a
Rename filterK8Resources to filterK8sResources (#1452) 
* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources
 2021-01-07 11:27:50 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
Jim Bugwadia
c77944ddef
filter resources excluded in config (#1404) 2020-12-16 12:29:16 -08:00
Jim Bugwadia
ec95724e97
update webhook registration and monitor (#1318) 
* update webhook registration and monitor

* update log

* fix test

* improve logs

* improve logs

* format changes

* decrease interval for webhook config checks
 2020-11-26 16:07:06 -08:00
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Mohan B E
3690bf5fff
conditional anchor preprocessing for patch strategic merge (#1090) 
* conditional anchor preprocessing for patch strategic merge

* modified sequence pre processing and added unit test

* merged master

* go fmt

* corrected mistake and added error handling to policy validate
 2020-09-01 09:12:05 -07:00
Yuvraj
3799b52fc8
[BUG] filterK8Resources is not correctly configured using ConfigMap (#1059) 
* configmap issue fixed

* fixed e2e test

* helm template file added

* remove extra check

* string empty check removed
 2020-08-19 13:46:08 +05:30
shuting
d6062fdd47
Add go fmt (#1055) 
* remove empty flag

* format code

* revert change in install.yaml
 2020-08-14 12:21:06 -07:00
Yuvraj
4ee523dccf
default exclude group role (#1052) 2020-08-13 14:30:25 -07:00
Yuvraj
73840e3c5f
configrable rules added (#1017) 
* configrable rules added

* fix exclude group logic from code

* flag added in yaml

* exclude username added

* exclude username added

* config interface implimented

* configure exclude username

* get role ref

* test case fixed

* panic fix

* move from interface to slice

* exclude added in mutate

* trim strings

* configmap changes added

* kustomize changes for configmap

* k8s resources added
 2020-08-07 17:09:24 -07:00
Yuvraj
de570d577d fixed deployment name 2020-07-16 22:13:50 +00:00
Pooja Singh
59b2378274
reading kyverno svc from environment variable (#962) 
* reading kyverno svc from environment variable

* updated readme
 2020-07-04 19:35:31 -07:00
shuting
ed52bd3d9f
Add policy cache based on policyType (#960) 
* add policy cache based on policyType

* fetch policy from cache in webhook

* add unit test for policy cache

* update log for exclude resources filter

* skip webhook mutation on DELETE operation

* remove duplicate k8s version check

* add description
 2020-07-02 12:49:10 -07:00
Pooja Singh
ac5d69895a
removing hardcoded namespace from the code (#955) 
* removing hardcoded namespace from the code

* Added to helm chart

* removing hard-coded namespace and deployment name from config, generate, checker

* added namespace to configMap, service, serviceAccount

* updated installation documentation

passing `KYVERNO_NAMESPACE` while running in debug mode.

* Update installation.md

removing `kyverno` only namespace note
 2020-07-01 14:50:49 -07:00
Yuvraj
74db840b25
Added readiness and liveness prob (#874) 
* Added readiness and liveness prob

* typo fix

* port number fixed

* fixed the image name
 2020-05-26 18:03:32 -07:00
shivkumar dudhani
f94465a653 remove commented code 2020-03-26 07:59:37 -07:00
shivkumar dudhani
d327309d72 refactor logging 2020-03-17 16:25:34 -07:00
shivkumar dudhani
1b1ab78f77 logs & access 2020-03-17 11:05:20 -07:00
shravan
15656a0518 536 resolving merge conflicts 2020-02-15 22:32:42 +05:30
shravan
c4a8efbd7b Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-29 14:34:15 +05:30
shravan
865eb57812 resolving merge conflicts 2020-01-25 16:38:12 +05:30
Shivkumar Dudhani
8c1d79ab28
linter suggestions (#655) 
* cleanup phase 1

* linter fixes phase 2
 2020-01-24 12:05:53 -08:00
shravan
12076f6183 Merge branch 'master' into 253_ValidationInMutationFlag_v3 2020-01-24 23:32:15 +05:30
Shivkumar Dudhani
1171ac691b
cleanup phase 1 (#653) 2020-01-24 09:37:12 -08:00
shravan
79999c4948 extended cli 2020-01-17 00:05:15 +05:30
shravan
1b417f42dd changed validating webhook configuration names 2020-01-15 20:29:02 +05:30
shravan
8dc6b06d79 resolving merge conflicts 2020-01-11 18:33:11 +05:30
shivkumar dudhani
3df71f6fea Merge branch 'v1.1.0' into 507_bug 2019-11-18 11:44:17 -08:00
Shivkumar Dudhani
61b202c64a
420 init container (#501) 
* init container to cleanup stale webhook configurations if any.

* remove test code

* use internal pkg for os signals

* move webhook cleanup before http.server shutown.

* update make file and remove init

* update CI script
 2019-11-18 11:41:37 -08:00
shivkumar dudhani
3c3931b67b wat for cache sync and cleanup 2019-11-15 15:59:37 -08:00
shivkumar dudhani
57e8e2a395 Revert "wait for cache to sync and cleanup" 
This reverts commit 9c3b32b903.
 2019-11-15 15:57:18 -08:00
shivkumar dudhani
cde9d9d3cd Revert "missing file" 
This reverts commit cd43dba947.
 2019-11-15 15:56:46 -08:00
shivkumar dudhani
cd43dba947 missing file 2019-11-15 15:53:34 -08:00
shivkumar dudhani
9c3b32b903 wait for cache to sync and cleanup 2019-11-15 15:53:22 -08:00
shivkumar dudhani
f0505189d4 add log levels 2019-11-12 17:01:08 -08:00
Shivkumar Dudhani
1613434c46
458 cleanup (#464) 
* cleanup of policy violation on policy spec changes + refactoring

* remove unused code

* remove duplicate types

* cleanup references

* fix info log and clean code

* code clean

* remove dead code
 2019-11-08 20:45:26 -08:00
shivkumar dudhani
e022084dd0 add checker to verify if mutatingwebhook is enabled or not + refactoring 2019-10-30 13:39:19 -07:00
shivkumar dudhani
a287067315 add backward support for command line arguments for filtering resources 2019-10-29 10:56:28 -07:00
shivkumar dudhani
c119f0d34b split sync cache 2019-10-25 18:49:26 -05:00
shivkumar dudhani
64eab3d1d6 initial commit 2019-10-18 17:38:46 -07:00
shivkumar dudhani
7a43bed8e4 remove commented code + fix log param 2019-09-04 14:06:06 -07:00
shivkumar dudhani
c2e822c887 refactor webhook configuration 2019-09-04 13:43:12 -07:00
shivkumar dudhani
fa53519e2a change CRD Name to ClusterPolicy & ClusterPolicyViolations 2019-09-03 14:51:51 -07:00
shivkumar dudhani
6e74892548 reformat name 2019-08-27 14:59:17 -07:00
shivkumar dudhani
bfb16b0c11 create policy mutating webhook config resouce + refactoring 2019-08-27 14:52:56 -07:00
Shuting Zhao
c3d4dbf228 create separate validate webhook for policy validation 2019-07-02 18:42:07 -07:00
Shuting Zhao
9bdc0b17f6 rename kyverno-deployment in pkg/config/config.go 2019-06-27 13:38:51 -07:00
shuting
1013a8a637 Allow user to run Kyverno in debug mode 2019-06-10 18:10:51 -07:00
shivdudhani
c205cca38b introduce glog, remove log.logger references 2019-05-30 12:28:56 -07:00
shuting
09bfdc6ba3 - Change kube-policy to kyverno in install.yaml - Install in namespace kyverno 2019-05-21 18:36:24 -07:00
shuting
e878c8bc1e move config to pkg/config 2019-05-17 11:15:30 -07:00