kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	80c78a5439	fix: keep admission warnings (#5269 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-11-08 16:52:57 +00:00
Charles-Edouard Brétéché	060f7bb873	refactor: admission response utils (#5234 ) - refactor: admission response utils - unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-11-08 09:35:08 +00:00
Charles-Edouard Brétéché	6070092b6a	fix: image verification reports missing in admission mode (#5037 ) * fix: image verification reports missing in admission mode Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-19 11:25:47 +00:00
Pratik Shah	632bd99612	Fixed issue-4655: verifyImages is executed before mutate (#4996 ) Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-10-18 08:38:28 +00:00
Charles-Edouard Brétéché	b3021f5a57	refactor: openapi controller part 2 (#4910 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-12 22:24:16 +05:30
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché	665e513c5e	fix: split webhook handlers per failure policy (#4650 ) * fix: split webhook handlers per failure policy Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix handlers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * rolling update Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * better error message Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-09-26 15:55:46 +00:00
Charles-Edouard Brétéché	42a2df56c1	refactor: add a couple of constants in api (#4640 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 09:11:12 +00:00
Charles-Edouard Brétéché	316640c72b	fix: remove RCR from mutation webhook (#4636 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 09:04:50 +02:00
Charles-Edouard Brétéché	d558c12470	refactor: move generation handler out of webhooks package (#4570 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 19:49:38 +05:30
Charles-Edouard Brétéché	10638362dc	refactor: move image verification handler out of webhooks package (#4569 ) * refactor: move mutation handler out of webhooks package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: move image verification handler out of webhooks package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 15:05:57 +02:00
Charles-Edouard Brétéché	20b8697ad8	refactor: move mutation handler out of webhooks package (#4567 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 12:48:29 +02:00
Charles-Edouard Brétéché	3e5af370a5	refactor: move validation audit out of webhooks package (#4562 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 09:27:07 +00:00
Charles-Edouard Brétéché	e900815dc0	refactor: move validation handler out of webhooks package (#4556 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 07:52:38 +00:00
Charles-Edouard Brétéché	3e5645dd32	refactor: make webhook metrics helpers static (#4554 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 07:11:16 +03:00
Charles-Edouard Brétéché	16c2d880c8	refactor: move webhook events utils in utils package (#4545 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 18:10:27 +02:00
Charles-Edouard Brétéché	8fb0a9e8c7	fix: defer ur update until validation passes (#4540 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 12:53:08 +00:00
Charles-Edouard Brétéché	ed31fb0326	refactor: introduce ur updater (#4535 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 20:07:18 +08:00
Charles-Edouard Brétéché	f0fa50b27e	refactor: webhook block and unit tests (#4531 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 08:36:31 +00:00
Charles-Edouard Brétéché	f791717aad	refactor: webhook propagate start time along handlers (#4529 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 07:34:55 +00:00
Charles-Edouard Brétéché	8e33532b38	refactor: webhook exclusion and unit tests (#4528 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 06:19:18 +00:00
Charles-Edouard Brétéché	c8bbb5bead	refactor: utils for warnings and unit tests (#4523 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-07 14:01:42 +00:00
Charles-Edouard Brétéché	a95d61b9d7	refactor: client wrappers (#4519 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-07 12:01:43 +08:00
Charles-Edouard Brétéché	ee5f6d19a1	refactor: clean webhooks logs (#4484 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 23:48:14 +08:00
Charles-Edouard Brétéché	ae31378546	refactor: webhook policy context creation (#4480 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 16:52:36 +02:00
shuting	3bf3dcc1af	Add the metric "kyverno_client_queries_total" (#4359 ) * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-31 11:33:47 +05:30
Charles-Edouard Brétéché	0cc4d9b1f0	fix: duration metrics precision (#4393 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-24 19:08:42 +08:00
Jim Bugwadia	66c3b3b8d0	Fix pr image verify blocked (#4297 ) * update log levels Signed-off-by: Jim Bugwadia <jim@nirmata.com> * do not generate policy reports for blocked images Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-04 05:27:09 +00:00
Jim Bugwadia	943c3a1929	use failurePolicy to block or allow requests, on policy errors (#4183 ) * use failurePolicy to block or allow requests, on policy errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add warnings Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add unit tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle network errors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix linter issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix title conversion Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix path in generated file Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix fake metrics Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add check for klog flag initialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * check for flag reinitialization Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix spelling Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix flag init Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-08-02 20:24:02 +05:30
Tathagata Paul	3e2894b6fa	feat: Opentelemetry support for metrics and traces (#3910 ) * integrating opentelemetry Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fix multiple imports Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * fixed cli help statement Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> * added init file for metrics Signed-off-by: Tathagata Paul <tathagatapaul7@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-07-11 17:49:47 +00:00
Jim Bugwadia	58337716c8	Fix merging JSON patches (#4202 ) * fix merge of image verify and mutate patches Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update json patch merge logic Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-07-11 09:26:31 +05:30
shuting	47b1266503	- Disable events generation on DELETE; - Reduce event generation retry from 10 to 3 (#4159 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-06-28 11:58:23 +08:00
Charles-Edouard Brétéché	caa769fb1d	refactor: clean updaterequest generator (#3949 ) * refactor: clean updaterequest generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: clean updaterequest generator Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-23 22:39:12 +08:00
Charles-Edouard Brétéché	facac02e1d	fix: remove unused field (#3971 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-05-20 13:04:26 +02:00
Charles-Edouard Brétéché	41a3f6c388	chore: make kyverno informers and listers import aliases consistent (#3958 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make clients import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kube informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kyverno informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-05-18 04:02:31 +00:00
Charles-Edouard Brétéché	572a76ce33	chore: make kube informers and listers import aliases consistent (#3957 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make clients import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make kube informers and listers import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 17:51:03 +02:00
Charles-Edouard Brétéché	5243763674	chore: make dclient import aliases consistent (#3951 ) * chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make dclient api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-17 14:40:51 +00:00
Charles-Edouard Brétéché	c112aaefa1	refactor: separate resource mutation/validation handlers from server (#3908 ) * refactor: webhooks server logger Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: separate policy mutation/validation handlers from server Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * separate resource mutation from server code Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-05-16 22:36:21 +08:00

38 commits