kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Author	SHA1	Message	Date
Khaled Emara	aceb7d5068	feat(gctx): retry logic (#10796 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-08-21 19:32:58 +00:00
Jim Bugwadia	f06399200c	remove wildcard permissions (#10785 ) * remove wildcard permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix background controller perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove secrets perm Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix reports-controller role Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add wildcard check and limit generate policy checks based on `synchronize` Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update manifest Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix wildcard check Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update default QPS and burst for better performance and to prevent test failure Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix perms Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix test permissions Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-20 11:55:32 +03:00
shuting	bd71af3291	feat: support `foreach` for `generate.data` (#10875 ) * chore: refactor Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add foreach for generate.daya to api Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: refactor generator Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update rule validation -2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: support foreach.data Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: policy validation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: context variables Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add a chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: sync on policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: enable new chainsaw tests in CI Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: validate targets scope for ns-policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: remove unreasonable test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-19 06:55:19 +00:00
Vishal Choudhary	06ffd1c961	feat: add support for sigstore bundle verification (#10567 ) * feat: add support for sigstore bundle verification Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: missed change Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: ci Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: another linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: add size check in layer Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-08-16 11:36:48 +00:00
Vishal Choudhary	f69ffe12ec	feat: add full regexp support to cosign (#10815 ) Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-08-16 07:03:59 +00:00
Garry O'Donnell	5a60836279	feat: add updateRequestThreshold config option to kyverno helm chart (#10739 ) Signed-off-by: Garry O'Donnell <garry.o'donnell@diamond.ac.uk> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-08-15 15:40:57 +00:00
Khaled Emara	95bf469fd5	fix(codegen): missing crd version (#10852 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-08-14 16:52:22 +00:00
Mohd Kamaal	90d4a961b6	Updated application logic to treat an empty 'group' string as the core API group for GlobalContextEntry (#10572 ) * Updated application logic to treat an empty 'group' string as the core API group for GlobalContextEntry Signed-off-by: Mohdcode <mohdkamaal2019@gmail.com> * Updated application logic to treat an empty 'group' string as the core API group for GlobalContextEntry Signed-off-by: Mohdcode <mohdkamaal2019@gmail.com> * Updated application logic to treat an empty 'group' string as the core API group for GlobalContextEntry Signed-off-by: Mohdcode <mohdkamaal2019@gmail.com> * Update global_context_entry_types.go Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com> --------- Signed-off-by: Mohdcode <mohdkamaal2019@gmail.com> Signed-off-by: Mohd Kamaal <102820439+Mohdcode@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-14 08:43:51 +00:00
Pradeep Lakshmi Narasimha	bbed507114	fix: Reconfigured metric kyverno_policy_results_total to kyverno_policy_results in grafana dashboard config #1325 (#10832 ) Signed-off-by: Pradeep Lakshmi Narasimha <pradeep.vaishnav4@gmail.com>	2024-08-13 18:40:03 +00:00
shuting	481798c836	refactor: update updaterequest to be created for each policy (#10793 ) * chore: remove v1beta1 updaterequest definitions Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update UR to map a policy instead a rule; adapt UR mapping changes for admission review Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update code-gen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: remove unused function Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add missing files Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update ur in policy controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: adapt ur changes in the background controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: more linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: modify mapping relationship for deletion events Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: remedy missing target for policy application Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: fetching logic for triggers Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: clean up targets upon policy deletion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * merge main Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: adds delay before assertion Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: wrong yaml format Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: update error handling logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable more debug info Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: makefile to update ur crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: generate existing Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: skip empty ur generation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-08-13 17:14:06 +00:00
Mariam Fahmy	c796bb765c	fix: return policies with either audit or enforce rules from the cache (#10667 ) * fix: return policies with either audit or enforce rules from the cache Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: introduce validationFailureAction under verifyImage rules Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add chainsaw tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-08-06 18:24:28 +00:00
Steven Kriegler	75fb7e1d1a	Remove cleanup cronjobs for updaterequests and ephemeralreports (#10760 ) * Remove cleanup cronjobs for updaterequests and ephemeralreports Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> * Cleanup Chart readme Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> * Run `make codegen-manifest-all` Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> --------- Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2024-08-06 07:41:04 +00:00
Charles-Edouard Brétéché	fc694bc24c	feat: add kyverno json support to validation rule (#10763 ) * feat: add kyverno json support to validation rule Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v2beta1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * validation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine handler Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * context functions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * better bindings Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-08-02 08:24:30 +00:00
Laurent Lavaud	04f4fc9a89	fix(helm): remove namespace from RoleBinding/roleRef field (#10685 ) - namespace is not a valid parameter for a RoleBinding/roleRef field Signed-off-by: Laurent Lavaud <laurent.lavaud@mirakl.com>	2024-07-19 11:56:11 +00:00
shuting	90b24c70e5	disable up cleanup crobjob (#10678 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-07-18 11:06:47 +00:00
Charles-Edouard Brétéché	56e58d684d	feat: remove reports chunking (#10597 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-07-04 08:10:16 +00:00
Charles-Edouard Brétéché	fed71ffaf6	feat: make reports breaker threshold configurable (#10596 ) * feat: make reports breaker threshold configurable Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * lower default threshold Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-07-03 14:44:28 +00:00
Mariam Fahmy	ff88c4c39a	feat: migrate validationFailureAction and validationFailureActionOverrides (#10528 ) * feat: migrate validationFailureAction and validationFailureActionOverrides under validate rule Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add unit tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-26 09:13:02 +02:00
Charles-Edouard Brétéché	28db48573a	feat: remove old reports from helm chart and disable cleanup jobs by default (#10533 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-25 13:34:26 +00:00
Mariam Fahmy	abe2a2310b	feat: migrate webhookTimeoutSeconds and failurePolicy (#10515 ) * feat: migrate webhookTimeoutSeconds and failurePolicy Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix lint issue Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-20 13:04:37 +00:00
Charles-Edouard Brétéché	b36a2ecdcc	feat: bump update request api version (#10508 ) * feat: bump update request api version Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * use v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-20 09:44:43 +00:00
Charles-Edouard Brétéché	a5254f7344	feat: remove old intermediate reports types (#10504 ) * feat: remove old ephemeral reports types Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 19:54:43 +00:00
Mariam Fahmy	9285006f7a	feat: add mutateExistingOnPolicyUpdate field under the mutate rule (#10461 ) * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: add mutateExistingOnPolicyUpdate field under the mutate rule Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-19 09:29:19 +00:00
Charles-Edouard Brétéché	6e1def1004	feat: remove v1alpha2 group/version (#10500 ) * feat: remove v1alpha2 group Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-19 08:08:15 +00:00
Vishal Choudhary	334594c128	feat: add support for cosign experimental OCI 1.1 signatures (#10228 ) * feat: add support for cosign experimental OCI 1.1 signatures Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: remove unrelated changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: requested changes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-18 23:03:53 +00:00
Andreas Kappler	386f39890e	chore: bump bitnami/kubectl to 1.30.2 (#10496 ) Signed-off-by: Andreas Kappler <github@andreaskappler.de> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-18 21:49:42 +00:00
Charles-Edouard Brétéché	7f57b9618a	feat: cleanup v2alpha1 kyverno api (#10457 ) * feat: cleanup v2alpha1 kyverno api Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-06-14 09:39:36 +00:00
Mariam Fahmy	846439b13e	feat: add generateExisting field under the generate rule (#10441 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-06-13 13:41:46 +00:00
shuting	fe8c429e78	fix: avoid creating duplicate urs for background policies (#10431 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: avoid duplicate URs creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: revert false changes Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: simplify background applications Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-12 15:23:53 +00:00
shuting	9e5c297dcf	feat: add a circuit breaker for updaterequests (#10382 ) * feat: add generator abstraction Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: replace urgenerator Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: ko build Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: load threshold from kyverno configmap Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add metadata client to get ur count Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade Signed-off-by: ShutingZhao <shuting@nirmata.com> * feat: add helm option to preserve configmap settings during upgrade 2 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: rename imports Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update codegen manifests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: handle nil value Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: linter issue Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update threshold to 1000 Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-06-11 08:54:51 +00:00
Linda Ārende	b9db2c176d	fix: indendation in priority configuration template (#10423 ) Fixes #10372 Signed-off-by: Linda Ārende <64084638+LindaArende@users.noreply.github.com>	2024-06-11 07:43:21 +00:00
mahdi alizadeh	12a2ba34b2	Add global tolerations (#10368 ) Signed-off-by: alizademhdi <alizademhdi@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-05 08:59:45 +00:00
shuting	5260b4f7bc	chore: bump k8s libs to 0.30 (#10285 ) * chore: bump k8s libs to 0.30 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump kubectl-validate Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix panic Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: fix linter Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump k8s Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix sum Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: indent Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: bump deps Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-06-04 15:09:44 +08:00
Thibaut Vanderhaegen	61969c5225	feat: ability to add custom policies in values file (#10320 ) * Ability to add custom policies in values file Signed-off-by: Thibaut Vanderhaegen <thibaut.vanderhaegen@linkurio.us> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: treydock <treydock@gmail.com>	2024-05-29 16:24:36 +00:00
shuting	022620ef43	feat: add cleanup cronjobs for (cluster)ephemeralreports (#10325 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-29 12:19:57 +00:00
shuting	084336c5f5	feat: add a cleanup cronjob to delete urs (#10249 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-05-29 10:23:54 +00:00
Vishal Choudhary	386f969f45	chore: bump tools and add kubernetes v1.30 to conformance (#10300 ) * chore: bump tools and add kubernetes v1.30 to conformance Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen and version fixes Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-05-24 07:37:49 +00:00
Nicolas Lamirault	6bd52a28fb	feat(helm): GrafanaDashboard configuration (#10254 ) * feat(helm): GrafanaDashboard configuration Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> * feat(helm): documentation Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com> --------- Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>	2024-05-20 23:38:47 +08:00
Victor Boissiere	70eb981539	feat: add cronjob ttl support (#10083 ) * feat: add cronjob ttl support Signed-off-by: Victor Boissiere <victor.boissiere@qonto.com> * fix: add artifacthub changes Signed-off-by: Victor Boissiere <victor.boissiere@qonto.com> * fix: run make codegen-helm-all Signed-off-by: Victor Boissiere <victor.boissiere@qonto.com> --------- Signed-off-by: Victor Boissiere <victor.boissiere@qonto.com>	2024-05-07 07:06:52 +00:00
treydock	87ef6f6f9b	Ensure CA certificate ConfigMaps get defined (#10156 ) Fixes #10141 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2024-05-02 07:33:13 +00:00
Franco Hielpos	87b8fa98b5	feat: update flowcontrol API version to v1 (#10061 ) Signed-off-by: Franco Hielpos <franco@giantswarm.io>	2024-04-24 15:59:14 +00:00
shuting	0257f060bf	chore(deps): bump k8s.io/apimachinery from 0.29.4 to 0.30.0 (#10087 ) * chore: bump apimachinary 0.30.0 Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update crds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-04-24 11:37:59 +05:30
André Bauer	693010563f	[kyverno helm chart] make webhook pod annotations configurable (#9875 ) * make webhook pod annotations configurable Signed-off-by: André Bauer <andre.bauer@staffbase.com> * run make codegen-helm-all Signed-off-by: André Bauer <andre.bauer@staffbase.com> --------- Signed-off-by: André Bauer <andre.bauer@staffbase.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-04-18 09:31:29 +00:00
Vishal Choudhary	83f2846572	feat: add TSA cert chain support in cosign (#9961 ) * feat: add TSA cert chain support in cosign Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add chainsaw test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add unit test Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: unit tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2024-03-30 20:50:07 +00:00
Vishal Choudhary	1a1954002f	fix: add rekor opts to cosign certificate verification and make rekor url optional (#9957 ) * fix: add rekor opts to cosign certificate verification and make rekor url optional Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2024-03-28 18:17:24 -07:00
rdark	0655f9c59d	Make ports configurable for background-controller & reports-controller (#9939 ) Signed-off-by: Richard Clark <richard@rvvup.com> Co-authored-by: Richard Clark <richard@rvvup.com>	2024-03-28 15:05:19 +00:00
Vishal Choudhary	baa9eb2fd3	chore: bump controller gen to 0.14.0 (#9953 ) * chore: update controller-gen version and cmd controller gen throws an error when multiple instances of the same generator 'crd' in this case is specified. See: kubernetes-sigs/controller-tools#829 Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: generate code Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-03-28 09:33:17 +01:00
Chip Zoller	299e4a0829	Default exclusions in webhooks (#9948 )	2024-03-27 14:49:36 +01:00
Khaled Emara	bd6eff61cb	chore(gctx): document schema better (#9923 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-03-20 19:34:40 +00:00
Khaled Emara	429e84be10	fix(globalcontext): panics and validation (#9903 )	2024-03-14 16:12:39 +00:00
Chahdro	bb0cf4c985	fix: Adjust chart templates to handle hostNetwork set to true (#9864 ) * fix(kyverno-chart): Adjust templates to handle hostNetwork set to true Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> * Change containerPort of cleanup-controller to use server port instead Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> --------- Signed-off-by: Chahdra Konlack <chahdra.konlack@equisoft.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-03-12 12:29:01 +00:00
Khaled Emara	511df7a466	fix(globalcontext): old WaitGroup not stopping (#9813 ) * fix(globalcontext): old waitgroup not stopping Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): add AGE Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): add lastRefreshTime Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): unhandled intormer run exception Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): comment wording Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): codegen Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): linter Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-02-27 18:24:39 +00:00
Jim Bugwadia	a95cd808a4	update versions (#9783 ) Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2024-02-26 07:26:37 +00:00
Khaled Emara	2b2587469d	feat: enhance global context (#9710 ) * feat(globalcontext): add event handling Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): handle cache sync error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): ensure api is called during init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(events): decouple events from policies a bit Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * feat(globalcontext): use status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): make status optional Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): status update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): codegen Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): delete yaml annotations Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): fix status in tests Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcotext): update enqueue func Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): error Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): rbac Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore(globalcontext): retry logic Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): unknown api call in test Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * bump Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix: set unique name for each testing resource Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: update readme Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: log msg Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add delays Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: delay gctce creation Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: check Kyverno status Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: update chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * debug: revert chainsaw config Signed-off-by: ShutingZhao <shuting@nirmata.com> * test(globalcontext): print actual status Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add necessary delays and check status before applying Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * test(globalcontext): long refreshInterval Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: log success Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print informer data Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): use client instead of informer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print status after update Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: print ResourceVersion Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * debug: remove gcecontroller from other controllers Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): update status only once Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * chore: remove excess logs Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): add store to cleanup controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-23 10:34:04 +00:00
Charles-Edouard Brétéché	7775541b46	fix: reports aggregation (#9697 ) * chore: rename admission to ephemeral in reports aggregation controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: reports aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * second queue Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nit Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-08 10:36:01 +00:00
Charles-Edouard Brétéché	37340266ba	fix: add missing migrations (#9657 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-05 20:11:35 +01:00
Khaled Emara	589446da5d	chore(globalcontext): drop globalcontext flag (#9652 ) Signed-off-by: Khaled Emara <mail@KhaledEmara.dev> Co-authored-by: shuting <shuting@nirmata.com>	2024-02-05 16:31:08 +00:00
Khaled Emara	8a4d9941de	feat: add globalcontext loader and interface (#9602 ) * feat(globalcontext): add interface Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): package import path Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(contextloader): move globalcontext from Load to init Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(globalcontext): remove pointer Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * design(globalcontext): create specific Store Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-05 11:24:37 +00:00
Anushka Mittal	dd46f9eaf0	sanity check in parent chart for crd-controller mismatch (#9608 ) * samity check in parent chart for crd-controller mismatch Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * shift checks to validate.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 18:28:05 +00:00
Charles-Edouard Brétéché	b532525321	fix: global context crd improvements (#9621 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 17:42:20 +00:00
Charles-Edouard Brétéché	2b712107d2	feat: consider maxAPICallResponseLength (#9620 ) * chore: move global context package out of engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: consider maxAPICallResponseLength Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 15:35:57 +00:00
Vishal Choudhary	10ae9e306c	feat: update refreshInterval in globalcontext CRD to use a duration (#9615 )	2024-02-02 12:06:51 +00:00
Charles-Edouard Brétéché	03af9831f3	feat: add global context support in helm chart (#9614 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 11:37:58 +00:00
Khaled Emara	226fa9515a	feat: add globalcontext controller (#9601 ) * feat: add globalcontext controller Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * rework controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cmd Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix rbac Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * engine Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * k8s resource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * resync zero Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * api call Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * clean Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-02 10:41:35 +00:00
Charles-Edouard Brétéché	1e0bac2d6f	feat: add global context crd to codegen (#9595 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 12:32:13 +00:00
Anushka Mittal	ce0c704086	Deploy specific controllers (#8849 ) * Initial changes for deploy specific controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Include correct values in values.yaml Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Remove check for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * Sanity checks for other controllers Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * resolve lint errors Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * add separate flags for all crds; conditions for controller crd relation Signed-off-by: anushkamittal2001 <anushka@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm global Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * values Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: anushkamittal2001 <anushka@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-02-01 10:14:05 +00:00
Swastik Gour	141e7d056f	feat: added ability to bump version using in-file editing (#8857 ) * added ability to bump version using in-file editing Signed-off-by: swastik959 <Sswastik959@gmail.com> * corrected error Signed-off-by: swastik959 <Sswastik959@gmail.com> * changed the name and added one Signed-off-by: swastik959 <Sswastik959@gmail.com> * added corrections Signed-off-by: swastik959 <Sswastik959@gmail.com> * few corrections Signed-off-by: swastik959 <Sswastik959@gmail.com> * makefile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm tmp Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: swastik959 <Sswastik959@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-31 22:24:56 +08:00
shuting	635f160ae0	feat (generate): add `orphanDownstreamOnPolicyDelete` to preserve downstream on policy deletion (#9579 ) * add chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * add .orphanDownstreamOnPolicyDelete Signed-off-by: ShutingZhao <shuting@nirmata.com> * update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * update docs Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-31 13:50:38 +02:00
Charles-Edouard Brétéché	2b824be667	fix: omit events flag (#9572 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 23:41:13 +00:00
Sanskar Gurdasani	e738dd0124	configured backoff limit in chart cronjobs (#9569 ) * configured backoff limit in chart cronjobs Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> * Update charts/kyverno/values.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Update charts/kyverno/values.yaml Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Sanskarzz <sanskar.gur@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 22:37:07 +00:00
Charles-Edouard Brétéché	9102753323	fix: make alternate reports storage transparent (#9553 ) * fix: make alternate reports storage transparent Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * bg scan Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rm manager Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fixes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 14:53:37 +00:00
Mariam Fahmy	831bf3c074	feat: reuse --protectManagedResources flag in the cleanup controller (#8566 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2024-01-30 07:08:30 +00:00
Charles-Edouard Brétéché	2f9951ed26	fix: helm chart jobs (#9555 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-30 00:34:09 +00:00
Chip Zoller	bf21328d39	Add Helm note for AKS users (#9552 ) * add note for AKS Signed-off-by: chipzoller <chipzoller@gmail.com> * add README paragraph Signed-off-by: chipzoller <chipzoller@gmail.com> * codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: chipzoller <chipzoller@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 23:42:42 +00:00
Charles-Edouard Brétéché	3234d0c1df	replace wildcard permissions with explicit resources/operations (#9516 ) * replace wildcard permissions with explicit resources/operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * core extra resources Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 13:35:05 +00:00
Charles-Edouard Brétéché	90cff77300	fix: CRDs codegen (#9542 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-29 09:45:52 +00:00
Marco Maurer (-Kilchhofer)	2ee9db072a	fix(policies): Add ability to configure skipBackgroundRequests (#9532 ) * fix(policies): Add ability to configure skipBackgroundRequests Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> * fix: Drop trailing spaces to fix CI Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> --------- Signed-off-by: Marco Maurer <mkilchhofer@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-27 17:42:22 +00:00
shuting	7170cbb0c2	feat:Webhook config per policy (#9483 ) * add spec.webhookConfigurations Signed-off-by: ShutingZhao <shuting@nirmata.com> * update crd Signed-off-by: ShutingZhao <shuting@nirmata.com> * configure webhook Signed-off-by: ShutingZhao <shuting@nirmata.com> * register webhook handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * skip storing finegrained policies in cache Signed-off-by: ShutingZhao <shuting@nirmata.com> * update resource validate handler Signed-off-by: ShutingZhao <shuting@nirmata.com> * updates Signed-off-by: ShutingZhao <shuting@nirmata.com> * enable mutate resource handler for fine-grained policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-27 13:00:22 +00:00
Brian Dunnigan	0ffb382282	#9529 Support adding extra elements to the default resourceFilters list (#9530 ) Signed-off-by: Brian Dunnigan <bdunnigan@clarityinnovates.com> Co-authored-by: treydock <tdockendorf@osc.edu>	2024-01-26 22:46:20 +00:00
Mariam Fahmy	f01f0d6dc4	feat: support podSecurity exclusion in exceptions (#9343 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-26 18:43:07 +00:00
Vishal Choudhary	e6c39f31a5	feat: add a new API group `reports.kyverno.io` (#9521 ) * feat: add new report interface Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: reports.kyverno.io/v1 apigroup Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * chore: codegen Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add report manager Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add reports manager to reports controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add alternateReportStorage to helm chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: report utils deepcopy Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * init flag Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: wrong return value Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-26 13:40:29 +00:00
Charles-Edouard Brétéché	451d362104	feat: add more granular rbac rules to remove wildcards (#9507 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-24 16:07:18 +00:00
Khaled Emara	3ef598c155	chore(helm): omit normal events by default (#9493 ) * chore(helm): omit normal events by default Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> * fix(tests): fix tests related to events Signed-off-by: Khaled Emara <khaled.emara@nirmata.com> --------- Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-24 13:16:18 +01:00
Vishal Choudhary	87c7ce254a	feat: add skipImageReferences in verify images (#8633 ) * feat: add skipImageReferences in verify images Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw tests Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: chainsaw-test.yaml Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: typo in assert Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-23 12:27:39 +00:00
Charles-Edouard Brétéché	0ec8e2292c	fix: align clusterroles and bindings names (#9482 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 15:37:20 +00:00
Charles-Edouard Brétéché	2f4b823030	feat: improve crd migration helm hooks (#9481 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-22 14:13:29 +00:00
Mariam Fahmy	5fc7e96890	feat: migrate existing cleanup policies to the new storage version in helm hook (#9420 ) * feat: migrate existing cleanup policies to the new storage version in helm hook Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: use kyverno CLI migrate command Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-22 12:53:36 +01:00
Khaled Emara	566db3abfd	helm: add profiling support (#9338 ) Signed-off-by: Khaled Emara <khaled.emara@nirmata.com>	2024-01-22 02:08:43 +00:00
Mariam Fahmy	ea748276bb	feat: migrate existing policy exceptions to the new storage version in helm hook (#9412 ) * feat: migrate existing policy exceptions to the new storage version in helm Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: add permissions for the admission controller to patch exceptions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix codegen Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * move migration hook to a separate directory Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * use cli Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: update admission controller permissions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2024-01-21 20:13:56 +00:00
shuting	6e5e7c745a	update bitnami/kubectl (#9408 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2024-01-16 06:04:29 +00:00
Mariam Fahmy	303fff21e3	feat: add podLabels to the hook jobs pod template (#9391 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2024-01-14 12:58:47 -05:00
treydock	cde4ac7154	Add global nodeSelector (#9339 ) Allow a global node selector to apply to all pods in the kyverno Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2024-01-05 23:28:16 +08:00
Gurmannat Sohal	6902a2b092	Unit tests for Pod Security Admission Integrations (#8585 ) * feat: enable field-restricted exclusions using the psa Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * fix ci error Signed-off-by: Liang Deng <283304489@qq.com> * initial unit tests * Add all remaining unit tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fine grain unit tests by adding fields and values * add detailed pod level exclusion and related tests * add tests for init & ephemeral containers * add kuttl tests for the new advanced support * add kuttl tests for the new advanced support * add readme for kuttl tests * add replacement in go.mod * resolving CI errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix ci errors Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * updating pod-security-admissio Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolving null pointer panic Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * resolved conformance error Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * chainsaw Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chainsaw Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove duplication Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix linting Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * remove over computation Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * added field checks, pss skip condition Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * correcting chainsaw tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * merge branch 'main' into unit-tests Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> * fix builds Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: Liang Deng <283304489@qq.com> Signed-off-by: Gurmannat Sohal <iamgurmannatsohal@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Gurmannat Sohal <95538438+itsgurmannatsohal@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Liang Deng <283304489@qq.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-26 22:28:08 +08:00
Charles-Edouard Brétéché	1ef82ab530	feat: stop serving v2alpha1 cleanup policies (#9270 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-25 20:42:19 +00:00
Frank Wittig	2a9262c325	Add imagePullSecrets to post-upgrade job (#9264 ) Signed-off-by: Frank Wittig <frank@e5k.de> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com>	2023-12-24 12:42:48 -05:00
Mariam Fahmy	5f09fa810c	chore: introduce v2 for updaterequests (#9267 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-23 00:09:02 +00:00
treydock	8308a6c69c	Support setting global extraEnvVars (#9269 ) Fixes #9243 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2023-12-22 22:07:11 +00:00
Charles-Edouard Brétéché	2b5aef75f1	feat: add cleanup policies v2 (#9261 ) * feat: add cleanup policies v2 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: test Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2023-12-22 20:43:27 +02:00
Mariam Fahmy	6bffca067a	chore: introduce v2 for internal reports resources (#9262 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>	2023-12-22 14:09:00 +00:00
Mariam Fahmy	b61a1f3d18	fix: set v2beta1 of exceptions the storage version (#9254 ) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2023-12-22 10:13:58 +00:00

1 2 3 4 5 ...

897 commits