mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
2244 commits 15 branches 540 tags 276 MiB
Commit graph

165 commits

Author SHA1 Message Date
Jim Bugwadia
32cd23963a
Bugfix/878 fix disallow sysctls (#899) 
* - support wildcards for namespaces

* do not annotate resource, unless policy is an autogen policy

* close HTTP body

* improve messages

* only check sysctls if security context is defined
 2020-06-03 17:46:01 -07:00
shuting
5f20cdfb07
remove cpu limit in BP require_pod_requests_limits.yaml (#807) 
* remove cpu limit in BP require_pod_requests_limits.yaml

* update test
 2020-04-13 09:29:11 -07:00
Shuting Zhao
c0eda74b98 update doc 2020-03-04 17:40:33 -08:00
Shuting Zhao
f4cc5d30fc Add rules to disallow default namespace for pod controllers. 2020-03-04 17:37:51 -08:00
Jim Bugwadia
3903a20dd3
Remove autogen annotation 
Remove `pod-policies.kyverno.io/autogen-controllers: none`
 2020-02-07 17:13:56 -08:00
Shuting Zhao
b26ed89880 - set failurepolicy of webhookconfiguraitons to ignore; - disable auto-gen on policy disabllow_default_namespace 2020-01-15 18:01:50 -08:00
Shuting Zhao
5330138048 fix build error 2020-01-10 19:35:29 -08:00
Shuting Zhao
8de265d8a4 - update samples/policy - retag 1.1.0 2020-01-10 19:26:09 -08:00
Shivkumar Dudhani
3cf9141f4d
593 feature (#594) 
* initial commit

* background policy validation

* correct message

* skip non-background policy process for add/update

* add Generate Request CR

* generate Request Generator Initial

* test generate request CR generation

* initial commit gr generator

* generate controller initial framework

* add crd for generate request

* gr cleanup controller initial commit

* cleanup controller initial

* generate mid-commit

* generate rule processing

* create PV on generate error

* embed resource type

* testing phase 1- generate resources with variable substitution

* fix tests

* comment broken test #586

* add printer column for state

* return if existing resource for clone

* set resync time to 2 mins & remove resource version check in update handler for gr

* generate events for reporting

* fix logs

* initial commit

* fix trailing quote in patch

* remove comments

* initial condition (equal & notequal)

* initial support for conditions

* initial support fo conditions in generate

* support precondition checks

* cleanup

* re-evaluate GR on namespace update using dynamic informers

* add status for generated resources

* display loaded variable SA

* support delete cleanup of generate request main resources

* fix log

* remove namespace from SA username

* support multiple variables per statement for scalar values

* fix fail variables

* add check for userInfo

* validation checks for conditions

* update policy

* refactor logs

* code review

* add openapispec for clusterpolicy preconditions

* Update documentation

* CR fixes

* documentation

* CR fixes

* update variable

* fix logs

* update policy

* pre-defined variables (serviceAccountName & serviceAccountNamespace)

* update test
 2020-01-07 15:13:57 -08:00
shuting
2d022d457a
Merge pull request #584 from nirmata/371_omitempty 
add anchors for omitempty tag
 2020-01-02 11:17:31 -08:00
Shuting Zhao
d36934fe11 Merge commit '5b8ab3842b43a72cc675b93b8b72e290adfca1d2' into 518_pod_controller 
# Conflicts:
#	pkg/api/kyverno/v1/types.go
#	pkg/engine/mutation.go
#	pkg/engine/mutation_test.go
#	pkg/engine/validation.go
#	pkg/policy/existing.go
 2020-01-02 10:32:17 -08:00
Shuting Zhao
e9ac8b8b28 update markdown 2019-12-30 16:45:22 -08:00
Shuting Zhao
456190b7f8 remove failure action 2019-12-30 13:55:02 -08:00
Shuting Zhao
d33a89cc0f add anchors for omitempty tag 2019-12-30 13:53:51 -08:00
Shuting Zhao
bae2865550 - add =() to volumes; - update error msg 2019-12-27 14:59:12 -08:00
shivkumar dudhani
66e0181157 update tests 2019-12-10 10:26:04 -08:00
shivkumar dudhani
4894577ba1 update documentation 2019-12-10 09:51:15 -08:00
shivkumar dudhani
ee20fcd4a0 Update Name 2019-12-09 15:33:21 -08:00
shuting
ae53fa1bfc
Merge pull request #512 from nirmata/local_test 
Add generate rule for default limitrange
 2019-11-18 17:33:43 -08:00
Shuting Zhao
67d9808002 change markdown and link name 2019-11-18 16:55:14 -08:00
Shuting Zhao
42a6a87c41 update markdown 2019-11-18 14:53:51 -08:00
shivkumar dudhani
4edf06047e update policy 2019-11-15 21:16:11 -08:00
Shuting Zhao
8343eaf0a8 add generate rule for default limitrange 2019-11-15 18:32:24 -08:00
Jim Bugwadia
eb24b7502b update policy name 2019-11-13 23:31:04 -08:00
Shuting Zhao
4ea6898f00 add missing key in sample meta 2019-11-13 20:06:43 -08:00
Shuting Zhao
051eba058f update api in samples/ 2019-11-13 13:56:20 -08:00
Shuting Zhao
45dc0bd358 Merge commit 'da5c03f89df3007088b27fc84b08827170e16eda' into 345_support_usergroup_info 
# Conflicts:
#	test/scenarios/samples/best_practices/add_safe_to_evict2.yaml
 2019-11-13 00:31:07 -08:00
Jim Bugwadia
f1fafb184b
fix sp 2019-11-12 17:41:29 -08:00
Jim Bugwadia
e7536fbf44
fix sp 2019-11-12 17:40:54 -08:00
Jim Bugwadia
50952fbf48
fix case 2019-11-12 17:39:12 -08:00
Jim Bugwadia
7131711bb4
fix typos 2019-11-12 17:34:21 -08:00
Jim Bugwadia
424199041c
Update DisallowBindMounts.md 2019-11-12 17:33:25 -08:00
Jim Bugwadia
48cd71a576 fix add_ns_quota policy 2019-11-12 16:37:40 -08:00
Shuting Zhao
fb2cc2db9c fix tests 2019-11-11 21:40:42 -08:00
Shuting Zhao
85d04f609c remove overlay failure conditionNotPresent as it allows the tag not present 2019-11-11 21:03:34 -08:00
Shuting Zhao
5a3ed62b13 Merge branch 'master' into 345_support_usergroup_info 
# Conflicts:
#	pkg/engine/validation_test.go
#	pkg/webhooks/annotations.go
#	pkg/webhooks/annotations_test.go
#	pkg/webhooks/mutation.go
#	pkg/webhooks/server.go
#	pkg/webhooks/validation.go
 2019-11-11 19:19:08 -08:00
Shuting Zhao
6c8f4f90da fix patches annotation 2019-11-11 18:52:26 -08:00
Jim Bugwadia
8348c5761c fix tests 2019-11-11 18:51:21 -08:00
Jim Bugwadia
31d33c5de1 update categories and links 2019-11-11 18:21:16 -08:00
Jim Bugwadia
8ac71a885c update sections 2019-11-11 18:10:34 -08:00
Jim Bugwadia
87be5ca4b8 update policies and test cases 2019-11-11 17:55:54 -08:00
Jim Bugwadia
3ffb0cfa39 add disallow_sysctl and move policies 2019-11-11 17:17:09 -08:00
Jim Bugwadia
05503e4fd1 update other policies 2019-11-11 14:09:07 -08:00
Jim Bugwadia
dd4d091c23 update restrict_automount_sa_token 2019-11-10 21:57:20 -08:00
Jim Bugwadia
5b2fd96131 update LimitNodePort 2019-11-10 21:34:22 -08:00
Jim Bugwadia
5e8b6c4183 update add_networkPolicy 2019-11-10 21:27:50 -08:00
Jim Bugwadia
244909ebb3 update require_probes 2019-11-10 21:18:17 -08:00
Jim Bugwadia
c1be682a93 update require_pod_requests_limits 2019-11-10 21:06:49 -08:00
Jim Bugwadia
f668113904 update add_ns_quota 2019-11-10 20:58:57 -08:00
Jim Bugwadia
a6d5fb6e30 update restrict_image_registries 2019-11-10 18:13:01 -08:00