kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00

Author	SHA1	Message	Date
Prateek Nandle	a0d3f31851	updating version in Chart.yaml (#3618 ) * updatimg version in Chart.yaml Signed-off-by: Prateeknandle <prateeknandle@gmail.com> * changes from, make gen-helm Signed-off-by: Prateeknandle <prateeknandle@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-04-18 15:37:18 +00:00
Sambhav Kothari	ec4e4ba452	Add support for custom image extractors (#3596 ) Signed-off-by: Sambhav Kothari <skothari44@bloomberg.net>	2022-04-14 09:08:30 -07:00
Jim Bugwadia	f11cec73a8	fix imageVerify rule conversion (#3583 )	2022-04-12 10:03:34 +08:00
Jim Bugwadia	0f186afb3e	update imageVerify schema (#3574 ) * update imageVerify schema Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add optional Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * change nested/recursive types to apiextv1.JSON Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make codegen Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix message Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2022-04-11 16:47:27 +01:00
Ricardo Rosales	aba9c6ca95	Create `poddisruptionbudget.yaml` when `mode=ha` (#3536 ) Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Ricardo Rosales <728243+missingcharacter@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-04-04 23:02:05 +08:00
Charles-Edouard Brétéché	b4cf89e57f	feat: add webhooks object selector support (#3413 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 23:09:44 +08:00
treydock	8e8e7803ee	add missing namespace to role and rolebinding (#3389 ) (#3429 ) (#3485 ) Signed-off-by: Dominik Ruf <dominikruf@gmail.com> Co-authored-by: treydock <tdockendorf@osc.edu> Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Dominik Ruf <dominikruf@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-29 08:39:11 +00:00
Charles-Edouard Brétéché	20069c13c3	feat: stop mutating rules (#3410 ) * feat: stop adding autogen annotation Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: stop mutating rules Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: use toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: review comments Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-28 22:01:27 +08:00
Charles-Edouard Brétéché	f34d3c342d	refactor: add ValidationFailureAction to the api (#3451 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-03-23 08:59:41 +00:00
Abhi Kapoor	1b10f18086	Drop v1alpha1 PolicyReport CRD (#3437 ) * Drop v1alpha1 PolicyReport CRD Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Drop v1alpha1 kyverno package Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update Makefile to remove references for v1alpha1 Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com> * Update helm manifests Signed-off-by: abhi-kapoor <43758739+abhi-kapoor@users.noreply.github.com>	2022-03-22 17:08:25 +00:00
Charles-Edouard Brétéché	11bbb4f83e	refactor: replace ExcludeResources by MatchResources (#3444 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-22 14:24:40 +00:00
Sambhav Kothari	2239849f99	Fix incorrectly renamed file (#3443 ) Helm test files are not the same as kyverno test files. This should remain test.yaml. Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-03-22 09:41:42 +00:00
Aidan Delaney	4ec3b36f7f	Remove support for test.yaml (#3442 ) kyverno-test.yaml is now the only supported test file name Signed-off-by: Aidan Delaney <adelaney21@bloomberg.net>	2022-03-22 14:09:08 +05:30
Charles-Edouard Brétéché	30261b5235	feat: add conditions support (#3378 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-18 22:00:01 +08:00
Christian Kotzbauer	860253d6aa	[ImageVerify] Verify additional certificate-extensions (#3404 ) * feat: add additionalExtensions to keyless imageVerify Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de> * feat: regenerate code Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>	2022-03-17 08:42:12 +00:00
Charles-Edouard Brétéché	b0860ba177	fix: filter resources names with helm custom release name (#3361 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix: ignore resources by helm chart Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-17 07:51:08 +00:00
Charles-Edouard Brétéché	9e623bbf6e	feat: add rules to status (#3376 ) * fix: configmap resource filters generated by helm does not account for namespace Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add rules to status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-15 14:49:16 +00:00
Charles-Edouard Brétéché	8d08250e07	feat: add autogen controllers to policy status (#3332 ) * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * feat: add autogen controllers to policy status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 23:51:29 +08:00
Charles-Edouard Brétéché	78239a2947	chore: gen helm crds from config crds (#3356 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-03-10 15:07:48 +00:00
Charles-Edouard Brétéché	2987647692	fix: configmap resource filters generated by helm does not account for namespace (#3358 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-03-09 02:04:25 +08:00
Prateek Nandle	666130bf6c	updated description field of foreach (#3157 ) Signed-off-by: Prateeknandle <prateeknandle@gmail.com>	2022-03-07 19:26:19 +05:30
Gasmi Christophe	e0503088ec	Update generate clusterrole (#3336 ) - Update clusterrole.yaml - Fix apigroup for resourcequota and limitrange Signed-off-by: Christophe Gasmi <rekcah78@gmail.com>	2022-03-07 12:57:57 +05:30
Charles-Edouard Brétéché	1dd745f9a9	fix: helm install docs (#3312 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 15:49:19 +00:00
Charles-Edouard Brétéché	fef7bb6f0f	fix: seccomp profile (#3313 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 14:40:40 +00:00
Charles-Edouard Brétéché	c84939df00	chore: drop helm v2 (#3311 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-28 08:50:39 -05:00
Charles-Edouard Brétéché	c13f7a4fea	feat: gen kyverno helm chart docs (#3309 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-25 13:25:21 -05:00
Charles-Edouard Brétéché	b7f6fc81db	feat: gen kyverno-policies helm chart docs (#3301 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-02-25 16:22:00 +00:00
José Hisse	c8a31ab16a	fix: helm chart broken when use generatecontrollerExtraResources (#3302 ) Signed-off-by: José Hisse <josehisse@gmail.com>	2022-02-25 07:35:34 +00:00
Charles-Edouard Brétéché	c79b66d3a3	feat: support background mode configuration in kyverno-policies chart (#3299 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-24 16:31:51 +00:00
Charles-Edouard Brétéché	447bafbed5	fix: comma separated lists in config (#3290 ) This PR fixes comma separated lists in config. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-23 16:15:44 +00:00
Ryan White	c13aeca7fa	Modify capabilities for compatibility with Pod Security (#3274 ) Kyverno manifests are incompatible with the restricted Pod Security Standards included with Kubernetes 1.22 and 1.23 because the Pod Security admission controller looks for "ALL" in securityContext.capabilities.drop, but does not accept "all". `1b741f89aa/policy/check_capabilities_restricted.go (L88)` Signed-off-by: Ryan White <ryan@alzabo.io>	2022-02-22 08:14:17 +00:00
Rahul Sawra	1f60aee4b9	add helm pre-delete hook which deletes all the webhooks (#3148 ) * add helm pre-delete hook for graceful uninstallation of webhooks Signed-off-by: rahulii <r.sawra@gmail.com> * remove white spaces Signed-off-by: rahulii <r.sawra@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-02-17 00:16:51 +08:00
shuting	a970953d51	Sync latest changes to release/install.yaml (#3239 ) * sync latest changes to release/install.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> * bump chart versions Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-15 17:24:39 +00:00
shuting	1566d0d5fd	add aggregated role for generaterequest (#3240 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-15 16:15:10 +00:00
Adam Kosmin	5c91bb8217	Remove abstraction that doesn't work anyway (#3209 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-02-15 23:01:40 +08:00
Batuhan Apaydın	943fe2dd41	feat: ha mode support in helm chart (#3207 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: @necatican @f9n Signed-off-by: Emin Aktas <eminaktas34@gmail.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Yasin Taha Erol <yasintahaerol@gmail.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-15 15:57:23 +08:00
treydock	3f1a0bfd6c	Allow setting validationFailureActionOverrides for policies (#3201 ) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>	2022-02-09 16:24:35 +08:00
Batuhan Apaydın	9661ea8584	feat: fix app version in NOTES.txt (#3189 ) Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Erkan Zileli <erkan.zileli@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com>	2022-02-07 15:00:08 -05:00
Sambhav Kothari	25c2ad11e4	Fix unused tagTest in helm chart tests (#3174 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-02-04 23:12:12 +00:00
treydock	4e0d8ca612	Update kyverno-policies chart with latest pod-security policies (#3126 ) * Update kyverno-policies chart with latest pod-security policies Fixes #3063 Fixes #2277 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README to have better example Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use chart testing during e2e to test against ci values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix e2e tests for Helm chart Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Fix Kyverno chart testing to actually test values, and fix networkpolicy template Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update README for exclusion Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Allow adding 'other' policies via Helm Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update Chart.yaml for kyverno-policies Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Bump minimum Kubernetes version in charts Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Update kyverno-policies chart readme Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use version that should catch all pre-releases (part 2) Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * Use same logic to get git tag by using Makefile target for updating Helm values Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Prateek Pandey <prateekpandey14@gmail.com>	2022-02-04 14:47:36 +08:00
Abhinav Sinha	11311a15df	Filter kyverno resources instead of entire kyverno namespace (#3170 ) Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>	2022-02-04 00:38:47 +00:00
shuting	326d141a6d	bump chart versions (#3160 ) Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-03 09:31:10 +00:00
shuting	ae4d148318	Update dev image tag in Make targets (#3159 ) * - update dev images tag; - update chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update to use dev tag when setting up e2e tests infra Signed-off-by: ShutingZhao <shuting@nirmata.com> * default chart test image tag for busybox to latest Signed-off-by: ShutingZhao <shuting@nirmata.com> * set image tag to latest for chart testing Signed-off-by: ShutingZhao <shuting@nirmata.com> * correct tag Signed-off-by: ShutingZhao <shuting@nirmata.com> * remove test tag in e2e.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-02-03 15:41:58 +08:00
Prateek Pandey	b25f3439aa	add missing patch verbs in event clusterrole (#3151 ) As part of tighten and clarify Kyverno roles and permissions, PR #2799 we missed to update the charts templates events clusterroles. Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>	2022-02-02 07:24:04 +00:00
Kevin Welter	daf24a28f8	improve antiAffinity and add podAffinity and nodeAffinity for kyverno helm chart (#3067 ) * add nodeAffinity for kyverno helm chart Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * quite better and more open solution for affinity in helm chart. it assist all kinds of other affinitys Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * fix typo in parameter Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * make affinity selection easier - return to antiAffinity for less change Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * return to antiAffinity to make change easier Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * add documentation for new values and helm functions Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * simplified again the use of new affinities. Dont need to extra enable if you insert affinities Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * fix "if" of the affinity block Co-authored-by: treydock <treydock@gmail.com> Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * Now finaly renamed values to avoid braking change; adjust readme for the parameter names Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * alphabetic order readme Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> Co-authored-by: Kevin Welter <kevin.welter@digital-nx.com> Co-authored-by: treydock <treydock@gmail.com>	2022-01-28 15:05:41 +00:00
Sambhav Kothari	b27248111f	Add b/w compat support for K8s version 1.20 and below for Kyverno 1.6 (#3100 ) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>	2022-01-27 07:27:58 +00:00
Batuhan Apaydın	3be48b9fb5	fix: typo Cluter to Cluster (#3092 ) Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>	2022-01-26 22:02:17 +00:00
Kumar Mallikarjuna	e42908a85a	Add KYVERNO_DEPLOYMENT to initContainer (#3086 ) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com>	2022-01-25 23:50:19 +08:00
Tathagata Paul	f7f4828dcd	Fix documentation for helm charts (#3056 ) Signed-off-by: 4molybdenum2 <tathagatapaul7@gmail.com>	2022-01-23 12:13:01 -05:00
Kumar Mallikarjuna	5ad0d15240	Namespace Specific ValidationFailureAction (#2794 ) * Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>	2022-01-21 12:36:44 +00:00

1 2 3 4 5 ...

395 commits