kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 23:46:56 +00:00

Author	SHA1	Message	Date
Max Goncharenko	536f364724	Add AND logical operator support (#1539 ) Signed-off-by: Max Goncharenko <kacejot@fex.net>	2021-02-05 17:52:31 -08:00
Pooja Singh	32522e7827	namespace selector (#1532 ) * updated crd with namespace selector Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for validate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added condition in utils for namespace labels Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added function for extracting namespace label using lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added logic for generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added lister in generate Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * commented generate controller changes Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns lister Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in apply.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in generation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label in mutation.go Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added ns label for validation Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * using dynaminc informer Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-02-03 13:09:42 -08:00
Jim Bugwadia	0be7903c47	fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-02 00:20:03 -08:00
Jim Bugwadia	2bb812aa2d	redo changes reverted by merge Signed-off-by: Jim Bugwadia <jim@nirmata.com>	2021-02-01 23:22:19 -08:00
Jim Bugwadia	e8e3b93a5f	api server lookups (#1514 ) * initial commit for api server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * initial commit for API server lookups Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495) * Dockerfile refactored Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Adding non-root commands to docker images and enhanced the dockerfiles Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing base image to scratch Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * Minor typo fix Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * changing dockerfiles to use /etc/passwd to use non-root user' Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> * minor typo Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * revert cli image name (#1507) Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Refactor resourceCache; Reduce throttling requests (background controller) (#1500) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix merge issues Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix unit test Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add nil check for API client Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com> Co-authored-by: shuting <shutting06@gmail.com>	2021-02-01 12:59:13 -08:00
shuting	c692263177	Refactor resourceCache; Reduce throttling requests (background controller) (#1500 ) * skip sending API request for filtered resource * fix PR comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixes https://github.com/kyverno/kyverno/issues/1490 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix bug - namespace is not returned properly Signed-off-by: Shuting Zhao <shutting06@gmail.com> * reduce throttling - list resource using lister * refactor resource cache * fix test Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix label selector Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix build failure Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-29 17:38:23 -08:00
Pooja Singh	0396d5278e	added logic for generate policy with data (#1463 ) * added logic for generate policy with data Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * debuging data of configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed few print statements Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for configmap Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * logic for pod Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * restructured Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed println Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added comments Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * added test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * function rename Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * removed comment Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * small improvement Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * fixed test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * extract annotation and label from updated target resource Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * updated test cases Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>	2021-01-27 10:11:22 -08:00
shuting	d82f19be4e	Feature/fix dev mode execution (#1477 ) * add serverIP to X.509 certificate SANs * disable webhook monitor in debug mode Signed-off-by: Shuting Zhao <shutting06@gmail.com> Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2021-01-20 15:25:27 -08:00
shuting	3bc386955e	Remove unnecessary JSON patches; fixes strategicMergePatch for tolerations (#1478 ) * ignore certain paths when generates JSON patches Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove extra comment Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix https://github.com/kyverno/kyverno/issues/1339 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * resolve PR comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update comment Signed-off-by: Shuting Zhao <shutting06@gmail.com>	2021-01-19 11:08:06 -08:00
Jim Bugwadia	f93e3020e1	support nested JMESPATH var substitution (#1471 )	2021-01-14 10:46:51 -08:00
shuting	27e2b9abd5	Fix mutation panic (#1462 ) * fix #1454 * - add unit tests; - rename method	2021-01-08 16:45:39 -08:00
shuting	e7a04b9138	Fix memory leak - remove item from the cache once done (audit handler) (#1459 ) * remove entry from audit handler * fix test	2021-01-07 16:26:59 -08:00
Jim Bugwadia	3a4592ca3b	handle anchors for wildcard annotations	2021-01-07 11:24:38 -08:00
shuting	52d091c5a3	Improve / clean up code (#1444 ) * Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages	2021-01-06 16:32:02 -08:00
Jim Bugwadia	68474a9dd2	skip validation patterns for delete requests	2021-01-02 01:10:14 -08:00
Jim Bugwadia	58feb4f0ae	Merge pull request #1417 from kyverno/1337_match_old_resource update validation logic	2020-12-23 19:01:15 -08:00
Jim Bugwadia	d3a65a0b2a	fix patch resource in response	2020-12-23 18:51:07 -08:00
Jim Bugwadia	204c1f79fb	fix validate response	2020-12-23 18:46:12 -08:00
shuting	2fc3b3b998	Fixes 1410 strategic merge patch (#1414 ) * fixes #1410 * fix unit test * re-initialize worker immediately on failure	2020-12-23 17:48:00 -08:00
Jim Bugwadia	ed232ba118	add test case	2020-12-23 15:57:12 -08:00
Jim Bugwadia	e2f10c6f83	update validation logic	2020-12-23 15:10:07 -08:00
shuting	3c5f9f8888	1398 - Reduce RCR throttling requests (#1406 ) * reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR * - refactor policy controller; - fix RCR issue * - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests * update CRD schema * fix typo	2020-12-21 11:04:19 -08:00
Jim Bugwadia	c77944ddef	filter resources excluded in config (#1404 )	2020-12-16 12:29:16 -08:00
Shuting Zhao	75313b7462	update message	2020-12-09 14:41:20 -08:00
Jim Bugwadia	b7cecd04ed	Merge pull request #1375 from kyverno/1292_match_namespace match/exclude ns resource name	2020-12-08 23:05:42 -08:00
shuting	ab5f2274f9	1314 validate rule (#1368 ) * fixes 1314 * fix panic	2020-12-08 22:52:37 -08:00
Jim Bugwadia	d4327aeaeb	match/exclude ns resource name	2020-12-08 22:17:53 -08:00
Jim Bugwadia	6afd2e6f3a	ignore non-policy files in CLI and improve validation messages (#1362 ) * improve validation message * improve error behaviors * fix tests * fix tests	2020-12-07 11:26:04 -08:00
Jim Bugwadia	a64915128b	Revert "ignore non-policy files while loading" This reverts commit `c766512485`.	2020-12-06 11:12:54 -08:00
Jim Bugwadia	c80ac553f8	update validation messages	2020-12-06 10:54:10 -08:00
Jim Bugwadia	1c2262b6e2	merge main	2020-12-04 16:52:10 -08:00
Jim Bugwadia	f3b644f624	handle anchors in keys	2020-12-04 15:59:15 -08:00
Jim Bugwadia	13a9a4721a	wildcard label and annotation keys validate patterns (#1360 )	2020-12-04 12:05:24 -08:00
shuting	624b481df3	Fix 1351 - policy report (#1359 ) * ignore Kyverno CRDs existence check when server is not available * clean up cluster / reportChangeRequest * resolve PR comments * - fixes #1351; - clean up code * fo fmt	2020-12-04 10:04:46 -08:00
Jim Bugwadia	44afdf2f95	wildcard label and annotation keys validate patterns	2020-12-04 09:28:30 -08:00
Jim Bugwadia	59ba4fe3ac	add annotation wildcard support	2020-12-02 12:25:56 -08:00
Jim Bugwadia	8aa00106a5	add wildcard support for label key and values	2020-12-01 22:49:35 -08:00
Jim Bugwadia	50e5e7eedf	add wildcard support for label key and values	2020-12-01 22:48:56 -08:00
shuting	2ec5a0fa42	1319 fix throttling (#1348 ) * fix policy status and generate controller issues * shorten ACTION column name * update logs * improve naming * add temp logs for troubleshooting * cleanup logs * apply generate policy to old & new resource in webhook * cleanup log messages * cleanup log messages * cleanup log messages * fix clean up of policy report in init container Co-authored-by: Jim Bugwadia <jim@nirmata.com>	2020-12-01 12:30:08 -08:00
Shuting Zhao	bf0128726a	fix bug in configmap lookup - wrong return value for invalidType	2020-11-30 12:57:26 -08:00
Jim Bugwadia	251129d09b	fix wildcard match	2020-11-29 00:35:33 -08:00
Jim Bugwadia	27f9516eb2	allow wildcards in condition values	2020-11-28 23:38:44 -08:00
Jim Bugwadia	e67779eeb5	allow wildcards in condition values	2020-11-28 23:29:15 -08:00
Jim Bugwadia	52d8977aab	handle complex types for variable substitution	2020-11-25 14:21:01 -08:00
Jim Bugwadia	3dfe3169dc	add logger	2020-11-25 10:11:08 -08:00
Jim Bugwadia	125faaf4e3	fix variable substitution	2020-11-25 00:21:51 -08:00
Jim Bugwadia	75bd8e28f5	also trim in context query	2020-11-24 17:53:19 -08:00
Jim Bugwadia	54f816c246	trim variable for context lookups	2020-11-24 17:48:54 -08:00
shuting	e868dbfeb9	Fix 1287 - failed to update annotation through mutate policy (#1289 ) * fix 1287 * update mutate log	2020-11-24 10:11:05 -08:00
Shuting Zhao	2d8092d97c	fixes https://github.com/kyverno/kyverno/issues/1238	2020-11-18 14:31:43 -08:00

1 2 3 4 5 ...

655 commits