kyverno

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 23:46:56 +00:00

Author	SHA1	Message	Date
Charles-Edouard Brétéché	e4bf66e756	feat: remove policy mutation for auto-gen rules (#5123 ) * feat: remove policy mutation code Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-25 23:43:46 +00:00
yinka	822dbdc011	feat: enable/disable Debug mode which shows entire AdmissionReview payload (#5024 ) * work in progress PR Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add custom request struct Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * pass debug mode option through constructor and replace logger with klogr Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * make changes Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * add another test case Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * removed unused function Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-21 16:17:49 +00:00
Charles-Edouard Brétéché	73712f3738	feat: add webhook server logger (#5063 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-19 13:12:55 +00:00
Charles-Edouard Brétéché	a0bcf7a966	fix: configure idle timeout in server (#5062 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-19 12:09:04 +00:00
Charles-Edouard Brétéché	6070092b6a	fix: image verification reports missing in admission mode (#5037 ) * fix: image verification reports missing in admission mode Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-19 11:25:47 +00:00
Charles-Edouard Brétéché	c4b3301ab0	fix: go routines not gracefully shut down in controllers (#5022 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Prateek Pandey <prateek.pandey@nirmata.com>	2022-10-19 08:54:48 +00:00
Pratik Shah	632bd99612	Fixed issue-4655: verifyImages is executed before mutate (#4996 ) Signed-off-by: Pratik Shah <pratik@infracloud.io>	2022-10-18 08:38:28 +00:00
Vyankatesh Kudtarkar	f5748b1e70	remove RBACInfo check (#5015 )	2022-10-17 14:47:06 +00:00
Charles-Edouard Brétéché	6270d40f50	fix: global anchor warning (#4962 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-17 17:15:57 +05:30
Vyankatesh Kudtarkar	f3e40efcd7	fix principal and role variables are not substituted (#5000 )	2022-10-17 05:16:14 +00:00
Charles-Edouard Brétéché	ea1b64ab08	fix: skip admission in dry run requests (#4994 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-17 04:01:06 +00:00
Charles-Edouard Brétéché	afe9036347	fix: add user info in admission request logs (#4969 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-14 16:29:48 +00:00
Charles-Edouard Brétéché	f0703a5c6b	fix: don't produce empty admission reports (#4966 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-14 15:55:51 +00:00
Charles-Edouard Brétéché	47780bf37f	fix: improve banned types management in reports (#4953 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-14 23:20:30 +08:00
XDRAGON2002	03c41e7746	[Cleanup] Disable PolicySkipped events (#4913 ) * remove skip events Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * update conditions Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * improve conditions Signed-off-by: Anant Vijay <anantvijay3@gmail.com> * remove redundant function Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Signed-off-by: Anant Vijay <anantvijay3@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-13 08:32:20 +00:00
Charles-Edouard Brétéché	b3021f5a57	refactor: openapi controller part 2 (#4910 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>	2022-10-12 22:24:16 +05:30
Charles-Edouard Brétéché	de67a507cd	refactor: openapi controller part 1 (#4901 ) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-10-12 11:38:48 +00:00
Charles-Edouard Brétéché	4aed9359cb	refactor: manage webhooks with webhook controller (#4846 ) * refactor: add config support to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: add client config to webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * migrate verify webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * v1 Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: move policy webhooks management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy validating webhook config Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watch policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * refactor: migrate resource webhook management in webhook controller Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * auto update and wildcard policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * policy readiness Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: can't use v1 admission Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce reconcile Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * health check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * runtime utils Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * watchdog check Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove delete from mutating webhook Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * cleanup Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-10-12 06:52:42 +00:00
shuting	e75b57e635	skip succeed rules when building the blocked return message (#4804 ) Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>	2022-10-04 10:34:37 +00:00
yinka	688b4fb8e3	add package logger in files (#4766 ) * add package logger in files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * add package logger to initContainer and other files Signed-off-by: damilola olayinka <holayinkajr@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * helm default values Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * release notes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: damilola olayinka <holayinkajr@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-10-02 19:45:03 +00:00
Charles-Edouard Brétéché	ac8f4ba59c	refactor: make server owner of the cleanup chan (#4765 ) * refactor: make server owner of the cleanup chan Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * gofumpt Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-30 16:13:29 +02:00
Charles-Edouard Brétéché	287eb84d07	refactor: use context in controllers instead of chan (#4761 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-30 16:54:47 +05:30
Eng Zer Jun	f40a3bc8f5	refactor: move from io/ioutil to io and os packages (#4752 ) The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2022-09-30 12:55:19 +05:30
Charles-Edouard Brétéché	e0ab72bb9a	feat: reports v2 implementation (#4608 ) This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>	2022-09-28 17:15:16 +05:30
Charles-Edouard Brétéché	665e513c5e	fix: split webhook handlers per failure policy (#4650 ) * fix: split webhook handlers per failure policy Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix handlers Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * rolling update Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * better error message Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-09-26 15:55:46 +00:00
Charles-Edouard Brétéché	42a2df56c1	refactor: add a couple of constants in api (#4640 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 09:11:12 +00:00
Charles-Edouard Brétéché	316640c72b	fix: remove RCR from mutation webhook (#4636 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-19 09:04:50 +02:00
Charles-Edouard Brétéché	d558c12470	refactor: move generation handler out of webhooks package (#4570 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 19:49:38 +05:30
Charles-Edouard Brétéché	10638362dc	refactor: move image verification handler out of webhooks package (#4569 ) * refactor: move mutation handler out of webhooks package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * refactor: move image verification handler out of webhooks package Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 15:05:57 +02:00
Charles-Edouard Brétéché	20b8697ad8	refactor: move mutation handler out of webhooks package (#4567 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 12:48:29 +02:00
Charles-Edouard Brétéché	3e5af370a5	refactor: move validation audit out of webhooks package (#4562 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 09:27:07 +00:00
Charles-Edouard Brétéché	e900815dc0	refactor: move validation handler out of webhooks package (#4556 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 07:52:38 +00:00
Charles-Edouard Brétéché	3e5645dd32	refactor: make webhook metrics helpers static (#4554 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-09 07:11:16 +03:00
Charles-Edouard Brétéché	16c2d880c8	refactor: move webhook events utils in utils package (#4545 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 18:10:27 +02:00
Charles-Edouard Brétéché	3b556abe63	chore: add unit test for updating ur status (#4541 ) * fix: defer ur update until validation passes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: add unit test for updating ur status Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 21:59:51 +08:00
Charles-Edouard Brétéché	8fb0a9e8c7	fix: defer ur update until validation passes (#4540 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 12:53:08 +00:00
Charles-Edouard Brétéché	ed31fb0326	refactor: introduce ur updater (#4535 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 20:07:18 +08:00
Charles-Edouard Brétéché	f0fa50b27e	refactor: webhook block and unit tests (#4531 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 08:36:31 +00:00
Charles-Edouard Brétéché	f791717aad	refactor: webhook propagate start time along handlers (#4529 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 07:34:55 +00:00
Charles-Edouard Brétéché	8e33532b38	refactor: webhook exclusion and unit tests (#4528 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-08 06:19:18 +00:00
Charles-Edouard Brétéché	c8bbb5bead	refactor: utils for warnings and unit tests (#4523 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-07 14:01:42 +00:00
Charles-Edouard Brétéché	a95d61b9d7	refactor: client wrappers (#4519 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-07 12:01:43 +08:00
Charles-Edouard Brétéché	317a3ae0bf	feat: add kyverno managed resources protection (#4414 ) * feat: add kyverno managed resources protection Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add toggle Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-06 15:43:04 +00:00
Charles-Edouard Brétéché	ee5f6d19a1	refactor: clean webhooks logs (#4484 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 23:48:14 +08:00
Charles-Edouard Brétéché	ae31378546	refactor: webhook policy context creation (#4480 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-09-01 16:52:36 +02:00
Charles-Edouard Brétéché	f243a7dd84	refactor: make toggles easier to define and use (#4456 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-31 06:41:14 +00:00
shuting	3bf3dcc1af	Add the metric "kyverno_client_queries_total" (#4359 ) * Add metric "kyverno_kube_client_queries_total" Signed-off-by: ShutingZhao <shuting@nirmata.com> * publish metric for missing queries Signed-off-by: ShutingZhao <shuting@nirmata.com> * Refactor the way Kyverno registers QPS metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * Move clientsets to a dedicated folder Signed-off-by: ShutingZhao <shuting@nirmata.com> * Wrap Kyverno client and policyreport client to register client query metric Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * address linter comments Signed-off-by: ShutingZhao <shuting@nirmata.com> * Switch to use wrapper clients Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>	2022-08-31 11:33:47 +05:30
Charles-Edouard Brétéché	144985ee5a	chore: fix golangcilint timeout (#4388 ) * chore: fix golangcilint timeout Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * fix commit sha Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * add .gitattributes Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-24 21:08:24 +08:00
Charles-Edouard Brétéché	0cc4d9b1f0	fix: duration metrics precision (#4393 ) Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>	2022-08-24 19:08:42 +08:00
Anutosh Bhat	d92e16526f	Added appropriate logging levels to log.Info() calls wherever necessary (#4341 ) * Added appropriate logging levels to log.Info() calls wherever necessary Signed-off-by: anutosh491 <andersonbhat491@gmail.com> * Changed logging levels to 2 Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Signed-off-by: anutosh491 <andersonbhat491@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>	2022-08-18 13:24:59 +00:00

1 2 3 4 5 ...

685 commits