mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3368 commits 16 branches 550 tags 288 MiB
Commit graph

141 commits

Author SHA1 Message Date
Arsh Sharma
e74a5c803c
adding a note to deprecate name in favour of names (#2096) 
Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-07-06 11:34:06 -07:00
Arsh Sharma
fbc80cdfae
adding support for multiple names in match and exclude blocks (#2010) 
* add names in rd struct

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added checking logic

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* updated yamls

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* wip: fix empty set problem

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* working with exclude

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fixing name and names

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added error if both name and names are specified

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* added tests

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* changed empty set logic, fixed whitespaces and comments

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>

* fix match and exclude bug

Signed-off-by: RinkiyaKeDad <arshsharma461@gmail.com>
 2021-06-28 22:31:22 -07:00
vivek kumar sahu
faa88699af
fix typo in policy struct (#1992) 
* Updates L-30  Signed-off-by: viveksahu26  vivekkumarsahu650@gmail.com

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>

* compile the code using

Signed-off-by: viveksahu26 <vivekkumarsahu650@gmail.com>
 2021-06-22 10:03:15 -07:00
shuting
f3ca1d78f1
Fix log message (#1779) 
* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update printer column - validation failure action

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-04-08 12:10:30 -07:00
Frank Jogeleit
072d9f7951
Add Support for policies.kyverno.io/severity annotation (#1763) 
Signed-off-by: Frank Jogeleit <fj@move-elevator.de>
 2021-04-07 14:56:27 -07:00
Shuting Zhao
7502e5da98 fix variable substitution in NumericOperatorHandler 
Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-18 13:40:14 -07:00
Arsh Sharma
ccfe8c443c
fix: added details regarding match.resources (#1654) 
* fix: added details regarding match.resources

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: made revisions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: removed if not statement

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-03-03 11:22:45 -08:00
Yashvardhan Kukreja
10c714d5ba
feat: [preconditions, conditions] added backwards-compatible support for logical operators (#1604) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 20:31:06 -08:00
Yashvardhan Kukreja
6f15432a21
added: make target to auto generate code (#1603) 
* added: make auto-generate target to sync the auto-generated code by kubebuilder

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>

* synced: all the auto-generable files with kubebuilder's controller-gen

Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-03-01 10:58:58 -08:00
Arsh Sharma
da8e449d3c
fix: removed validator (#1646) 
Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-26 11:27:21 -08:00
Arsh Sharma
a0d28f0b16
fix: list operators in deny conditions (#1641) 
* fix: list operators in deny conditions

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>

* fix: regenerated YAMLs

Signed-off-by: Arsh Sharma <arshsharma461@gmail.com>
 2021-02-25 19:13:35 -08:00
shuting
6fc349716c
Switch to use annotations to store resource info in cluster/reportChangeRequest (#1625) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes #1480

* store resource name and kind in (c)rcr's annotation
 2021-02-19 09:09:41 -08:00
Yashvardhan Kukreja
6b3ab3fe23
added: generic NumericOperator to handle numeric operations for kyverno policies (#1536) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-02-05 19:49:23 -08:00
Jim Bugwadia
ba9d003774
update APICall docs (#1534) 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
 2021-02-03 13:10:02 -08:00
Pooja Singh
32522e7827
namespace selector (#1532) 
* updated crd with namespace selector

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for validate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added condition in utils for namespace labels

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added function for extracting namespace label using lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added logic for generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added lister in generate

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* commented generate controller changes

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns lister

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in apply.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in generation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label in mutation.go

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added ns label for validation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* using dynaminc informer

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-02-03 13:09:42 -08:00
Jim Bugwadia
e8e3b93a5f
api server lookups (#1514) 
* initial commit for api server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* initial commit for API server lookups

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Enhancing dockerfiles (multi-stage) of kyverno components and adding non-root user to the docker images (#1495)

* Dockerfile refactored

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Adding non-root commands to docker images and enhanced the dockerfiles

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing base image to scratch

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Minor typo fix

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing dockerfiles to use /etc/passwd to use non-root user'

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* revert cli image name (#1507)

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Refactor resourceCache; Reduce throttling requests (background controller) (#1500)

* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix merge issues

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* fix unit test

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add nil check for API client

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

Co-authored-by: Raj Babu Das <mail.rajdas@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
 2021-02-01 12:59:13 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
Jim Bugwadia
2285e6b1b6 update docs 2020-12-14 02:38:33 -08:00
Jim Bugwadia
59ba4fe3ac add annotation wildcard support 2020-12-02 12:25:56 -08:00
Jim Bugwadia
76b6974fc2 update CRD docs 2020-12-01 23:19:08 -08:00
Shuting Zhao
45dd5b736d update short names, scope 2020-12-01 12:52:17 -08:00
shuting
370828afec
Fix typo, add short names (#1344) 
* fix typo

* add short names for report change request
 2020-11-30 23:26:49 -08:00
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2020-11-30 11:22:20 -08:00
Jim Bugwadia
2aeb5aa982 validate conditiona.operator as enum 2020-11-29 00:37:36 -08:00
Chip Zoller
7ee346b0de
column misspelling (#1290) 
* column misspelling

* edit description with tip about conditional adds

* Enhance bug report template
 2020-11-23 14:05:46 -08:00
Jim Bugwadia
cb6de3da35
Merge pull request #1276 from realshuting/bug_fixes 
Update CRDs
 2020-11-18 17:48:41 -08:00
Shuting Zhao
4be7528604 - reverse tag removal changes; - remove defaults 2020-11-18 17:36:06 -08:00
Shuting Zhao
c23c318052 remove tags 2020-11-18 17:16:47 -08:00
Shuting Zhao
8acc302336 remove default tag 2020-11-18 17:00:26 -08:00
Shuting Zhao
010c97f3ab remove background default tag 2020-11-18 16:46:08 -08:00
Jim Bugwadia
ed37395fbd
Merge pull request #1275 from realshuting/bug_fixes 
Bug fix - failed to generate reportChangeRequest due to exceeding the label size limit
 2020-11-18 15:30:28 -08:00
Shuting Zhao
168bb21093 add optional tag to gr.status 2020-11-18 15:07:12 -08:00
Chip Zoller
2c86496728
Add new sample policies (#1272) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos

* add EnsurePodProbesDifferent

* add DisallowSecrets policy

* add AddDefaultLabels policy

* typo
 2020-11-18 14:58:32 -08:00
Shuting Zhao
2d8092d97c fixes https://github.com/kyverno/kyverno/issues/1238 2020-11-18 14:31:43 -08:00
Shuting Zhao
50c72e871f - add status to gr; - add printer column to gr 2020-11-18 12:07:25 -08:00
Shuting Zhao
b9fb926ddb fixes for golint ./... 2020-11-17 13:07:30 -08:00
Shuting Zhao
9d7c304ffe update clusterpolicy description 2020-11-16 11:47:16 -08:00
Jim Bugwadia
46b1b7a0a0 update type docs 2020-11-15 18:51:48 -08:00
Shuting Zhao
2ff9d03b3f - set tag optional in generaterequest; - fix generate controller error log 2020-11-13 17:44:34 -08:00
Shuting Zhao
943935ee1b properly deserialize anyPattern 2020-11-13 16:25:51 -08:00
Shuting Zhao
365dd6e408 update kyverno crd types.go 2020-11-13 16:02:44 -08:00
Shuting Zhao
047b2b8739 update types.go to generate schema 2020-11-12 19:48:39 -08:00
Shuting Zhao
5c38aab03d temporary check in the types for referencing 2020-11-12 16:44:14 -08:00
Shuting Zhao
58bc63e1ad remove policy violation from types.go 2020-11-11 15:50:17 -08:00
Shuting Zhao
2292bf860b update policyreport group to wgpolicyk8s.io 2020-11-11 15:09:07 -08:00
shuting
5e07ecc5f3
Add Policy Report (#1229) 
* add report in cli

* policy report crd added

* policy report added

* configmap added

* added jobs

* added jobs

* bug fixed

* added logic for cli

* common function added

* sub command added for policy report

* subcommand added for report

* common package changed

* configmap added

* added logic for kyverno cli

* added logic for jobs

* added logic for jobs

* added logic for jobs

* added logic for cli

* buf fix

* cli changes

* count bug fix

* docs added for command

* go fmt

* refactor codebase

* remove policy controller for policyreport

* policy report removed

* bug fixes

* bug fixes

* added job trigger if needed

* job deletation logic added

* build failed fix

* fixed e2e test

* remove hard coded variables

* packages adde

* improvment added in jobs sheduler

* policy report yaml added

* cronjob added

* small fixes

* remove background sync

* documentation added for report command

* remove extra log

* small improvement

* tested policy report

* revert hardcoded changes

* changes for demo

* demo changes

* resource aggrigation added

* More changes

* More changes

* - resolve PR comments; - refactor jobs controller

* set rbac for jobs

* add clean up in job controller

* add short names

* remove application scope for policyreport

* move job controller to policyreport

* add report logic in command apply

* - update policy report types;  - upgrade k8s library; - update code gen

* temporarily comment out code to pass CI build

* generate / update policyreport to cluster

* add unit test for CLI report

* add test for apply - generate policy report

* fix unit test

* - remove job controller; - remove in-memory configmap; - clean up kustomize manifest

* remove dependency

* add reportRequest / clusterReportRequest

* clean up policy report

* generate report request

* update crd clusterReportRequest

* - update json tag of report summary; - update definition manifests; -  fix dclient creation

* aggregate reportRequest into policy report

* fix unit tests

* - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report

* remove

* generate reportRequest in kyverno namespace

* update resource filter in helm chart

* - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest

* generate policy report in background scan

* skip generating report change request if there's entry results

* fix results entry removal when policy / rule gets deleted

* rename apiversion from policy.kubernetes.io to policy.k8s.io

* update summary.* to lower case

* move reportChangeRequest to kyverno.io/v1alpha1

* remove policy report flag

* fix report update

* clean up policy violation CRD

* remove violation CRD from manifest

* clean up policy violation code - remove pvGenerator

* change severity fields to lower case

* update import library

* set report category

Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com>
Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
 2020-11-09 11:26:12 -08:00
Shuting Zhao
97e6382aaf update description 2020-11-03 16:57:47 -08:00
Shuting Zhao
d19a44d34c print fields failreAction and background for kyverno policy 2020-11-03 16:31:41 -08:00
Jim Bugwadia
ae0c09a05c remove ContextEntry.path (prototype for API server lookup) 2020-10-14 18:48:23 -07:00
Jim Bugwadia
4ea1126fce remove docs and update README.md 2020-10-14 17:39:45 -07:00