mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
3580 commits 16 branches 550 tags 288 MiB
Commit graph

26 commits

Author SHA1 Message Date
Yashvardhan Kukreja
5fcd9b83d9
added: support for metrics configuration, periodic metrics cleanup and selective namespace whitelisting and blacklisting for metrics (#2288) 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-09-10 14:39:12 -07:00
Yashvardhan Kukreja
0a38f1c8ec
dealt with cardinality explosion (#2157) 2021-07-23 09:16:50 -07:00
Pooja Singh
cd9e596e7e
[Improvement] Kyverno should not delete downstream resources when a generate policy using the clone behavior has synchronize: true (#1880) 
* debuging issue

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* issue fixed

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* remove policy name in source resource

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* fixed deletion of GR on source updation

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added function in common

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* removing comments

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* added generated resource list to the log

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* small improvement

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>
 2021-06-30 12:00:02 -07:00
shuting
e9a972a362
feat: HA (#1931) 
* Fix Dev setup

* webhook monitor - start webhook monitor in main process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leaderelection

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* - add isLeader; - update to use configmap lock

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* - add initialization method - add methods to get attributes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* remove newContext in runLeaderElection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to GenerateController

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* skip processing for non-leaders

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* add leader election to generate cleanup controller

Signed-off-by: Jim Bugwadia <jim@nirmata.com>

* Gracefully drain request

* HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920)

* enable leader election for webhook register

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* extract certManager to its own process

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* leader election for cert manager

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* certManager - init certs by the leader

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update log message

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add leader election to policy report controller

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* rebuild leader election config

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start informers in leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* start policy informers in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* enable leader election in main

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* move eventHandler to the leader election start method

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add clusterrole leaderelection

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixed generate flow (#1936)

Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com>

* - init separate kubeclient for leaderelection - fix webhook monitor

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* address reviewdog comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup Kyverno managed resources on stopLeading

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* tag v1.4.0-beta1

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix cleanup process on Kyverno stops

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* bump kind to 0.11.0, k8s v1.21 (#1980)

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
Co-authored-by: vyankatesh <vyankateshkd@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
 2021-06-08 12:37:19 -07:00
Bricktop
d8ad5ba8c8
Remove unneeded fmt error (#1927) 
Signed-off-by: Marcel Mueller <marcel.mueller1@rwth-aachen.de>
 2021-06-01 10:54:21 -07:00
Yashvardhan Kukreja
43a138a12b feat: added kyverno_policy_rule_results_info metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-24 08:05:14 +05:30
Yashvardhan Kukreja
833d097c0a
feat: added kyverno_policy_changes_info metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 18:07:32 +05:30
Yashvardhan Kukreja
fea074f493
feat: added kyverno_policy_rule_info_total metric 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 18:07:32 +05:30
Yashvardhan Kukreja
bb80e1b641
added: initial prometheus client setup 
Signed-off-by: Yashvardhan Kukreja <yash.kukreja.98@gmail.com>
 2021-05-16 13:06:14 +05:30
Vyankatesh Kudtarkar
299547f376
Matched list to configure the matched resources (#1844) 
* Fix Dev setup

* initial commit

* add testcases for matchlist

* fix e2e issue

* fix comment

* fix issue

* fix lock issue

* revert changes

* fix cache issue

* Fix cache test

* fix policy object

* fix comments

* fix public methos issue

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-05-06 12:02:06 -07:00
Vyankatesh Kudtarkar
f921bf47d2
Bug fix -1855 : Errors updating cluster policy (#1863) 
* Fix Dev setup

* Bug fix -1855 : Errors updating cluster policy

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-05-03 14:58:57 -07:00
shuting
618a69961e
Disable auto-gen when a rule has mixed of kinds: pod & pod controllers (#1847) 
* disable auto-gen when a rule has mixed of kinds: pod & pod controllers

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* Bugfix :  Make match.resources.kinds required (#1843)

* Fix Dev setup

* make kind required in MatchResources

* add test cases

Co-authored-by: vyankatesh <vyankatesh@neualto.com>

* address PR comments

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* update background canAutoGen unit tests

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-04-29 14:59:37 -07:00
Vyankatesh Kudtarkar
caa6a90b27
Bug 1799: Fix mutate policy defaults and Fix endless look of auto-gen rules. (#1839) 
* Fix Dev setup

* Mutate policy defaults (1799)

* fix look for exclude ResourceDescription

* fix condition

* reuse code

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-04-29 09:51:23 -07:00
Vyankatesh Kudtarkar
e2cd04c91f
Fix #1446 :Failed to mutate policy (#1767) 
* Fix failed to mutate policy

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix autogen rule issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix issue

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* addPolicy and AddNsPolicy changes

* fix code indentation

* change kind -> policy

Signed-off-by: vyankatesh <vyankatesh@neualto.com>

* fix kind for policy

* fix comments

Co-authored-by: vyankatesh <vyankatesh@neualto.com>
 2021-04-07 16:34:45 -07:00
shuting
fd9acf21a7
Auto-recover policy report (#1730) 
* auto-recover policy report

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* add flag background-scan to tune this interval

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* cleanup webhook configurations when Kyverno deployment is deleted

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reconcile policy reports if Kyverno Configmap changes

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-03-25 12:28:03 -07:00
shuting
c692263177
Refactor resourceCache; Reduce throttling requests (background controller) (#1500) 
* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes https://github.com/kyverno/kyverno/issues/1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
 2021-01-29 17:38:23 -08:00
lengrongfu
fab777cdd5
add logging for policy creation and deletion events (#1445) 
* add logging for policy creation and deletion events

* update log message

* update log message kind type

Co-authored-by: lengrongfu <lengrongfu@baidu.com>
 2021-01-06 20:34:01 -08:00
NoSkillGirl
b4f473ec23 added crypto package 2021-01-04 19:10:36 +05:30
NoSkillGirl
e67747260b generate refactorings 2021-01-04 15:19:06 +05:30
NoSkillGirl
c66e2a7058 adding label to clone source 2020-12-29 18:04:20 +05:30
NoSkillGirl
c98240d5dc making sure older labels are not removed 2020-12-29 16:36:43 +05:30
shuting
2fc3b3b998
Fixes 1410 strategic merge patch (#1414) 
* fixes #1410

* fix unit test

* re-initialize worker immediately on failure
 2020-12-23 17:48:00 -08:00
shuting
3c5f9f8888
1398 - Reduce RCR throttling requests (#1406) 
* reduce RCR throttling requests by merging policy application (policy - namespace) results into single RCR

* - refactor policy controller; - fix RCR issue

* - refactor RCR controller; - fix cpolr on ns update; - reduce throttling when getting resources; - fix tests

* update CRD schema

* fix typo
 2020-12-21 11:04:19 -08:00
shuting
c1764a85d1
1370 clean up stale RCRs (#1373) 
* remove env "POLICY-TYPE"

* clean up resource in goroutine

* clean up stale RCRs on namespace deletion

* go vet

* clean up code
 2020-12-08 23:04:16 -08:00
shuting
ab5f2274f9
1314 validate rule (#1368) 
* fixes 1314

* fix panic
 2020-12-08 22:52:37 -08:00
Jim Bugwadia
2344b2c305
1319 fix throttling (#1341) 
* fix policy status and generate controller issues

* shorten ACTION column name

* update logs

Co-authored-by: Shuting Zhao <shutting06@gmail.com>
 2020-11-30 11:22:20 -08:00
Renamed from pkg/policy/controller.go (Browse further)