mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Cloud Native Policy Management

Find a file

belyshevdenis 0597c3ec4a NK-31: Decomposed controller initialization functions.		2019-03-15 19:22:06 +02:00
controller	NK-31: Implemented the application of policies in order of their creation timestamps.	2019-03-13 12:57:04 +02:00
crd	NK-31: Fixed "patches" field to "patch" in validation definition.	2019-03-14 18:05:24 +02:00
kubeclient	NK-31: Implemented creation TLS certificate	2019-03-15 19:03:55 +02:00
pkg/apis/policy	NK-31: Implemented validation of failurePolicy field.	2019-03-12 14:42:24 +02:00
scripts	NK-23: Fixed readme and deployment script, deleted extra resource.	2019-03-07 18:48:02 +02:00
server	NK-31: Implemented creation TLS certificate	2019-03-15 19:03:55 +02:00
utils	NK-31: Implemented creation TLS certificate	2019-03-15 19:03:55 +02:00
webhooks	NK-31: Added missed file	2019-03-15 17:58:16 +02:00
.gitignore	NK-10: Controller renamed to PolicyController. Created MutationWebhook class in new webhook package. Implemented filtering of incoming objects by Kind. Implemented simple usage of PolicyController in MutationWebhook.	2019-02-21 20:31:18 +02:00
Gopkg.toml	NK-31: Fixed toml file	2019-03-15 18:13:45 +02:00
init.go	NK-31: Decomposed controller initialization functions.	2019-03-15 19:22:06 +02:00
main.go	NK-31: Decomposed controller initialization functions.	2019-03-15 19:22:06 +02:00
README.md	NK-23: Fixed README.md	2019-03-07 18:51:14 +02:00

README.md

kube-policy

A Kubernetes native policy engine

Motivation

Examples

How it works

Build

Prerequisites

You need to have go and dep utils installed on your machine. Ensure that GOPATH environment variable is set to desired location. Code generation for CRD controller depends on kubernetes/hack, so before use code generation, execute:

go get k8s.io/kubernetes/hack

We are using dep

You can `go get`

Due to the repository privacy, you should to add SSH key to your github user to clone repository using go get command. Using go get you receive correct repository location ad $GOHOME/go/src which is needed to restore dependencies. Configure SSH key due to this article: https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/

After SSH key configured, you must tell git to use SSH. To do it use next command:

git config --global url.git@github.com:.insteadOf https://github.com/

After this is done, use next command to clone the repo:

go get github.com/nirmata/kube-policy

Or `git clone`

If you don't want to use SSH, you just can clone repo with git, but ensure that repo will be inside this path: $GOPATH/src/.

git clone https://github.com/nirmata/kube-policy.git $GOPATH/src/nirmata/kube-policy

Restore dependencies

Navigate to kube-policy project dir and execute: dep ensure This will install necessary dependencies described in README.md

Compiling

We are using code generator for custom resources objects from here: https://github.com/kubernetes/code-generator

Generate the additional controller code before compiling the project:

scripts/update-codegen.sh

Then you can build the controller:

go build .

Installation

There are 2 possible ways to install and use the controller: for development and for production

For development

At the time of this writing, only this installation method worked

Open your ~/.kube/config file and copy the value of certificate-authority-data to the clipboard
Open crd/MutatingWebhookConfiguration_local.yaml and replace ${CA_BUNDLE} with the contents of clipboard
Open ~/.kube/config again and copy the ip of the server value, for example 192.168.10.117
Run scripts/deploy-controller.sh --service=localhost --serverIp=<server_IP> where <server_IP> is a server from clipboard. This scripts will generate TLS certificate for webhook server and register this webhook in the cluster. Also it registers CustomResource Policy.
Start controller: sudo kube-policy --cert=certs/server.crt --key=certs/server-key.pem --kubeconfig=~/.kube/config

For production

To be implemented