mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-09 10:42:22 +00:00
Code Activity
Cloud Native Policy Management
6414 commits 20 branches 556 tags 292 MiB
Find a file
Vishal Choudhary 07877ef37a
feat: add custom keychains using fluxcd/oci/auth package (#7908) 
* feat:add usage of flux auth package for creating keychain

for every oci provider, we will create a client from flux and use its login() method

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add registry checking

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: update azure keychain to return anonymous kc

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: remove google keychain

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: kubeconfig redefined

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: fix kubeconfig flag being double defined

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* updated comments (#7902)

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#7918)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.2...v1.57.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#7919)

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.8.0...v5.8.1)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>

* refactor validating admission policies (#7835)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* feat: update default keychain in registry to be empty (#7906)

* feat: update default keychain to be empty

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update registryCredentialHelpers description

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: rename vap to its full name (#7929)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* fix(chart): only create ServiceMonitor if cluster supports it (#7926)

* fix: only create ServiceMonitor if cluster supports it

Adds an additional check to the ServiceMonitor template to ensure that
the cluster supports the `monitoring.coreos.com/v1` API version.

Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>

* add IITS Consulting as adopter from Google Form (#7932)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* Adding other folder's subfolders to workflows/conformance.yaml's tests array (#7927)

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>

* feat: add create metrics-config cli command (#7782)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump svenstaro/upload-release-action from 2.6.1 to 2.7.0 (#7940)

Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/svenstaro/upload-release-action/releases)
- [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md)
- [Commits](2b9d2847a9...1beeb572c1)

---
updated-dependencies:
- dependency-name: svenstaro/upload-release-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: shuting <shuting@nirmata.com>

* test: add tests for ghcr private repository (#7791)

* chore: organize constants better (#7941)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move cert.kyverno.io/managed-by label in constants (#7942)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: rename --compact to --detailed-results in CLI (#7937)

* fix: rename --compact to --detailed-results in CLI

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* rename compact arg

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move more constants (#7944)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add `create values` cli command (#7779)

* feat: add  cli command

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add create values cli command

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Removed usage of `replacements` from goreleaser.yml file (#7833)

* Changed goreleaser.yml file

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

* Changed syntax

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

* Small indent fix

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>

---------

Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* add 1.10.2 (#7947)

Signed-off-by: Chip Zoller <chipzoller@gmail.com>

* chore: move cache enabled label (#7949)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7952)

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.24.0 to 1.25.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.24.0...v1.25.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* doc: add feature flag guidelines (#7951)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>

* chore: move kyverno.io/verify-images constant (#7955)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: add ttl controller (#7821)

* added the ttl controller

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fixed label and vars

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added logger

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied fixes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* removed comments

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* more lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* applied changes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* minor fixes

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix logger, separate parse logic

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added tests

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added kuttl tests, validation utilities

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* commented code

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* renamed tests

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix test

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* created log.go

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix log.go

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added README.md refactor code

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added validation webhook

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* label-validation fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* added flag, updated verbs

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated verbs

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* updated helm chart

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* test fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* linter

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* imporoved webhook validation

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* linter fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix codegen

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* webhook names and path constants

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* constant label

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix label selector

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl test fix

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* helm docs

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix controller logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: manager logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix failure policy

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl tests

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* move kuttl tests in separate job

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove rbac steps

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* remove configmaps from core cluster role

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix logger

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* rename flag

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* kuttl

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix error

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix linter

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: rename ttl controller package (#7957)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore: move ttl formats to constants (#7958)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* feat: Add support for server-side-apply in generate rules (#7705)

* feat: Add support for server-side-apply in generate rules

Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>

* chore: run make codegen-all

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

* chore: Remove unnecessary file I got from copy/paste

Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>

---------

Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* refactor: ttl label validation (#7960)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump github.com/google/go-containerregistry (#7961)

Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.1-0.20230425172351-b7c6e9dc3944 to 0.16.1.
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml)
- [Commits](https://github.com/google/go-containerregistry/commits/v0.16.1)

---
updated-dependencies:
- dependency-name: github.com/google/go-containerregistry
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: fix cleanup controller debug in vscode (#7963)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: ttl cleanup controller events processing (#7964)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* test: add test to cleanup the same resource twice (#7965)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: ttl manager stop informer on error (#7966)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* chore(deps): bump slsa-framework/slsa-github-generator (#7968)

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: add basic structure for image verify cache (#7890)

* feat: add interface for image verify cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add basic client for cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add ttl to client

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add flags and flag setup

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: added a default image verify cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add propogation of cache to image verifier

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add useCache to image verification types

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: add ivcache to image verifier

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: add logger to cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* typo: DisabledImageVerfiyCache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* typo: DisabledImageVerfiyCache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* Update cmd/internal/flag.go

Signed-off-by: shuting <shutting06@gmail.com>

* feat: add use cache to v2beta1 crd

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* bug: change public attribute TTL to private

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: replace nil in test with disabled cache

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* fix: convert ttl time to time.Duration

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update opts to use time.Duration

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat:add policy version and remove delete functions

by adding policy version, old entries will automatically become outdated and we will not have to remove them manually

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: remove clear and update get and set to take interface as input

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* style: fix lint issue

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* Fixes kyverno cli container reorder  (#7943)

* added combine rule response

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added kyverno test cli tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added kyverno test cli tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* small nits

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* added ; in between the err messages

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* removed fixed rulename and ruletype

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>

* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (#7975)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.0...v0.15.1)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 (#7976)

Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0.
- [Release notes](https://github.com/golang/text/releases)
- [Commits](https://github.com/golang/text/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#7977)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0.
- [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix:Add Missing Severity Cases in SeverityFromString Function (#7974)

Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Co-authored-by: shuting <shuting@nirmata.com>

* feat(chart) Allow podSecurityContext and securityContext for webhooksCleanup (#7970)

Fixes #7962

Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* fix: Fixed issue with AddVariable that prevented certain variables (#7981)

When using a label or annotation with quoted dots, AddVariable was splitting inside the quote causing it to be improperly parsed and replaced

Signed-off-by: mvaal <mvaal@expediagroup.com>

* fix: Kyverno cli apply duplicate result counts  (#7945)

* removed repeated logic from kyverno_policies_types

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

fixed unit tests

* fixed unit tests

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* updated common.go logic

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* remove skip response logic from common.go

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

* fixed conflict

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>

---------

Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* fix: return err in load data (#7982)

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>

* fix, enhancement (#7988)

* fix, enhancement

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* lint

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

---------

Signed-off-by: Ved Ratan <vedratan8@gmail.com>

* fix: improve lint

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: update auth pkg

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* chore: fix go mod

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* feat: updated CLI keychains

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

* chore update fluxcd/pkg/auth@0.31.1

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>

---------

Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: hackeramitkumar <amit9116260192@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de>
Signed-off-by: Chip Zoller <chipzoller@gmail.com>
Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Signed-off-by: Ved Ratan <vedratan8@gmail.com>
Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Signed-off-by: Mike Bryant <mike@mikebryant.me.uk>
Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk>
Signed-off-by: shuting <shutting06@gmail.com>
Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com>
Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu>
Signed-off-by: mvaal <mvaal@expediagroup.com>
Co-authored-by: Amit kumar <amit9116260192@gmail.com>
Co-authored-by: shuting <shuting@nirmata.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
Co-authored-by: Alexej Disterhoft <github@disterhoft.de>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Pradyot Ranjan <99216956+prady0t@users.noreply.github.com>
Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com>
Co-authored-by: Mike Bryant <mike.bryant@mettle.co.uk>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
Co-authored-by: shuting <shutting06@gmail.com>
Co-authored-by: UgOrange <lichanghao.orange@bytedance.com>
Co-authored-by: treydock <tdockendorf@osc.edu>
Co-authored-by: Marcus Vaal <mvaal@expediagroup.com>
2023-09-07 11:47:36 +00:00
.devcontainer chore(deps): bump ubuntu from ec050c3 to aabed32 in /.devcontainer (#8241) 2023-09-04 09:43:09 +02:00
.github chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 (#8303) 2023-09-07 10:05:24 +00:00
.vscode chore: fix vscode launch.json for cli (#8209) 2023-09-01 11:02:48 +00:00
api refactor: introduce report utils package and use it in cli apply (#8203) 2023-09-01 09:20:39 +00:00
charts chore: remove validating admission policy support from v1.26 (#8294) 2023-09-07 07:50:56 +00:00
cmd feat: add custom keychains using fluxcd/oci/auth package (#7908) 2023-09-07 11:47:36 +00:00
config feat: generate backgroundscan reports for validating admission policies (#8135) 2023-09-05 11:42:17 +00:00
data feat: update built-in resource schemas (#7014) 2023-04-27 05:11:31 +00:00
docs docs: improve cli commands docs (#8259) 2023-09-05 05:14:28 +03:00
hack feat: improve instrumented clients (#7006) 2023-04-25 15:31:09 +00:00
img upload logo (#1560) 2021-02-08 13:09:37 -08:00
litmuschaos [Chore] Bump to Go 1.20 (#6683) 2023-04-03 11:40:47 +00:00
pkg feat: add custom keychains using fluxcd/oci/auth package (#7908) 2023-09-07 11:47:36 +00:00
scripts feat: add kuttl tests for validating admission policy backgroundscan reports (#8292) 2023-09-07 02:22:12 +00:00
test feat: add kuttl tests for validating admission policy backgroundscan reports (#8292) 2023-09-07 02:22:12 +00:00
.codeclimate.yml remove arm from goreleaser (#903) 2020-06-04 11:45:37 -07:00
.directory Implemented validation across same yaml 2019-06-20 18:21:55 +03:00
.gitignore fix: makefile build/kind targets and add target to save built images to files (#6416) 2023-02-28 09:33:53 +00:00
.golangci.yml chore: increase linter timeout (#7767) 2023-07-06 13:39:52 +00:00
.goreleaser.yml Removed usage of replacements from goreleaser.yml file (#7833) 2023-08-01 09:56:50 +02:00
.ko.yaml feat: template background controller (#6157) 2023-01-31 17:12:34 +01:00
.krew.yaml Remove s390X (#4063) 2022-06-03 08:11:12 +00:00
.nancy-ignore fix: nancy ignore file (#8132) 2023-08-27 20:48:49 +00:00
ADOPTERS.md add IITS Consulting as adopter from Google Form (#7932) 2023-07-28 15:37:03 +00:00
CHANGELOG.md feat: remove description from deprecated fields (#8186) 2023-08-31 22:23:44 +00:00
CODE_OF_CONDUCT.md Fix typos (#2860) 2021-12-18 20:03:16 +00:00
CODEOWNERS Adding myself to CODEOWNERS (#7755) 2023-07-05 15:29:57 +02:00
CONTRIBUTING.md Update CONTRIBUTING.md (#7872) 2023-07-21 06:14:32 +00:00
CONTRIBUTORS.md Adding myself to contributors.md (#7373) 2023-05-31 17:06:37 -07:00
DEVELOPMENT.md adding env to doc (#7813) 2023-07-21 06:46:14 +00:00
go.mod feat: add custom keychains using fluxcd/oci/auth package (#7908) 2023-09-07 11:47:36 +00:00
go.sum feat: add custom keychains using fluxcd/oci/auth package (#7908) 2023-09-07 11:47:36 +00:00
GOVERNANCE.md governance added (#6488) 2023-03-10 10:52:50 +00:00
LICENSE Create LICENSE 2019-06-05 23:00:32 -04:00
MAINTAINERS.md update (#8041) 2023-08-16 18:00:11 +00:00
Makefile refactor: cli test command (#8212) 2023-09-04 09:34:27 +00:00
OWNERS.md chore: add myself in approvers (#4990) 2022-10-15 23:55:00 +00:00
README.md bump versions, license (#6714) 2023-03-28 22:17:06 +00:00
renovate.json chore(deps): add renovate.json (#3471) 2022-03-29 16:09:23 +08:00
ROADMAP.md Add Roadmap.md and link to active releases / roadap (#6564) 2023-03-14 10:21:17 +00:00
SECURITY.md feat: security.md 2021-09-19 09:50:26 +05:30
sonar-project.properties Integrate Sonarcloud and Nancy github action (#3491) 2022-09-14 07:25:14 +00:00

README.md

Kyverno Tweet

Kubernetes Native Policy Management 🎉

build releaser Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices OpenSSF Scorecard codecov Artifact HUB FOSSA Status

logo

Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

📙 Documentation

Kyverno installation and reference documents are available at kyverno.io.

👉 Quick Start

👉 Installation

👉 Sample Policies

🙋‍♂️ Getting Help

We are here to help!

👉 For feature requests and bugs, file an issue.

👉 For discussions or questions, join the Kyverno Slack channel.

👉 For community meeting access, join the mailing list.

👉 To get updates star this repository.

Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

✔ Read and agree to the Contribution Guidelines.

✔ Browse through the GitHub discussions.

✔ Read Kyverno design and development details on the GitHub Wiki.

✔ Check out the good first issues list. Add a comment with /assign to request assignment of the issue.

✔ Check out the Kyverno Community page for other ways to get involved.

Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX JSON format. SBOMs for Kyverno images are stored in a separate repository at ghcr.io/kyverno/sbom. More information on this is available at Fetching the SBOM for Kyverno.

Contributors

Kyverno is built and maintained by our growing community of contributors!

Made with contributors-img.

License

Copyright 2023, the Kyverno project. All rights reserved. Kyverno is licensed under the Apache License 2.0.

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.