mirrors/kyverno: Cloud Native Policy Management

mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00

Cloud Native Policy Management

Find a file

Charles-Edouard Brétéché 3580034fa1 feat: improve webhooks rules generation (#11419 ) * feat: improve webhooks rules generation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * iterate per rule Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * reduce rules Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rework default operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * consider subresource Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregate operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * sort rules Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * ephemeralcontainers Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * aggregation Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * operations type Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * generate rules Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * nits Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * generate Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * all operations Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * collector changes Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * account for exclusions Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix exclusions when no operations specified Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * unit tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>		2024-10-21 12:56:21 +00:00
.devcontainer	chore(deps): bump ubuntu from `ab64a83` to `d4f6f70` in /.devcontainer (#11415 )	2024-10-16 09:10:54 +00:00
.github	chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions (#11439 )	2024-10-21 11:17:40 +00:00
.vscode	chore: add --reportsServiceAccountName in launch.json (#10943 )	2024-08-28 20:49:10 +00:00
api	Selector with mutate target (#11208 )	2024-10-16 11:17:08 +00:00
charts	feat: add options to configure resync period for informers in helm chart (#11420 )	2024-10-17 15:23:17 +08:00
cmd	feat: add options to configure resync period for informers in helm chart (#11420 )	2024-10-17 15:23:17 +08:00
config	feat: add options to configure resync period for informers in helm chart (#11420 )	2024-10-17 15:23:17 +08:00
data	feat: update built-in resource schemas (#7014 )	2023-04-27 05:11:31 +00:00
docs	Selector with mutate target (#11208 )	2024-10-16 11:17:08 +00:00
ext	chore: bump k8s libs to 0.30 (#10285 )	2024-06-04 15:09:44 +08:00
hack	chore(deps): bump sigs.k8s.io/controller-tools in /hack/controller-gen (#11385 )	2024-10-11 11:35:56 +00:00
img	upload logo (#1560 )	2021-02-08 13:09:37 -08:00
litmuschaos	[Chore] Bump to Go 1.20 (#6683 )	2023-04-03 11:40:47 +00:00
pkg	feat: improve webhooks rules generation (#11419 )	2024-10-21 12:56:21 +00:00
scripts	feat(ci): enhance load testing (#11429 )	2024-10-18 10:20:12 +00:00
test	feat(ci): enhance load testing (#11429 )	2024-10-18 10:20:12 +00:00
.chainsaw.yaml	chore: bump chainsaw (#10345 )	2024-05-30 09:01:23 +00:00
.codeclimate.yml	remove arm from goreleaser (#903 )	2020-06-04 11:45:37 -07:00
.directory	Implemented validation across same yaml	2019-06-20 18:21:55 +03:00
.gitignore	Unit tests for Pod Security Admission Integrations (#8585 )	2023-12-26 22:28:08 +08:00
.golangci.yml	feat: bump to k8s 1.31 (#10938 )	2024-08-28 17:09:58 +00:00
.goreleaser.yml	fix: go releaser config (#11135 )	2024-09-13 07:51:51 +05:30
.ko.yaml	feat: template background controller (#6157 )	2023-01-31 17:12:34 +01:00
.krew.yaml	Remove s390X (#4063 )	2022-06-03 08:11:12 +00:00
.nancy-ignore	extend timestamp (#10679 )	2024-07-19 16:59:28 +08:00
ADOPTERS.md	add Corestream as an adopter (#11263 )	2024-09-30 15:02:33 +08:00
CHANGELOG.md	feat: add flag to pass tuf root directly (#11103 )	2024-09-12 12:45:07 +08:00
CODE_OF_CONDUCT.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
CODEOWNERS	chore: remove MarcelMue (#11066 )	2024-09-10 10:26:25 +00:00
CONTRIBUTING.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
CONTRIBUTORS.md	move governance (#11138 )	2024-09-13 15:34:11 +08:00
DEVELOPMENT.md	Updated the outdated example mentioned in Development.md file with latest one (#10706 )	2024-07-24 07:18:39 +00:00
go.mod	chore(deps): bump github.com/prometheus/client_golang (#11413 )	2024-10-18 07:44:14 +00:00
go.sum	chore(deps): bump github.com/prometheus/client_golang (#11413 )	2024-10-18 07:44:14 +00:00
GOVERNANCE.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
LICENSE	Create LICENSE	2019-06-05 23:00:32 -04:00
MAINTAINERS.md	move governance (#11138 )	2024-09-13 15:34:11 +08:00
Makefile	feat(ci): enhance load testing (#11429 )	2024-10-18 10:20:12 +00:00
OWNERS.md	chore: add myself in approvers (#4990 )	2022-10-15 23:55:00 +00:00
README.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
ROADMAP.md	Update ROADMAP.md (#10420 )	2024-06-10 11:12:31 +00:00
SECURITY-INSIGHTS.yml	[Feature] Security Improvements based on CLOMonitor Checks (#9395 )	2024-01-19 10:50:17 +00:00
SECURITY.md	change security to point to org repo (#10716 )	2024-07-25 07:40:38 +00:00
sonar-project.properties	chore: fix sonar exclusions (#11119 )	2024-09-12 09:06:48 +00:00

README.md

Cloud Native Policy Management 🎉

Kyverno is a policy engine designed for cloud native platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can also be used to verify OCI images, for software supply chain security. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

📙 Documentation

Kyverno installation and reference documents are available at [kyverno.io] (https://kyverno.io).

👉 Quick Start

👉 Installation

👉 Sample Policies

🙋‍♂️ Getting Help

We are here to help!

👉 For feature requests and bugs, file an issue.

👉 For discussions or questions, join the Kyverno Slack channel.

👉 For community meeting access, see mailing list.

👉 To get follow updates ⭐️ star this repository.

➕ Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

✔ Read and agree to the Contribution Guidelines.

✔ Browse through the GitHub discussions.

✔ Read Kyverno design and development details on the GitHub Wiki.

✔ Check out the good first issues list. Add a comment with /assign to request assignment of the issue.

✔ Check out the Kyverno Community page for other ways to get involved.

Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX JSON format. SBOMs for Kyverno images are stored in a separate repository at ghcr.io/kyverno/sbom. More information on this is available at Fetching the SBOM for Kyverno.

Contributors

Kyverno is built and maintained by our growing community of contributors!

Made with contributors-img.

License

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.

README.md Unescape Escape

Kyverno