mirrors/kyverno: Cloud Native Policy Management

mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

Cloud Native Policy Management

Find a file

Vishal Choudhary c0d6eaddb3 feat: delete webhook configurations after kyverno is uninstalled (#10782 ) * feat: delete webhook configurations after kyverno is uninstalled Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: optionally add permissions Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: linter Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: disable finalizers in latest manifest Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: move webhook cleanup to webhooks controller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add finalizers on deployment Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: refactor Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add roles to cleanupcontroller Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add cleanup to generic controllers Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add webhook cleanup in generic controllers Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: remove unnecessary clusterrole and clusterrole bindings Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: make this behaviour opt-in Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: reconcile webhook setup on deployment change Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * fix: update codegen and remove unused vars Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add finalizers to chart Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>		2024-09-04 10:59:59 +00:00
.devcontainer	chore(deps): bump ubuntu from `2e863c4` to `8a37d68` in /.devcontainer (#10885 )	2024-08-19 11:29:41 +00:00
.github	fix: Honour generateSuccessEvents config for generating success events (#9870 ) (#10741 )	2024-09-04 10:25:34 +00:00
.vscode	chore: add --reportsServiceAccountName in launch.json (#10943 )	2024-08-28 20:49:10 +00:00
api	feat: add resource description openapi validation (#10997 )	2024-09-04 09:02:57 +00:00
charts	feat: delete webhook configurations after kyverno is uninstalled (#10782 )	2024-09-04 10:59:59 +00:00
cmd	feat: delete webhook configurations after kyverno is uninstalled (#10782 )	2024-09-04 10:59:59 +00:00
config	feat: delete webhook configurations after kyverno is uninstalled (#10782 )	2024-09-04 10:59:59 +00:00
data	feat: update built-in resource schemas (#7014 )	2023-04-27 05:11:31 +00:00
docs	feat: enable custom data in policy reports using properties (#10933 )	2024-09-03 17:36:07 +00:00
ext	chore: bump k8s libs to 0.30 (#10285 )	2024-06-04 15:09:44 +08:00
hack	chore: more e2e matrix based jobs (#10984 )	2024-09-02 22:24:55 +00:00
img	upload logo (#1560 )	2021-02-08 13:09:37 -08:00
litmuschaos	[Chore] Bump to Go 1.20 (#6683 )	2023-04-03 11:40:47 +00:00
pkg	feat: delete webhook configurations after kyverno is uninstalled (#10782 )	2024-09-04 10:59:59 +00:00
scripts	chore: remove v1alpha1 of VAPs and use v1beta1 (#10955 )	2024-08-29 15:31:25 +00:00
test	fix: Honour generateSuccessEvents config for generating success events (#9870 ) (#10741 )	2024-09-04 10:25:34 +00:00
.chainsaw.yaml	chore: bump chainsaw (#10345 )	2024-05-30 09:01:23 +00:00
.codeclimate.yml	remove arm from goreleaser (#903 )	2020-06-04 11:45:37 -07:00
.directory	Implemented validation across same yaml	2019-06-20 18:21:55 +03:00
.gitignore	Unit tests for Pod Security Admission Integrations (#8585 )	2023-12-26 22:28:08 +08:00
.golangci.yml	feat: bump to k8s 1.31 (#10938 )	2024-08-28 17:09:58 +00:00
.goreleaser.yml	include time and hash in build info (#10474 )	2024-06-24 11:15:39 +00:00
.ko.yaml	feat: template background controller (#6157 )	2023-01-31 17:12:34 +01:00
.krew.yaml	Remove s390X (#4063 )	2022-06-03 08:11:12 +00:00
.nancy-ignore	extend timestamp (#10679 )	2024-07-19 16:59:28 +08:00
ADOPTERS.md	updating adopters list - adding InfraCloud (#10577 )	2024-07-03 05:28:18 +00:00
CHANGELOG.md	feat: remove reports chunking (#10597 )	2024-07-04 08:10:16 +00:00
CODE_OF_CONDUCT.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
CODEOWNERS	adding @YTGhost to codeowners (#10944 )	2024-08-28 14:50:28 +00:00
CONTRIBUTING.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
CONTRIBUTORS.md	adding myself in the contributors list (#10149 )	2024-05-11 11:33:01 +00:00
DEVELOPMENT.md	Updated the outdated example mentioned in Development.md file with latest one (#10706 )	2024-07-24 07:18:39 +00:00
go.mod	chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#11001 )	2024-09-04 08:13:10 +00:00
go.sum	chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#11001 )	2024-09-04 08:13:10 +00:00
GOVERNANCE.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
LICENSE	Create LICENSE	2019-06-05 23:00:32 -04:00
MAINTAINERS.md	move Chip Zoller to emeritus (#10882 )	2024-08-22 20:33:37 +00:00
Makefile	chore: add e2e matrix codegen and verification (#10986 )	2024-09-03 00:11:29 +00:00
OWNERS.md	chore: add myself in approvers (#4990 )	2022-10-15 23:55:00 +00:00
README.md	update governance (#10669 )	2024-07-17 07:09:46 +00:00
ROADMAP.md	Update ROADMAP.md (#10420 )	2024-06-10 11:12:31 +00:00
SECURITY-INSIGHTS.yml	[Feature] Security Improvements based on CLOMonitor Checks (#9395 )	2024-01-19 10:50:17 +00:00
SECURITY.md	change security to point to org repo (#10716 )	2024-07-25 07:40:38 +00:00
sonar-project.properties	Integrate Sonarcloud and Nancy github action (#3491 )	2022-09-14 07:25:14 +00:00

README.md

Cloud Native Policy Management 🎉

Kyverno is a policy engine designed for cloud native platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can also be used to verify OCI images, for software supply chain security. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

📙 Documentation

Kyverno installation and reference documents are available at [kyverno.io] (https://kyverno.io).

👉 Quick Start

👉 Installation

👉 Sample Policies

🙋‍♂️ Getting Help

We are here to help!

👉 For feature requests and bugs, file an issue.

👉 For discussions or questions, join the Kyverno Slack channel.

👉 For community meeting access, see mailing list.

👉 To get follow updates ⭐️ star this repository.

➕ Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

✔ Read and agree to the Contribution Guidelines.

✔ Browse through the GitHub discussions.

✔ Read Kyverno design and development details on the GitHub Wiki.

✔ Check out the good first issues list. Add a comment with /assign to request assignment of the issue.

✔ Check out the Kyverno Community page for other ways to get involved.

Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX JSON format. SBOMs for Kyverno images are stored in a separate repository at ghcr.io/kyverno/sbom. More information on this is available at Fetching the SBOM for Kyverno.

Contributors

Kyverno is built and maintained by our growing community of contributors!

Made with contributors-img.

License

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.

README.md Unescape Escape

Kyverno