- Feb 08, 2022
-
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
- Feb 07, 2022
-
-
ShutingZhao authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
ShutingZhao authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Sambhav Kothari authored
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Sambhav Kothari authored
* Add a kyverno jp command to test jmespath expressions Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Auto-generate custom function docs Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
- Feb 04, 2022
-
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Vyankatesh Kudtarkar authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
ShutingZhao authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
treydock authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Vyankatesh Kudtarkar authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Kevin Welter authored
* add nodeAffinity for kyverno helm chart Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * quite better and more open solution for affinity in helm chart. it assist all kinds of other affinitys Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * fix typo in parameter Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * make affinity selection easier - return to antiAffinity for less change Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * return to antiAffinity to make change easier Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * add documentation for new values and helm functions Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * simplified again the use of new affinities. Dont need to extra enable if you insert affinities Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * fix "if" of the affinity block Co-authored-by: treydock <treydock@gmail.com> Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * Now finaly renamed values to avoid braking change; adjust readme for the parameter names Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> * alphabetic order readme Signed-off-by: Kevin Welter <kevin.welter@humanity-it.com> Co-authored-by: Kevin Welter <kevin.welter@digital-nx.com> Co-authored-by: treydock <treydock@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
- Feb 03, 2022
-
-
Prateek Pandey authored
Removes the need to specify an image pull secret to make use of cloud provider credentials. As I understand it, this should be fine outside of cloud provider contexts. As part of this, I've switched to using authn/kubernetes, which I believe is preferable to k8schain. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
-
- Feb 02, 2022
-
-
Prateek Pandey authored
As part of tighten and clarify Kyverno roles and permissions, PR #2799 we missed to update the charts templates events clusterroles. Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
-
- Feb 01, 2022
-
-
Prateek Pandey authored
added missing start index value for the patches slice Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com>
-
Abhinav Sinha authored
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
-
- Jan 31, 2022
-
-
Sambhav Kothari authored
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
Abhinav Sinha authored
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
Sambhav Kothari authored
* Fix variable substitution when inline jmespath objects are defined Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Add additional test cases which use brackets Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
Sambhav Kothari authored
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
- Jan 29, 2022
-
-
shuting authored
* Add KYVERNO_DEPLOYMENT to initContainer (#3086) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Updates Changelog to add note for anyPattern issue due to k8s v1.23 (#3045) * adds notes for anyPattern issue due to k8s v1.23 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates changelog Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates changelog for any/all Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Update CHANGELOG.md Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix mutating ownerReferenecs (#3061) Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix CLI test/apply when any/all use namespaceSelector (#3050) * Fix CLI test/apply when any/all use namespaceSelector Fixes #3047 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * gofmt fix Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * apply patches cumulatively (#3083) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Support registry keychain from cloud providers (#3036) * Enable cloud provider registry keychains It's desirable that Kyverno supports using workload identity and other cloud provider metadata services for registry credentials. Signed-off-by: Rob Best <robertbest89@gmail.com> * Always initialize registry keychain This supports using docker configuration on disk and credentials from cloud providers without having to specify image pull secrets. Signed-off-by: Rob Best <robertbest89@gmail.com> * Get pull secrets from kyverno service account It was previously using 'default'. I think it makes more sense to use the service account that Kyverno actually runs with. Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't split empty pull secrets list Signed-off-by: Rob Best <robertbest89@gmail.com> * Add KYVERNO_SVC_ACCOUNT to config manifests Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't retrieve secrets from service account Signed-off-by: Rob Best <robertbest89@gmail.com> * Reduce scope of keychain changes Just enable cloud provider keychains. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> * Fix memory leak when updating ggcr keychain (#3088) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * update cosign to 1.5.0 and fix issuer and subject for keyless (#3089) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixing and adding tests (#3112) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> * tag v1.6.0-rc2 Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Naman Lakhwani <namanlakhwani@gmail.com>
-
shuting authored
* Add KYVERNO_DEPLOYMENT to initContainer (#3086) Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Updates Changelog to add note for anyPattern issue due to k8s v1.23 (#3045) * adds notes for anyPattern issue due to k8s v1.23 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates changelog Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates changelog for any/all Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Update CHANGELOG.md Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix mutating ownerReferenecs (#3061) Signed-off-by: ShutingZhao <shuting@nirmata.com> * Fix CLI test/apply when any/all use namespaceSelector (#3050) * Fix CLI test/apply when any/all use namespaceSelector Fixes #3047 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> * gofmt fix Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * apply patches cumulatively (#3083) * apply patches cumulatively Signed-off-by: Jim Bugwadia <jim@nirmata.com> * handle skipped rules Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add test files Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: ShutingZhao <shuting@nirmata.com> * Support registry keychain from cloud providers (#3036) * Enable cloud provider registry keychains It's desirable that Kyverno supports using workload identity and other cloud provider metadata services for registry credentials. Signed-off-by: Rob Best <robertbest89@gmail.com> * Always initialize registry keychain This supports using docker configuration on disk and credentials from cloud providers without having to specify image pull secrets. Signed-off-by: Rob Best <robertbest89@gmail.com> * Get pull secrets from kyverno service account It was previously using 'default'. I think it makes more sense to use the service account that Kyverno actually runs with. Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't split empty pull secrets list Signed-off-by: Rob Best <robertbest89@gmail.com> * Add KYVERNO_SVC_ACCOUNT to config manifests Signed-off-by: Rob Best <robertbest89@gmail.com> * Don't retrieve secrets from service account Signed-off-by: Rob Best <robertbest89@gmail.com> * Reduce scope of keychain changes Just enable cloud provider keychains. Signed-off-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> * Fix memory leak when updating ggcr keychain (#3088) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * update cosign to 1.5.0 and fix issuer and subject for keyless (#3089) * update cosign to 1.5.0 and add checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix subject and issuer checks Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fix tests Signed-off-by: Jim Bugwadia <jim@nirmata.com> * fixing and adding tests (#3112) Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com> Co-authored-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> Co-authored-by: Mritunjay Kumar Sharma <mritunjaysharma394@gmail.com> Co-authored-by: Jordan Liggitt <jordan@liggitt.net> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Rob Best <robertbest89@gmail.com> Co-authored-by: Sambhav Kothari <sambhavs.email@gmail.com> Co-authored-by: Naman Lakhwani <namanlakhwani@gmail.com>
-
- Jan 27, 2022
-
-
Sambhav Kothari authored
Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
Sambhav Kothari authored
* Fix memory leak when updating ggcr keychain (#3088) Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com> * Fix the kyverno default keychain value to be the ggcr default keychain Signed-off-by: Sambhav Kothari <sambhavs.email@gmail.com>
-
- Jan 25, 2022
-
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
-
shuting authored
- add SBOM CONTAINER Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
shuting authored
- revert workflow helm-release.yaml - add back make target "docker-publish-sigs" Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
shuting authored
* Fix documentation for helm charts (#3056) Signed-off-by: 4molybdenum2 <tathagatapaul7@gmail.com> * update workflow configurations to fix CI failure (#3060) Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix mutating ownerReferenecs (#3061) Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert workflow config release.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> * temporarily push images from build.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> * revert GH workflow image.yaml Signed-off-by: ShutingZhao <shuting@nirmata.com> Co-authored-by: Tathagata Paul <tathagatapaul7@gmail.com>
-
- Jan 24, 2022
-
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
shuting authored
Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
- Jan 23, 2022
-
-
Jim Bugwadia authored
* fix mutate preprocessing for anchors Signed-off-by: Jim Bugwadia <jim@nirmata.com> * make fmt Signed-off-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
-
Abhinav Sinha authored
Signed-off-by: Abhinav Sinha <abhinav@nirmata.com>
-
- Jan 22, 2022
-
-
Mritunjay Kumar Sharma authored
* bumps k8s libraries for k8s v1.23 upgrade for kyverno Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * fixes kustomize version Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates golang to v1.17 to test fails Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * updates logr package to 1.2.2 Signed-off-by: Mritunjay Sharma <mritunjaysharma394@gmail.com> * Fixed tests for `pkg/cosign` and `pkg/webhooks/generation` Signed-off-by: Abhinav Sinha <abhinav@nirmata.com> * fix go-logr deps version issue Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> * fix kube-openapi commit hash Signed-off-by: prateekpandey14 <prateekpandey14@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: Abhinav Sinha <abhinav@nirmata.com> Co-authored-by: prateekpandey14 <prateekpandey14@gmail.com>
-
shuting authored
* fix dynamic webhook for namespace policies Signed-off-by: ShutingZhao <shuting@nirmata.com> * improve policy listing to reduce duplicate processing Signed-off-by: ShutingZhao <shuting@nirmata.com> * update logger Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
shuting authored
* remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com> * use typed client for report/rcr operations Signed-off-by: ShutingZhao <shuting@nirmata.com> * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3029) * clarify naming patterns for Kyverno ClusterRoles/ClusterRoleBindings (#3032) * fix comment * fix comment Co-authored-by: Vyankatesh Kudtarkar <vyankateshkd@gmail.com>
-
- Jan 21, 2022
-
-
Kumar Mallikarjuna authored
* Implement ValidationFailureActionOverride Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Update getEnforceFailureErrorMsg() Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Allow validate policies to be checked Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Fix linting issues Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added tests for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added schema validation Signed-off-by: Kumar Mallikarjuna <kumarmallikarjuna1@gmail.com> * Added description for ValidationFailureActionOverrides Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Policy validation Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Update CRDs Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Replace literals with constants Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Updated Policy Cache Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> * Refactor Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
-
Kumar Mallikarjuna authored
Signed-off-by: Kumar Mallikarjuna <kumar@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com>
-
shuting authored
* remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com>
-
Vyankatesh Kudtarkar authored
* fix comment * fix comment
-
- Jan 20, 2022
-
-
Vyankatesh Kudtarkar authored
-