Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: kyverno policies #1462

Merged
merged 129 commits into from
Jun 21, 2024
Merged

feat: kyverno policies #1462

merged 129 commits into from
Jun 21, 2024

Conversation

srodenhuis
Copy link
Contributor

This MVP includes:

  • adding Kyverno as a core app with 2 deployment profiles (DevTest and Prod)
  • offer 5 policy profiles with (to start with) 25 policies
  • policies are per team
  • teams can customize policies, deactivate them or change the default action (enforce, audit)
  • admins can block teams from changing policies

@srodenhuis srodenhuis marked this pull request as draft January 10, 2024 15:09
Matthias Erll and others added 21 commits May 7, 2024 17:43
fix: rule deny syntax
ffd2868
@merll
Merge branch 'main'
b2d7295
@merll
Merge branch 'sr-mvp-kyverno'
3bfc2a4
@merll
feat: added build policy exclusions
d67843f
@merll
feat: add security context to grype pod
455f795
@merll
Merge branch 'main'
3509ce2
@merll
fix: removed user as image does not support it
293df74
@merll
fix: removed flag
060f2e8
@merll
chore: removed whitespace
3e12f3d
@merll
feat: add more excemptions for git checkout
e0fb9dd
@merll
feat: added policy exemptions for grype
dfcbffb
@merll
feat: added exemptions for otel autoinstrumentation images
6b3a111
@merll
Merge branch 'me-kyverno'
96692af
@merll
Merge branch 'main'
53d68b5
@merll
feat: allow customization of required labels
c024742
@merll
fix: consider pod-level securitycontext
f04ad64
@merll
fix: handle absence of volumes and consider name key always valid
1786da4
@merll
feat: removed probe policies from default setup
36cb887
@merll
chore: consolidated folders
2042458
@merll
feat: removed policy from default
fbe71af
@Ani1357
feat: remove gatekeeper components via upgrade script
fe3b251
@j-zimnowoda j-zimnowoda dismissed CasLubbers’s stale review June 21, 2024 09:16

The version numbers have been changed.

@j-zimnowoda
Copy link
Contributor

Some things I found which can be removed I think:

  • The file bin/build-gatekeeper-artifacts.sh can also be removed right?
  • In the README.md line 133 OPA/Gatekeeper... can be removed right?
  • The policies directory can also be removed right? If so the project structure in docs/development.md should be adjusted corectly.
  • The checkPolicies command in the Otomi CLI can also be removed right? This requires changes in index.ts, binzx/README.md, check-policies.ts, tests.ts
  • The file docs/policies.md should be updated or removed right?
  • In the file src/cmd/destroy.ts on line 105 gatekeeper.sh can be removed right?
  • In the file src/cmd/test.ts on line 21 if (!values?.apps.gatekeeper!.disableValidatingWebhook) await checkPolicies() can be removed right?
  • In the file tests/integration/upgrade.yaml on line 18 gatekeeper can be removed right?

Good points! We are going to perform further refactoring after this PR I merged.

@j-zimnowoda j-zimnowoda merged commit 07636a5 into main Jun 21, 2024
8 checks passed
@j-zimnowoda j-zimnowoda deleted the sr-mvp-kyverno branch June 21, 2024 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merll merll merll left review comments

@j-zimnowoda j-zimnowoda j-zimnowoda approved these changes

@Ani1357 Ani1357 Awaiting requested review from Ani1357

@CasLubbers CasLubbers Awaiting requested review from CasLubbers

Assignees
No one assigned
Labels
v3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@srodenhuis @CasLubbers @merll @j-zimnowoda @ferruhcihan @Ani1357