Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api server lookups #1514

Merged
merged 9 commits into from Feb 1, 2021
Merged

api server lookups #1514

merged 9 commits into from Feb 1, 2021

Conversation

JimBugwadia
Copy link
Member

Related issue

Fixes #1105

What type of PR is this?

Proposed changes

Add apiCall to context. Here is an example:

apiVersion : kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: limits
spec:
  validationFailureAction: enforce
  rules:
  - name: limit-pods
    match:
      resources:
        kinds:
        - Pod
    context:
    - name: podCount
      apiCall:
        urlPath: "/api/v1/namespaces/{{ request.namespace }}/pods"
        jmesPath: "items.length(@)"
    validate:
      message: "A maximum of 1 pod is allowed per namespace"
      deny:
        conditions:
        - key: "{{ podCount }}"
          operator: Equals
          value: 1

Checklist

Further comments

@JimBugwadia JimBugwadia mentioned this pull request Feb 1, 2021
Closed
JimBugwadia and others added 4 commits January 31, 2021 19:18
@JimBugwadia
initial commit for api server lookups
85ed1ee 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@JimBugwadia
initial commit for API server lookups
ac9860b 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@imrajdas @JimBugwadia
Enhancing dockerfiles (multi-stage) of kyverno components and adding …
21d4a76 
…non-root user to the docker images (#1495)

* Dockerfile refactored

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Adding non-root commands to docker images and enhanced the dockerfiles

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing base image to scratch

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* Minor typo fix

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* changing dockerfiles to use /etc/passwd to use non-root user'

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>

* minor typo

Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@imrajdas @JimBugwadia
revert cli image name (#1507)
0d4b524 
Signed-off-by: Raj Babu Das <mail.rajdas@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@realshuting @JimBugwadia
Refactor resourceCache; Reduce throttling requests (background contro…
a30416c 
…ller) (#1500)

* skip sending API request for filtered resource

* fix PR comment

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fixes #1490

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix bug - namespace is not returned properly

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* reduce throttling - list resource using lister

* refactor resource cache

* fix test

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix label selector

Signed-off-by: Shuting Zhao <shutting06@gmail.com>

* fix build failure

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@JimBugwadia
fix merge
9b87790 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@JimBugwadia
fix merge issues
73c24df 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@JimBugwadia
fix unit test
1156008 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@JimBugwadia
add nil check for API client
38be244 
Signed-off-by: Jim Bugwadia <jim@nirmata.com>
@realshuting realshuting merged commit e8e3b93 into main Feb 1, 2021
@realshuting realshuting deleted the feature/api_server_lookups branch February 1, 2021 20:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

@NoSkillGirl NoSkillGirl Awaiting requested review from NoSkillGirl

@vyankyGH vyankyGH Awaiting requested review from vyankyGH

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Look up external data via API server
3 participants
@JimBugwadia @realshuting @imrajdas