Giter VIP home page Giter VIP logo

kyverno-json's Introduction

Kyverno Tweet

Cloud Native Policy Management ๐ŸŽ‰

Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices OpenSSF Scorecard SLSA 3 Artifact HUB codecov FOSSA Status

logo

Kyverno is a policy engine designed for Kubernetes platform engineering teams. It enables security, automation, compliance, and governance using policy-as-code. Kyverno can validate, mutate, generate, and cleanup configurations using Kubernetes admission controls, background scans, and source code respository scans. Kyverno policies can be managed as Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.

Open Source Security Index - Fastest Growing Open Source Security Projects

๐Ÿ“™ Documentation

Kyverno installation and reference documents are available at [kyverno.io] (https://kyverno.io).

๐Ÿ‘‰ Quick Start

๐Ÿ‘‰ Installation

๐Ÿ‘‰ Sample Policies

๐Ÿ™‹โ€โ™‚๏ธ Getting Help

We are here to help!

๐Ÿ‘‰ For feature requests and bugs, file an issue.

๐Ÿ‘‰ For discussions or questions, join the Kyverno Slack channel.

๐Ÿ‘‰ For community meeting access, join the mailing list.

๐Ÿ‘‰ To get updates โญ๏ธ star this repository.

โž• Contributing

Thanks for your interest in contributing to Kyverno! Here are some steps to help get you started:

โœ” Read and agree to the Contribution Guidelines.

โœ” Browse through the GitHub discussions.

โœ” Read Kyverno design and development details on the GitHub Wiki.

โœ” Check out the good first issues list. Add a comment with /assign to request assignment of the issue.

โœ” Check out the Kyverno Community page for other ways to get involved.

Software Bill of Materials

All Kyverno images include a Software Bill of Materials (SBOM) in CycloneDX JSON format. SBOMs for Kyverno images are stored in a separate repository at ghcr.io/kyverno/sbom. More information on this is available at Fetching the SBOM for Kyverno.

Contributors

Kyverno is built and maintained by our growing community of contributors!

Made with contributors-img.

License

Copyright 2024, the Kyverno project. All rights reserved. Kyverno is licensed under the Apache License 2.0.

Kyverno is a Cloud Native Computing Foundation (CNCF) Incubating project and was contributed by Nirmata.

kyverno-json's People

Contributors

anushkamittal2001 avatar dependabot[bot] avatar eddycharly avatar github-actions[bot] avatar jimbugwadia avatar realshuting avatar sanskarzz avatar swastik959 avatar vishal-chdhry avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

eddycharly alexrogalskiy realshuting fykaa nitishfy kurktchiev anusha94 chandan-dk yashcode00-nirmata swastik959 anushkamittal2001 sanskarzz sivasathyaseeelan

kyverno-json's Issues

[Feature] Allow expression as keynames

Problem Statement

The following policy won't work when we use a variable as key, it can be quite helpful to have this ability

apiVersion: json.kyverno.io/v1alpha1
kind: Policy
metadata:
  name: required-latest-platform-fargate
spec:
  rules:
    - name: required-latest-platform
      match:
        any:
        - type: aws_ecs_service
          values:
            launch_type: FARGATE
      context:
      - name: pv
        variable: platform_version
      validate:
        message: "ECS Fargate services should run on the latest Fargate platform version"
        assert:
          all:
          - (values.platform_version == 'LATEST'): true
          # - (values.($pv) == 'LATEST'): true # DOES NOT WORK
          # - values:
          #   ($pv): 'LATEST' # DOES NOT WORK

Solution Description

Extend at custom function to have support for objects.

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Add chart readme

Problem Statement

Chart has no readme details

Solution Description

Add chart readme details

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

Make foreach syntax non ambigous

Currently there's an ambiguity with ~test.test we can't decide is the first test is the foreach index binding or if the field name is test.test.

Remove the `resource` stanza in assertion trees

Before:

          - resource:
              ~(spec.containers[*].image):
                # an image tag is required
                (contains(@, ':')): true
                # using a mutable image tag e.g. 'latest' is not allowed
                (ends_with(@, $tag)): true

After:

          -  ~(spec.containers[*].image):
                # an image tag is required
                (contains(@, ':')): true
                # using a mutable image tag e.g. 'latest' is not allowed
                (ends_with(@, $tag)): true

Rename ValidationPolicy to ValidatingPolicy

Problem Statement

we have json.kyverno.io/v1alpha1/ValidationPolicy, and Kubernetes has ValidatingAdmissionPolicy.

Solution Description

rename json.kyverno.io/v1alpha1/ValidationPolicy to json.kyverno.io/v1alpha1/ValidatingPolicy for consistency with Kubernetes ValidatingAdmissionPolicy.

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] allow a nested `match` or `exclude` in a `check`

Problem Statement

Need a way to allow users to match or exclude processing at a check level.

Solution Description

Provide an optional match or exclude under a check or some other way to control which checks are applied.

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Simplify if-else

Problem Statement

Kyverno json supports if-else logic using boolean algebra right now and is completely able to express it. But it can be tricky to implement if-else in boolean expression in some cases. It would be great if there was direct support for it.

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Release docker image

Problem Statement

Release docker image

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Change the escape operator to backslash

Problem Statement

Currently, / is used to escape a projection for tags that start with reserved characters:

kyverno-json/README.md

Line 333 in d5fc873

To workaround this issue, you can escape a projection by surrounding it with `/` characters like this:

Solution Description

Change the escape operator to backslash \

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Add duration datatype

Problem Statement

JMESPath does not have direct support for duration data type but it is extensively used by Kubernetes, having support for duration can be really useful while validating kubernetes resources

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

Update README

Problem Statement

Most of the README is in the docs.

Solution Description

Update README to summarize key features and point to the docs.

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

Add more Playground samples

Problem Statement

No response

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Bug] playground give an error

Kyverno JSON Version

1.0.0

Description

Playground does not work....gives error:

SyntaxError: Unexpected token '<', "<!doctype "... is not valid JSON.

image

Steps to reproduce

  1. Launch the playground
  2. Select the example policy
  3. Click Run.

Expected behavior

No response

Screenshots

No response

Logs

No response

Slack discussion

No response

Troubleshooting

  • I have searched other issues in this repository and mine is not recorded.

[Feature] allow name customization

Problem Statement

We need a way to allow users to optionally identify a resource name, as this can be anywhere in the payload.

Solution Description

Allow users to add / override a name variable to the rule context?

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

Add Golang API docs

Problem Statement

No response

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Custom math functions

Problem Statement

Kyverno JSON does not support add(), subtract(), multiply(), modulo(), divide() like Kyverno does, this would be helpful in doing basic algebra using kyverno json

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Allow optional message in a condition

Problem Statement

Allow optional message in a condition

Solution Description

See discussion at: #72

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Feature] Release chart

Problem Statement

Release chart

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

[Bug] make codegen-mkdocs fails (requires pip)

Kyverno JSON Version

None

Description

make codegen-mkdocs
Generate md api docs...
I1022 16:52:06.326363   52418 main.go:142] Parsing go packages in github.com/kyverno/kyverno-json/pkg/apis/v1alpha1
E1022 16:52:08.006155   52418 types.go:298] External link source for '.interface{}' is not found.
I1022 16:52:08.006860   52418 main.go:325] Output written to ../md/kyverno-json.v1alpha1.md
Go fmt...
Go vet...

Build cli binary...
Generate cli docs...
Generate jp docs...
Generate policy catalog...
Generate mkdocs website...
make: pip: No such file or directory
make: *** [codegen-mkdocs] Error 1

Steps to reproduce

  1. Run make codegen-mkdocs

Expected behavior

pip and other required tools are automatically installed

Screenshots

No response

Logs

No response

Slack discussion

No response

Troubleshooting

  • I have searched other issues in this repository and mine is not recorded.

[Feature] add a install YAML and Helm chart for the web app

Problem Statement

Need a way to allow users to install the web app as a Helm chart or an install YAML

Solution Description

No response

Alternatives

No response

Additional Context

No response

Slack discussion

No response

Research

  • I have searched other issues in this repository and mine is not recorded.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.