Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Kyverno attestation verification #457

Closed
wants to merge 1 commit into from
Closed

Update Kyverno attestation verification #457

wants to merge 1 commit into from

Conversation

bradbeck
Copy link
Contributor

@bradbeck bradbeck commented Jun 21, 2023
edited
Loading

Updates the structure of the Kyverno ClusterPolicy attest-code-review and splits it into 2 policies because of a potential bug in Kyverno (kyverno/kyverno#7631).

Using the new ClusterPolicy structure requires updating the Kyverno CUE, but CUE is not happy with the newer k8s.io/api that comes along with the more recent Kyverno version. As a result, the CUE validation of Kyverno CRD's has been removed.

Fixes #430

@bradbeck bradbeck self-assigned this Jun 21, 2023
@pull-request-size pull-request-size bot added the size/XXL Extra Extra Large (1000+ lines of changes) label Jun 21, 2023
@bradbeck bradbeck force-pushed the update-attestation-verify branch 2 times, most recently from 12686cc to dd3bb63 Compare June 21, 2023 18:48
@bradbeck bradbeck marked this pull request as ready for review June 21, 2023 19:11
@bradbeck bradbeck requested a review from a team as a code owner June 21, 2023 19:11
@bradbeck bradbeck force-pushed the update-attestation-verify branch from 9c7adfa to 5d37af9 Compare July 18, 2023 15:21
@stale
Copy link

stale bot commented Aug 8, 2023

This pull request has been automatically marked as stale because it has not
had
recent activity.
It will be closed in 7 days if no further activity occurs.
Thank you for your contribution!

@stale stale bot added the wontfix This will not be worked on label Aug 8, 2023
@stale
Copy link

stale bot commented Aug 15, 2023

This pull request has been automatically closed because there has been no activity for 28 days.
Please feel free to reopen it (or open a new one) if the proposed change is still appropriate.
Thank you for your contribution!

@stale stale bot closed this Aug 15, 2023
@bradbeck bradbeck reopened this Aug 24, 2023
@stale stale bot removed the wontfix This will not be worked on label Aug 24, 2023
@bradbeck bradbeck force-pushed the update-attestation-verify branch 2 times, most recently from 9450eb3 to 68b892f Compare August 29, 2023 13:21
@bradbeck bradbeck force-pushed the update-attestation-verify branch from ba21aa4 to 5c143d8 Compare September 5, 2023 19:06
@bradbeck bradbeck force-pushed the update-attestation-verify branch from 0a32fcb to 899ac53 Compare September 13, 2023 17:29
@bradbeck bradbeck force-pushed the update-attestation-verify branch 2 times, most recently from 6e92e60 to 6a387d1 Compare September 27, 2023 13:26
@bradbeck bradbeck force-pushed the update-attestation-verify branch 4 times, most recently from a9d0a65 to 68c0a40 Compare October 24, 2023 17:11
@bradbeck
Update Kyverno attestation verification
8b9be68 
Signed-off-by: Brad Beck <bradley.beck@gmail.com>
@bradbeck bradbeck force-pushed the update-attestation-verify branch from 21d8f00 to 8b9be68 Compare November 1, 2023 13:10
@bradbeck bradbeck closed this Nov 16, 2023
@bradbeck bradbeck deleted the update-attestation-verify branch November 16, 2023 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bradbeck bradbeck

Labels
size/XXL Extra Extra Large (1000+ lines of changes)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Kyverno incorrectly blocks sample-pipeline canary deploy
1 participant
@bradbeck