diff --git a/.github/ISSUE_TEMPLATE/3-kubewarden-release.yml b/.github/ISSUE_TEMPLATE/3-kubewarden-release.yml index 7e3b18374..785cc7873 100644 --- a/.github/ISSUE_TEMPLATE/3-kubewarden-release.yml +++ b/.github/ISSUE_TEMPLATE/3-kubewarden-release.yml @@ -19,15 +19,15 @@ body: follow the checklist below to ensure a smooth release process. - [ ] Notify consumers if any. - - [ ] Check that `:latest` images and `kwctl` builds from [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) for `main` are fine. - - [ ] Trigger an [`open-release-pr`](https://github.com/kubewarden/kubewarden-controller/actions/workflows/open-release-pr.yml) + - [ ] Check that `:latest` images and `kwctl` builds from [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) for `main` are fine. + - [ ] Trigger an [`open-release-pr`](https://github.com/kubewarden/adm-controller/actions/workflows/open-release-pr.yml) job run with the desired Adm Controller stack version. - This opens an automated release PR in [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) repo. + This opens an automated release PR in [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) repo. - [ ] Review & merge the automated PR. - - [ ] Tag desired version in [kubewarden/kubewarden-controller](github.com/kubewarden/kubewarden-controller) repo. + - [ ] Tag desired version in [kubewarden/adm-controller](https://github.com/kubewarden/adm-controller) repo. - [ ] Wait for images to be built, so e2e tests can work. - [ ] Trigger an [update-adm-controller](https://github.com/kubewarden/helm-charts/actions/workflows/update-adm-controller.yaml) - job run. This opens an automated PR that syncs adm controller charts in [kubewarden/helm-charts](github.com/kubewarden/helm-charts) repo. + job run. This opens an automated PR that syncs adm controller charts in [kubewarden/helm-charts](https://github.com/kubewarden/helm-charts) repo. - [ ] Merge automated PR on kubewarden/helm-chart repo. - [ ] chart-releaser releases the charts on Helm chart repo. - [ ] Write and release the blog post about the release. diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index 48dc25fba..c9c79b350 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -15,7 +15,7 @@ jobs: build: strategy: matrix: - component: [policy-server, kubewarden-controller, audit-scanner] + component: [policy-server, controller, audit-scanner] arch: [amd64, arm64] include: - arch: amd64 @@ -49,7 +49,7 @@ jobs: id-token: write # Signing images with cosign strategy: matrix: - component: [policy-server, kubewarden-controller, audit-scanner] + component: [policy-server, controller, audit-scanner] steps: - name: Retrieve tag name (main) if: ${{ startsWith(github.ref, 'refs/heads/main') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c07854a1a..284baa8f9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -63,7 +63,7 @@ jobs: name: Build container images strategy: matrix: - component: [policy-server, kubewarden-controller, audit-scanner] + component: [policy-server, controller, audit-scanner] arch: [amd64, arm64] include: - arch: amd64 @@ -98,7 +98,7 @@ jobs: id-token: write # Signing images with cosign strategy: matrix: - component: [policy-server, kubewarden-controller, audit-scanner] + component: [policy-server, controller, audit-scanner] steps: - name: Merge multi-arch images uses: kubewarden/github-actions/merge-multiarch@e57db07ca384bf09ec40c4c49ff25d600c0d23d9 # v5.1.1 @@ -127,7 +127,7 @@ jobs: id-token: write strategy: matrix: - component: [kubewarden-controller, audit-scanner, policy-server] + component: [controller, audit-scanner, policy-server] arch: [amd64, arm64] steps: - name: Generate and sign attestations @@ -210,14 +210,14 @@ jobs: let path = require('path'); let files = [ - 'kubewarden-controller-attestation-amd64-provenance.intoto.jsonl', - 'kubewarden-controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore', - 'kubewarden-controller-attestation-arm64-provenance.intoto.jsonl', - 'kubewarden-controller-attestation-arm64-provenance.intoto.jsonl.bundle.sigstore', - 'kubewarden-controller-attestation-amd64-sbom.json', - 'kubewarden-controller-attestation-amd64-sbom.json.bundle.sigstore', - 'kubewarden-controller-attestation-arm64-sbom.json', - 'kubewarden-controller-attestation-arm64-sbom.json.bundle.sigstore', + 'controller-attestation-amd64-provenance.intoto.jsonl', + 'controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore', + 'controller-attestation-arm64-provenance.intoto.jsonl', + 'controller-attestation-arm64-provenance.intoto.jsonl.bundle.sigstore', + 'controller-attestation-amd64-sbom.json', + 'controller-attestation-amd64-sbom.json.bundle.sigstore', + 'controller-attestation-arm64-sbom.json', + 'controller-attestation-arm64-sbom.json.bundle.sigstore', 'audit-scanner-attestation-amd64-provenance.intoto.jsonl', 'audit-scanner-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore', 'audit-scanner-attestation-arm64-provenance.intoto.jsonl', diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index fd36aec7a..fdaffa395 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -335,7 +335,7 @@ specifically. 1. Check that `:latest` builds of kubewarden-controller for main are fine, including kwctl 1. Open an automated release PR with - https://github.com/kubewarden/kubewarden-controller/actions/workflows/open-release-pr.yml + https://github.com/kubewarden/adm-controller/actions/workflows/open-release-pr.yml Set the desired kubewarden version. 1. Review & merge automated PR 1. Tag version in kubewarden-controller repo diff --git a/Dockerfile.kubewarden-controller b/Dockerfile.controller similarity index 100% rename from Dockerfile.kubewarden-controller rename to Dockerfile.controller diff --git a/Makefile b/Makefile index 46148fc46..e728a025e 100644 --- a/Makefile +++ b/Makefile @@ -13,7 +13,7 @@ GO_BUILD_ENV := CGO_ENABLED=0 GOOS=linux GOARCH=amd64 ENVTEST_DIR ?= $(shell pwd)/.envtest REGISTRY ?= ghcr.io -REPO ?= kubewarden +REPO ?= kubewarden/adm-controller TAG ?= dev # Detect architecture for Rust builds @@ -102,9 +102,9 @@ controller: $(CONTROLLER_SRCS) vet .PHONY: controller-image controller-image: - docker build -f ./Dockerfile.kubewarden-controller \ - -t "$(REGISTRY)/$(REPO)/kubewarden-controller:$(TAG)" . - @echo "Built $(REGISTRY)/$(REPO)/kubewarden-controller:$(TAG)" + docker build -f ./Dockerfile.controller \ + -t "$(REGISTRY)/$(REPO)/controller:$(TAG)" . + @echo "Built $(REGISTRY)/$(REPO)/controller:$(TAG)" AUDIT_SCANNER_SRC_DIRS := cmd/audit-scanner api internal/audit-scanner AUDIT_SCANNER_GO_SRCS := $(shell find $(AUDIT_SCANNER_SRC_DIRS) -type f -name '*.go') diff --git a/README.md b/README.md index 51fc383e3..b9c349d79 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![Artifact HUB](https://img.shields.io/badge/ArtifactHub-Helm_Charts-blue?style=flat&logo=artifacthub&link=https%3A%2F%2Fartifacthub.io%2Fpackages%2Fsearch%3Frepo%3Dkubewarden%26kind%3D0%26verified_publisher%3Dtrue%26official%3Dtrue%26cncf%3Dtrue%26sort%3Drelevance%26page%3D1)](https://artifacthub.io/packages/search?repo=kubewarden&kind=0&verified_publisher=true&official=true&cncf=true&sort=relevance&page=1) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6502/badge)](https://www.bestpractices.dev/projects/6502) [![FOSSA license scan](https://app.fossa.com/api/projects/custom%2B25850%2Fgithub.com%2Fkubewarden%2Fkubewarden-controller.svg?type=shield)](https://app.fossa.com/projects/custom%252B25850%252Fgithub.com%252Fkubewarden%252Fkubewarden-controller?ref=badge_shield) -[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/kubewarden-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/kubewarden-controller) +[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/adm-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/adm-controller) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/kubewarden/badge)](https://clomonitor.io/projects/cncf/kubewarden) Kubewarden is a Kubernetes Dynamic Admission Controller that uses policies written @@ -16,7 +16,7 @@ For more information refer to the [official Kubewarden website](https://kubeward This repository is a monorepo containing the source code for all the different components of the Kubewarden Admission Controller: -- **kubewarden-controller**: A Kubernetes controller that allows you to dynamically register Kubewarden admission policies and reconcile them with the Kubernetes webhooks of the cluster where it's deployed +- **adm-controller**: A Kubernetes controller that allows you to dynamically register Kubewarden admission policies and reconcile them with the Kubernetes webhooks of the cluster where it's deployed - **policy-server**: The runtime component that evaluates admission policies written in WebAssembly - **audit-scanner**: A component that scans existing resources in the cluster against registered policies - **kwctl**: A CLI tool for testing and managing Kubewarden policies @@ -35,7 +35,7 @@ The [`docs/`](./docs) folder contains README files for each component: ## Installation -The kubewarden-controller can be deployed using a Helm chart. For instructions, +The adm-controller can be deployed using a Helm chart. For instructions, see https://charts.kubewarden.io. Please refer to our [quickstart](https://docs.kubewarden.io/quick-start) for more details. @@ -53,7 +53,7 @@ as well as upload in the release page. You can find them together with the signature and certificate used to sign it in the [release -assets](https://github.com/kubewarden/kubewarden-controller/releases), and +assets](https://github.com/kubewarden/adm-controller/releases), and attached to the image as JSON-encoded documents following the [in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md) format. You can obtain them with @@ -65,17 +65,17 @@ You can verify the container image with: ```shell cosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - --bundle kubewarden-controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \ - kubewarden-controller-attestation-amd64-provenance.intoto.jsonl + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + --bundle controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \ + controller-attestation-amd64-provenance.intoto.jsonl ``` To verify the attestation manifest and its layer signatures: ```shell cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e ``` > [!NOTE] @@ -89,7 +89,7 @@ like `crane`. For example, the following command will show you all the attestation manifests of the `latest` tag: ```shell -crane manifest ghcr.io/kubewarden/kubewarden-controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")' +crane manifest ghcr.io/kubewarden/adm-controller/controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")' { "mediaType": "application/vnd.oci.image.manifest.v1+json", "digest": "sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8", @@ -123,10 +123,10 @@ layers signatures. ```shell cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 -crane manifest ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 +crane manifest ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 { "schemaVersion": 2, "mediaType": "application/vnd.oci.image.manifest.v1+json", @@ -180,8 +180,8 @@ crane manifest ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeff } cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d ``` Note that each attestation manifest (for each architecture) has its own layers. @@ -190,7 +190,7 @@ Buildx during the multi stage build process. You can also use `crane` to download the attestation file: ```shell -crane blob ghcr.io/kubewarden/kubewarden-controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca +crane blob ghcr.io/kubewarden/adm-controller/controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca ``` ## Security disclosure @@ -199,4 +199,4 @@ See [SECURITY.md](https://github.com/kubewarden/community/blob/main/SECURITY.md) # Changelog -See [GitHub Releases content](https://github.com/kubewarden/kubewarden-controller/releases). +See [GitHub Releases content](https://github.com/kubewarden/adm-controller/releases). diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index aebae1f6d..fcc55e7a1 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -3,9 +3,9 @@ header: last-updated: "2024-08-12" last-reviewed: "2023-08-12" expiration-date: "2025-10-01T01:00:00.000Z" - project-url: https://github.com/kubewarden/kubewarden-controller/ - changelog: https://github.com/kubewarden/kubewarden-controller/releases/latest - license: https://github.com/kubewarden/kubewarden-controller/blob/main/LICENSE + project-url: https://github.com/kubewarden/adm-controller/ + changelog: https://github.com/kubewarden/adm-controller/releases/latest + license: https://github.com/kubewarden/adm-controller/blob/main/LICENSE project-lifecycle: bug-fixes-only: false core-maintainers: @@ -15,12 +15,12 @@ project-lifecycle: contribution-policy: accepts-pull-requests: true accepts-automated-pull-requests: true - contributing-policy: https://github.com/kubewarden/kubewarden-controller/blob/main/CONTRIBUTING.md + contributing-policy: https://github.com/kubewarden/adm-controller/blob/main/CONTRIBUTING.md code-of-conduct: https://github.com/kubewarden/community/blob/main/CODE_OF_CONDUCT.md documentation: - https://docs.kubewarden.io distribution-points: - - https://github.com/kubewarden/kubewarden-controller/ + - https://github.com/kubewarden/adm-controller/ - https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller - https://github.com/orgs/kubewarden/packages?repo_name=helm-charts security-artifacts: @@ -50,9 +50,9 @@ vulnerability-reporting: dependencies: third-party-packages: true dependencies-lists: - - https://github.com/kubewarden/kubewarden-controller/blob/main/go.sum + - https://github.com/kubewarden/adm-controller/blob/main/go.sum sbom: - - sbom-file: https://github.com/kubewarden/kubewarden-controller/releases/latest/download/kubewarden-controller-sbom-adm64.spdx + - sbom-file: https://github.com/kubewarden/adm-controller/releases/latest/download/controller-sbom-adm64.spdx sbom-format: SPDX sbom-url: https://github.com/anchore/sbom-action dependencies-lifecycle: diff --git a/api/policies/v1/admissionpolicy_webhook.go b/api/policies/v1/admissionpolicy_webhook.go index 492dada5e..59b9eb76b 100644 --- a/api/policies/v1/admissionpolicy_webhook.go +++ b/api/policies/v1/admissionpolicy_webhook.go @@ -23,7 +23,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "github.com/go-logr/logr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) // SetupWebhookWithManager registers the AdmissionPolicy webhook with the controller manager. diff --git a/api/policies/v1/admissionpolicy_webhook_test.go b/api/policies/v1/admissionpolicy_webhook_test.go index 2001cf8d5..88a4dd12a 100644 --- a/api/policies/v1/admissionpolicy_webhook_test.go +++ b/api/policies/v1/admissionpolicy_webhook_test.go @@ -22,7 +22,7 @@ import ( admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestAdmissionPolicyDefault(t *testing.T) { diff --git a/api/policies/v1/admissionpolicygroup_webhook.go b/api/policies/v1/admissionpolicygroup_webhook.go index c507242ea..b338a4be8 100644 --- a/api/policies/v1/admissionpolicygroup_webhook.go +++ b/api/policies/v1/admissionpolicygroup_webhook.go @@ -23,7 +23,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "github.com/go-logr/logr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) // SetupWebhookWithManager registers the AdmissionPolicyGroup webhook with the controller manager. diff --git a/api/policies/v1/admissionpolicygroup_webhook_test.go b/api/policies/v1/admissionpolicygroup_webhook_test.go index 33680602b..3d5a82c65 100644 --- a/api/policies/v1/admissionpolicygroup_webhook_test.go +++ b/api/policies/v1/admissionpolicygroup_webhook_test.go @@ -23,7 +23,7 @@ import ( admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestAdmissionPolicyGroupDefault(t *testing.T) { diff --git a/api/policies/v1/clusteradmissionpolicy_webhook.go b/api/policies/v1/clusteradmissionpolicy_webhook.go index f57b44b6f..066bfef90 100644 --- a/api/policies/v1/clusteradmissionpolicy_webhook.go +++ b/api/policies/v1/clusteradmissionpolicy_webhook.go @@ -24,7 +24,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "github.com/go-logr/logr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) // SetupWebhookWithManager registers the ClusterAdmissionPolicy webhook with the controller manager. diff --git a/api/policies/v1/clusteradmissionpolicy_webhook_test.go b/api/policies/v1/clusteradmissionpolicy_webhook_test.go index 2c572b11f..c7b2c0035 100644 --- a/api/policies/v1/clusteradmissionpolicy_webhook_test.go +++ b/api/policies/v1/clusteradmissionpolicy_webhook_test.go @@ -23,7 +23,7 @@ import ( admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestClusterAdmissionPolicyDefault(t *testing.T) { diff --git a/api/policies/v1/clusteradmissionpolicygroup_webhook.go b/api/policies/v1/clusteradmissionpolicygroup_webhook.go index 4d922bca5..3c502123c 100644 --- a/api/policies/v1/clusteradmissionpolicygroup_webhook.go +++ b/api/policies/v1/clusteradmissionpolicygroup_webhook.go @@ -24,7 +24,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "github.com/go-logr/logr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) func (r *ClusterAdmissionPolicyGroup) SetupWebhookWithManager(mgr ctrl.Manager) error { diff --git a/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go b/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go index 7142694f8..039c291be 100644 --- a/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go +++ b/api/policies/v1/clusteradmissionpolicygroup_webhook_test.go @@ -22,7 +22,7 @@ import ( "github.com/stretchr/testify/require" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestClusterAdmissionPolicyGroupDefault(t *testing.T) { diff --git a/api/policies/v1/factories.go b/api/policies/v1/factories.go index 1aff49213..db0fe1ef6 100644 --- a/api/policies/v1/factories.go +++ b/api/policies/v1/factories.go @@ -10,12 +10,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) const ( integrationTestsFinalizer = "kubewarden.io/integration-tests-safety-net-finalizer" - defaultKubewardenRepository = "ghcr.io/kubewarden/policy-server" + defaultKubewardenRepository = "ghcr.io/kubewarden/adm-controller/policy-server" maxNameSuffixLength = 8 defaultPolicyGroupRejectionMessage = "policy group default rejection message" ) diff --git a/api/policies/v1/policyserver_types.go b/api/policies/v1/policyserver_types.go index 9f51172e8..3b9e43a48 100644 --- a/api/policies/v1/policyserver_types.go +++ b/api/policies/v1/policyserver_types.go @@ -17,7 +17,7 @@ limitations under the License. package v1 import ( - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" diff --git a/api/policies/v1/policyserver_webhook.go b/api/policies/v1/policyserver_webhook.go index 0b7cb63e2..463019a0e 100644 --- a/api/policies/v1/policyserver_webhook.go +++ b/api/policies/v1/policyserver_webhook.go @@ -35,7 +35,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "github.com/go-logr/logr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) // capabilityNode is a node in the host-capability path tree. diff --git a/api/policies/v1/policyserver_webhook_test.go b/api/policies/v1/policyserver_webhook_test.go index 26374c1ad..74d633357 100644 --- a/api/policies/v1/policyserver_webhook_test.go +++ b/api/policies/v1/policyserver_webhook_test.go @@ -28,7 +28,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" ) const fakeSigstoreTrustConfig = `{"trusted_root": {"version": "test"}}` diff --git a/charts/hauler_manifest.yaml b/charts/hauler_manifest.yaml index 4ab5a3a8e..a773d7524 100644 --- a/charts/hauler_manifest.yaml +++ b/charts/hauler_manifest.yaml @@ -12,12 +12,12 @@ metadata: hauler.dev/certificate-oidc-issuer: https://token.actions.githubusercontent.com spec: images: - - name: ghcr.io/kubewarden/audit-scanner:v1.35.0 - certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.35.0 - - name: ghcr.io/kubewarden/kubewarden-controller:v1.35.0 - certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.35.0 - - name: ghcr.io/kubewarden/policy-server:v1.35.0 - certificate-identity-regexp: https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags/v1.35.0 + - name: ghcr.io/kubewarden/adm-controller/audit-scanner:v1.35.0 + certificate-identity-regexp: https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags/v1.35.0 + - name: ghcr.io/kubewarden/adm-controller/controller:v1.35.0 + certificate-identity-regexp: https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags/v1.35.0 + - name: ghcr.io/kubewarden/adm-controller/policy-server:v1.35.0 + certificate-identity-regexp: https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags/v1.35.0 --- # The policies are in a separated definition just to allow a better keyless validation # without the need to duplicate configuration diff --git a/charts/kubewarden-controller/README.md b/charts/kubewarden-controller/README.md index 51fc383e3..0e2f77e22 100644 --- a/charts/kubewarden-controller/README.md +++ b/charts/kubewarden-controller/README.md @@ -3,7 +3,7 @@ [![Artifact HUB](https://img.shields.io/badge/ArtifactHub-Helm_Charts-blue?style=flat&logo=artifacthub&link=https%3A%2F%2Fartifacthub.io%2Fpackages%2Fsearch%3Frepo%3Dkubewarden%26kind%3D0%26verified_publisher%3Dtrue%26official%3Dtrue%26cncf%3Dtrue%26sort%3Drelevance%26page%3D1)](https://artifacthub.io/packages/search?repo=kubewarden&kind=0&verified_publisher=true&official=true&cncf=true&sort=relevance&page=1) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6502/badge)](https://www.bestpractices.dev/projects/6502) [![FOSSA license scan](https://app.fossa.com/api/projects/custom%2B25850%2Fgithub.com%2Fkubewarden%2Fkubewarden-controller.svg?type=shield)](https://app.fossa.com/projects/custom%252B25850%252Fgithub.com%252Fkubewarden%252Fkubewarden-controller?ref=badge_shield) -[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/kubewarden-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/kubewarden-controller) +[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/kubewarden/adm-controller/badge)](https://scorecard.dev/viewer/?uri=github.com/kubewarden/adm-controller) [![CLOMonitor](https://img.shields.io/endpoint?url=https://clomonitor.io/api/projects/cncf/kubewarden/badge)](https://clomonitor.io/projects/cncf/kubewarden) Kubewarden is a Kubernetes Dynamic Admission Controller that uses policies written @@ -53,7 +53,7 @@ as well as upload in the release page. You can find them together with the signature and certificate used to sign it in the [release -assets](https://github.com/kubewarden/kubewarden-controller/releases), and +assets](https://github.com/kubewarden/adm-controller/releases), and attached to the image as JSON-encoded documents following the [in-toto SPDX predicate](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md) format. You can obtain them with @@ -65,17 +65,17 @@ You can verify the container image with: ```shell cosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - --bundle kubewarden-controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \ - kubewarden-controller-attestation-amd64-provenance.intoto.jsonl + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + --bundle controller-attestation-amd64-provenance.intoto.jsonl.bundle.sigstore \ + controller-attestation-amd64-provenance.intoto.jsonl ``` To verify the attestation manifest and its layer signatures: ```shell cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e ``` > [!NOTE] @@ -89,7 +89,7 @@ like `crane`. For example, the following command will show you all the attestation manifests of the `latest` tag: ```shell -crane manifest ghcr.io/kubewarden/kubewarden-controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")' +crane manifest ghcr.io/kubewarden/adm-controller/controller:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")' { "mediaType": "application/vnd.oci.image.manifest.v1+json", "digest": "sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8", @@ -123,10 +123,10 @@ layers signatures. ```shell cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 -crane manifest ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 +crane manifest ghcr.io/kubewarden/adm-controller/controller@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 { "schemaVersion": 2, "mediaType": "application/vnd.oci.image.manifest.v1+json", @@ -180,8 +180,8 @@ crane manifest ghcr.io/kubewarden/kubewarden-controller@sha256:fc01fa6c82cffeff } cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ - --certificate-identity="https://github.com/kubewarden/kubewarden-controller/.github/workflows/attestation.yml@" \ - ghcr.io/kubewarden/kubewarden-controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d + --certificate-identity="https://github.com/kubewarden/adm-controller/.github/workflows/attestation.yml@" \ + ghcr.io/kubewarden/adm-controller/controller@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d ``` Note that each attestation manifest (for each architecture) has its own layers. @@ -190,7 +190,7 @@ Buildx during the multi stage build process. You can also use `crane` to download the attestation file: ```shell -crane blob ghcr.io/kubewarden/kubewarden-controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca +crane blob ghcr.io/kubewarden/adm-controller/controller@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca ``` ## Security disclosure @@ -199,4 +199,4 @@ See [SECURITY.md](https://github.com/kubewarden/community/blob/main/SECURITY.md) # Changelog -See [GitHub Releases content](https://github.com/kubewarden/kubewarden-controller/releases). +See [GitHub Releases content](https://github.com/kubewarden/adm-controller/releases). diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml index e297b31fa..adfff6188 100644 --- a/charts/kubewarden-controller/values.yaml +++ b/charts/kubewarden-controller/values.yaml @@ -217,7 +217,7 @@ telemetry: image: # The registry is defined in the global.cattle.systemDefaultRegistry value # controller image to be used - repository: "kubewarden/kubewarden-controller" + repository: "kubewarden/adm-controller/controller" # image tag tag: v1.35.0 pullPolicy: IfNotPresent @@ -295,7 +295,7 @@ auditScanner: image: # The registry is defined in the common.cattle.systemDefaultRegistry value # kubectl image to be used in the pre-delete helm hook - repository: "kubewarden/audit-scanner" + repository: "kubewarden/adm-controller/audit-scanner" tag: v1.35.0 pullPolicy: IfNotPresent cronJob: diff --git a/cmd/audit-scanner/root.go b/cmd/audit-scanner/root.go index 10e2c0fea..80082e65b 100644 --- a/cmd/audit-scanner/root.go +++ b/cmd/audit-scanner/root.go @@ -7,11 +7,11 @@ import ( "os" "github.com/google/uuid" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/k8s" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/policies" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/report" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/scanner" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/scheme" + "github.com/kubewarden/adm-controller/internal/audit-scanner/k8s" + "github.com/kubewarden/adm-controller/internal/audit-scanner/policies" + "github.com/kubewarden/adm-controller/internal/audit-scanner/report" + "github.com/kubewarden/adm-controller/internal/audit-scanner/scanner" + "github.com/kubewarden/adm-controller/internal/audit-scanner/scheme" "github.com/spf13/cobra" "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 1e11a809a..aaf205798 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -45,12 +45,12 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/api/policies/v1alpha2" - "github.com/kubewarden/kubewarden-controller/internal/constants" - "github.com/kubewarden/kubewarden-controller/internal/controller" - "github.com/kubewarden/kubewarden-controller/internal/featuregates" - "github.com/kubewarden/kubewarden-controller/internal/metrics" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/api/policies/v1alpha2" + "github.com/kubewarden/adm-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/controller" + "github.com/kubewarden/adm-controller/internal/featuregates" + "github.com/kubewarden/adm-controller/internal/metrics" //+kubebuilder:scaffold:imports ) diff --git a/docs/controller/README.md b/docs/controller/README.md index d3a47f2cc..ed690643a 100644 --- a/docs/controller/README.md +++ b/docs/controller/README.md @@ -1,22 +1,22 @@ [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubewarden-controller)](https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller) -# kubewarden-controller +# adm-controller -`kubewarden-controller` is a Kubernetes controller that allows you to +`adm-controller` is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. -The `kubewarden-controller` reconciles the admission policies you +The `adm-controller` reconciles the admission policies you have registered with the Kubernetes webhooks of the cluster where it's deployed. ## Usage -Once the kubewarden-controller is up and running, you can define Kubewarden policies +Once the adm-controller is up and running, you can define Kubewarden policies using the `ClusterAdmissionPolicy` resource. The documentation of this Custom Resource can be found -[here](https://github.com/kubewarden/kubewarden-controller/blob/main/docs/crds/README.asciidoc) -or on [docs.crds.dev](https://doc.crds.dev/github.com/kubewarden/kubewarden-controller). +[here](https://github.com/kubewarden/adm-controller/blob/main/docs/crds/README.asciidoc) +or on [docs.crds.dev](https://doc.crds.dev/github.com/kubewarden/adm-controller). > [!NOTE] > `ClusterAdmissionPolicy` resources are cluster-wide. @@ -56,7 +56,7 @@ how this policy behaves. Creating the resource inside Kubernetes is sufficient to enforce the policy: ```shell -kubectl apply -f https://raw.githubusercontent.com/kubewarden/kubewarden-controller/main/config/samples/policies_v1alpha2_clusteradmissionpolicy.yaml +kubectl apply -f https://raw.githubusercontent.com/kubewarden/adm-controller/main/config/samples/policies_v1alpha2_clusteradmissionpolicy.yaml ``` ### Remove your first admission policy diff --git a/docs/crds/CRD-docs-for-docs-repo.adoc b/docs/crds/CRD-docs-for-docs-repo.adoc index e082e0ec4..164195f1a 100644 --- a/docs/crds/CRD-docs-for-docs-repo.adoc +++ b/docs/crds/CRD-docs-for-docs-repo.adoc @@ -15,20 +15,20 @@ Package v1 contains API Schema definitions for the policies v1 API group .Resource Types -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygrouplist[$$AdmissionPolicyGroupList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicylist[$$AdmissionPolicyList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygrouplist[$$ClusterAdmissionPolicyGroupList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserver[$$PolicyServer$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverlist[$$PolicyServerList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygrouplist[$$AdmissionPolicyGroupList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicylist[$$AdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygrouplist[$$ClusterAdmissionPolicyGroupList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserver[$$PolicyServer$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverlist[$$PolicyServerList$$] -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicy"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicy"] ==== AdmissionPolicy @@ -39,7 +39,7 @@ AdmissionPolicy is the Schema for the admissionpolicies API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicylist[$$AdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicylist[$$AdmissionPolicyList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -49,13 +49,13 @@ AdmissionPolicy is the Schema for the admissionpolicies API | *`kind`* __string__ | `AdmissionPolicy` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicyspec[$$AdmissionPolicySpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicyspec[$$AdmissionPolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroup"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroup"] ==== AdmissionPolicyGroup @@ -66,7 +66,7 @@ AdmissionPolicyGroup is the Schema for the AdmissionPolicyGroups API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygrouplist[$$AdmissionPolicyGroupList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygrouplist[$$AdmissionPolicyGroupList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -76,13 +76,13 @@ AdmissionPolicyGroup is the Schema for the AdmissionPolicyGroups API | *`kind`* __string__ | `AdmissionPolicyGroup` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroupspec[$$AdmissionPolicyGroupSpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroupspec[$$AdmissionPolicyGroupSpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygrouplist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygrouplist"] ==== AdmissionPolicyGroupList @@ -100,11 +100,11 @@ AdmissionPolicyGroupList contains a list of AdmissionPolicyGroup. | *`kind`* __string__ | `AdmissionPolicyGroupList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroupspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroupspec"] ==== AdmissionPolicyGroupSpec @@ -115,17 +115,17 @@ AdmissionPolicyGroupSpec defines the desired state of AdmissionPolicyGroup. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroup[$$AdmissionPolicyGroup$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicyGroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$]__ | | | +| *`PolicyGroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicylist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicylist"] ==== AdmissionPolicyList @@ -143,11 +143,11 @@ AdmissionPolicyList contains a list of AdmissionPolicy. | *`kind`* __string__ | `AdmissionPolicyList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicyspec"] ==== AdmissionPolicySpec @@ -158,17 +158,17 @@ AdmissionPolicySpec defines the desired state of AdmissionPolicy. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicy[$$AdmissionPolicy$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyspec[$$PolicySpec$$]__ | | | +| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyspec[$$PolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicy"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicy"] ==== ClusterAdmissionPolicy @@ -179,7 +179,7 @@ ClusterAdmissionPolicy is the Schema for the clusteradmissionpolicies API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -189,13 +189,13 @@ ClusterAdmissionPolicy is the Schema for the clusteradmissionpolicies API | *`kind`* __string__ | `ClusterAdmissionPolicy` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroup"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroup"] ==== ClusterAdmissionPolicyGroup @@ -206,7 +206,7 @@ ClusterAdmissionPolicyGroup is the Schema for the clusteradmissionpolicies API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygrouplist[$$ClusterAdmissionPolicyGroupList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygrouplist[$$ClusterAdmissionPolicyGroupList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -216,13 +216,13 @@ ClusterAdmissionPolicyGroup is the Schema for the clusteradmissionpolicies API | *`kind`* __string__ | `ClusterAdmissionPolicyGroup` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroupspec[$$ClusterAdmissionPolicyGroupSpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroupspec[$$ClusterAdmissionPolicyGroupSpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygrouplist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygrouplist"] ==== ClusterAdmissionPolicyGroupList @@ -240,11 +240,11 @@ ClusterAdmissionPolicyGroupList contains a list of ClusterAdmissionPolicyGroup | *`kind`* __string__ | `ClusterAdmissionPolicyGroupList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroupspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroupspec"] ==== ClusterAdmissionPolicyGroupSpec @@ -255,13 +255,13 @@ ClusterAdmissionPolicyGroupSpec defines the desired state of ClusterAdmissionPol .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroup[$$ClusterAdmissionPolicyGroup$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`ClusterPolicyGroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$]__ | | | +| *`ClusterPolicyGroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$]__ | | | | *`namespaceSelector`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#labelselector-v1-meta[$$LabelSelector$$]__ | NamespaceSelector decides whether to run the webhook on an object based + on whether the namespace for that object matches the selector. If the + object itself is a namespace, the matching is performed on + @@ -320,7 +320,7 @@ Kubewarden components from starting. + | | Optional: \{} + |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicylist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicylist"] ==== ClusterAdmissionPolicyList @@ -338,11 +338,11 @@ ClusterAdmissionPolicyList contains a list of ClusterAdmissionPolicy | *`kind`* __string__ | `ClusterAdmissionPolicyList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyspec"] ==== ClusterAdmissionPolicySpec @@ -353,13 +353,13 @@ ClusterAdmissionPolicySpec defines the desired state of ClusterAdmissionPolicy. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyspec[$$PolicySpec$$]__ | | | +| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyspec[$$PolicySpec$$]__ | | | | *`namespaceSelector`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#labelselector-v1-meta[$$LabelSelector$$]__ | NamespaceSelector decides whether to run the webhook on an object based + on whether the namespace for that object matches the selector. If the + object itself is a namespace, the matching is performed on + @@ -406,7 +406,7 @@ for more examples of label selectors. +

+ Default to the empty LabelSelector, which matches everything. + | | Optional: \{} + -| *`contextAwareResources`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-contextawareresource[$$ContextAwareResource$$] array__ | List of Kubernetes resources the policy is allowed to access at evaluation time. + +| *`contextAwareResources`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-contextawareresource[$$ContextAwareResource$$] array__ | List of Kubernetes resources the policy is allowed to access at evaluation time. + Access to these resources is done using the `ServiceAccount` of the PolicyServer + the policy is assigned to. + | | Optional: \{} + @@ -422,7 +422,7 @@ Kubewarden components from starting. + | | Optional: \{} + |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusterpolicygroupspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusterpolicygroupspec"] ==== ClusterPolicyGroupSpec @@ -433,21 +433,21 @@ Kubewarden components from starting. + | | Optional: \{} + .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroupspec[$$ClusterAdmissionPolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroupspec[$$ClusterAdmissionPolicyGroupSpec$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`GroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-groupspec[$$GroupSpec$$]__ | | | -| *`policies`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberswithcontext[$$PolicyGroupMembersWithContext$$]__ | Policies is a list of policies that are part of the group that will + +| *`GroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-groupspec[$$GroupSpec$$]__ | | | +| *`policies`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberswithcontext[$$PolicyGroupMembersWithContext$$]__ | Policies is a list of policies that are part of the group that will + be available to be called in the evaluation expression field. + Each policy in the group should be a Kubewarden policy. + | | Required: \{} + |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-contextawareresource"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-contextawareresource"] ==== ContextAwareResource @@ -458,9 +458,9 @@ ContextAwareResource identifies a Kubernetes resource. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyfactory[$$ClusterAdmissionPolicyFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberwithcontext[$$PolicyGroupMemberWithContext$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyfactory[$$ClusterAdmissionPolicyFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberwithcontext[$$PolicyGroupMemberWithContext$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -471,7 +471,7 @@ ContextAwareResource identifies a Kubernetes resource. |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-groupspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-groupspec"] ==== GroupSpec @@ -482,8 +482,8 @@ ContextAwareResource identifies a Kubernetes resource. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -491,7 +491,7 @@ ContextAwareResource identifies a Kubernetes resource. | Field | Description | Default | Validation | *`policyServer`* __string__ | PolicyServer identifies an existing PolicyServer resource. + | default | Optional: \{} + -| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + +| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + either "protect" or "monitor". If it's empty, it is defaulted to + "protect". + Transitioning this setting from "monitor" to "protect" is + @@ -603,7 +603,7 @@ returned in the warning field of the response. + | | Required: \{} + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmember"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmember"] ==== PolicyGroupMember @@ -614,8 +614,8 @@ returned in the warning field of the response. + | | Required: \{} + .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberwithcontext[$$PolicyGroupMemberWithContext$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmembers[$$PolicyGroupMembers$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberwithcontext[$$PolicyGroupMemberWithContext$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmembers[$$PolicyGroupMembers$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -642,7 +642,7 @@ Optional: \{} + |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberwithcontext"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberwithcontext"] ==== PolicyGroupMemberWithContext @@ -653,24 +653,24 @@ Optional: \{} + .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberswithcontext[$$PolicyGroupMembersWithContext$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberswithcontext[$$PolicyGroupMembersWithContext$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicyGroupMember`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmember[$$PolicyGroupMember$$]__ | | | -| *`contextAwareResources`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-contextawareresource[$$ContextAwareResource$$] array__ | List of Kubernetes resources the policy is allowed to access at evaluation time. + +| *`PolicyGroupMember`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmember[$$PolicyGroupMember$$]__ | | | +| *`contextAwareResources`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-contextawareresource[$$ContextAwareResource$$] array__ | List of Kubernetes resources the policy is allowed to access at evaluation time. + Access to these resources is done using the `ServiceAccount` of the PolicyServer + the policy is assigned to. + | | Optional: \{} + |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmembers"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmembers"] ==== PolicyGroupMembers -_Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-map-string-policygroupmember[$$map[string]PolicyGroupMember$$]_ +_Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-map-string-policygroupmember[$$map[string]PolicyGroupMember$$]_ @@ -678,16 +678,16 @@ _Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-kubewarden-contro .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroupfactory[$$AdmissionPolicyGroupFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroupfactory[$$AdmissionPolicyGroupFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupspec[$$PolicyGroupSpec$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmemberswithcontext"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmemberswithcontext"] ==== PolicyGroupMembersWithContext -_Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-map-string-policygroupmemberwithcontext[$$map[string]PolicyGroupMemberWithContext$$]_ +_Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-map-string-policygroupmemberwithcontext[$$map[string]PolicyGroupMemberWithContext$$]_ @@ -695,13 +695,13 @@ _Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-kubewarden-contro .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroupfactory[$$ClusterAdmissionPolicyGroupFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroupfactory[$$ClusterAdmissionPolicyGroupFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusterpolicygroupspec[$$ClusterPolicyGroupSpec$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupspec"] ==== PolicyGroupSpec @@ -712,14 +712,14 @@ _Underlying type:_ _xref:{anchor_prefix}-github-com-kubewarden-kubewarden-contro .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroupspec[$$AdmissionPolicyGroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroupspec[$$AdmissionPolicyGroupSpec$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`GroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-groupspec[$$GroupSpec$$]__ | | | -| *`policies`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policygroupmembers[$$PolicyGroupMembers$$]__ | Policies is a list of policies that are part of the group that will + +| *`GroupSpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-groupspec[$$GroupSpec$$]__ | | | +| *`policies`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policygroupmembers[$$PolicyGroupMembers$$]__ | Policies is a list of policies that are part of the group that will + be available to be called in the evaluation expression field. + Each policy in the group should be a Kubewarden policy. + | | Required: \{} + @@ -730,7 +730,7 @@ Each policy in the group should be a Kubewarden policy. + | | Required: \{} + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policymode"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policymode"] ==== PolicyMode _Underlying type:_ _string_ @@ -742,17 +742,17 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicyfactory[$$AdmissionPolicyFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicygroupfactory[$$AdmissionPolicyGroupFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyfactory[$$ClusterAdmissionPolicyFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicygroupfactory[$$ClusterAdmissionPolicyGroupFactory$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-groupspec[$$GroupSpec$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyspec[$$PolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicyfactory[$$AdmissionPolicyFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicygroupfactory[$$AdmissionPolicyGroupFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyfactory[$$ClusterAdmissionPolicyFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicygroupfactory[$$ClusterAdmissionPolicyGroupFactory$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-groupspec[$$GroupSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyspec[$$PolicySpec$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policymodestatus"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policymodestatus"] ==== PolicyModeStatus _Underlying type:_ _string_ @@ -764,14 +764,14 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policystatus[$$PolicyStatus$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policystatus[$$PolicyStatus$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserver"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserver"] ==== PolicyServer @@ -782,7 +782,7 @@ PolicyServer is the Schema for the policyservers API. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverlist[$$PolicyServerList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverlist[$$PolicyServerList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -792,7 +792,7 @@ PolicyServer is the Schema for the policyservers API. | *`kind`* __string__ | `PolicyServer` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverspec[$$PolicyServerSpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverspec[$$PolicyServerSpec$$]__ | | | |=== @@ -800,7 +800,7 @@ PolicyServer is the Schema for the policyservers API. -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverlist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverlist"] ==== PolicyServerList @@ -818,11 +818,11 @@ PolicyServerList contains a list of PolicyServer. | *`kind`* __string__ | `PolicyServerList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserver[$$PolicyServer$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserver[$$PolicyServer$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserversecurity"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserversecurity"] ==== PolicyServerSecurity @@ -833,7 +833,7 @@ PolicyServerSecurity defines securityContext configuration to be used in the Pol .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverspec[$$PolicyServerSpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverspec[$$PolicyServerSpec$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -846,7 +846,7 @@ PolicyServerSecurity defines securityContext configuration to be used in the Pol |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserverspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserverspec"] ==== PolicyServerSpec @@ -857,7 +857,7 @@ PolicyServerSpec defines the desired state of PolicyServer. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserver[$$PolicyServer$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserver[$$PolicyServer$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -909,7 +909,7 @@ a custom Sigstore instance instead of the default public Sigstore infrastructure WARNING: This feature requires strict access control. Users with write access + to this ConfigMap can influence policy signature verification. + | | Optional: \{} + -| *`securityContexts`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyserversecurity[$$PolicyServerSecurity$$]__ | Security configuration to be used in the Policy Server workload. + +| *`securityContexts`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyserversecurity[$$PolicyServerSecurity$$]__ | Security configuration to be used in the Policy Server workload. + The field allows different configurations for the pod and containers. + If set for the containers, this configuration will not be used in + containers added by other controllers (e.g. telemetry sidecars) + | | Optional: \{} + @@ -948,7 +948,7 @@ Supported wildcard patterns: + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policyspec"] ==== PolicySpec @@ -959,8 +959,8 @@ Supported wildcard patterns: + .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-admissionpolicyspec[$$AdmissionPolicySpec$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-admissionpolicyspec[$$AdmissionPolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -968,7 +968,7 @@ Supported wildcard patterns: + | Field | Description | Default | Validation | *`policyServer`* __string__ | PolicyServer identifies an existing PolicyServer resource. + | default | Optional: \{} + -| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + +| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + either "protect" or "monitor". If it's empty, it is defaulted to + "protect". + Transitioning this setting from "monitor" to "protect" is + @@ -1079,7 +1079,7 @@ AdmissionResponse object + | | Optional: \{} + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policystatusenum"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policystatusenum"] ==== PolicyStatusEnum _Underlying type:_ _string_ @@ -1091,7 +1091,7 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1-policystatus[$$PolicyStatus$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1-policystatus[$$PolicyStatus$$] **** @@ -1105,16 +1105,16 @@ _Underlying type:_ _string_ Package v1alpha2 contains API Schema definitions for the policies v1alpha2 API group .Resource Types -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicylist[$$AdmissionPolicyList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserverlist[$$PolicyServerList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicylist[$$AdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserverlist[$$PolicyServerList$$] -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicy"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicy"] ==== AdmissionPolicy @@ -1125,7 +1125,7 @@ AdmissionPolicy is the Schema for the admissionpolicies API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicylist[$$AdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicylist[$$AdmissionPolicyList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -1135,11 +1135,11 @@ AdmissionPolicy is the Schema for the admissionpolicies API | *`kind`* __string__ | `AdmissionPolicy` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicyspec[$$AdmissionPolicySpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicyspec[$$AdmissionPolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicylist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicylist"] ==== AdmissionPolicyList @@ -1157,11 +1157,11 @@ AdmissionPolicyList contains a list of AdmissionPolicy. | *`kind`* __string__ | `AdmissionPolicyList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicyspec"] ==== AdmissionPolicySpec @@ -1172,17 +1172,17 @@ AdmissionPolicySpec defines the desired state of AdmissionPolicy. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicy[$$AdmissionPolicy$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$]__ | | | +| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicy"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicy"] ==== ClusterAdmissionPolicy @@ -1193,7 +1193,7 @@ ClusterAdmissionPolicy is the Schema for the clusteradmissionpolicies API .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicylist[$$ClusterAdmissionPolicyList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -1203,11 +1203,11 @@ ClusterAdmissionPolicy is the Schema for the clusteradmissionpolicies API | *`kind`* __string__ | `ClusterAdmissionPolicy` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicylist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicylist"] ==== ClusterAdmissionPolicyList @@ -1225,11 +1225,11 @@ ClusterAdmissionPolicyList contains a list of ClusterAdmissionPolicy | *`kind`* __string__ | `ClusterAdmissionPolicyList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicyspec"] ==== ClusterAdmissionPolicySpec @@ -1240,13 +1240,13 @@ ClusterAdmissionPolicySpec defines the desired state of ClusterAdmissionPolicy. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicy[$$ClusterAdmissionPolicy$$] **** [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$]__ | | | +| *`PolicySpec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$]__ | | | | *`namespaceSelector`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#labelselector-v1-meta[$$LabelSelector$$]__ | NamespaceSelector decides whether to run the webhook on an object based + on whether the namespace for that object matches the selector. If the + object itself is a namespace, the matching is performed on + @@ -1300,7 +1300,7 @@ Default to the empty LabelSelector, which matches everything. + | | Optional: \ -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policymode"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policymode"] ==== PolicyMode _Underlying type:_ _string_ @@ -1312,12 +1312,12 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyspec[$$PolicySpec$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policymodestatus"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policymodestatus"] ==== PolicyModeStatus _Underlying type:_ _string_ @@ -1329,12 +1329,12 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policystatus[$$PolicyStatus$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policystatus[$$PolicyStatus$$] **** -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserver"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserver"] ==== PolicyServer @@ -1345,7 +1345,7 @@ PolicyServer is the Schema for the policyservers API. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserverlist[$$PolicyServerList$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserverlist[$$PolicyServerList$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -1355,13 +1355,13 @@ PolicyServer is the Schema for the policyservers API. | *`kind`* __string__ | `PolicyServer` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserverspec[$$PolicyServerSpec$$]__ | | | +| *`spec`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserverspec[$$PolicyServerSpec$$]__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserverlist"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserverlist"] ==== PolicyServerList @@ -1379,11 +1379,11 @@ PolicyServerList contains a list of PolicyServer. | *`kind`* __string__ | `PolicyServerList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | -| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] array__ | | | +| *`items`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] array__ | | | |=== -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserverspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserverspec"] ==== PolicyServerSpec @@ -1394,7 +1394,7 @@ PolicyServerSpec defines the desired state of PolicyServer. .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyserver[$$PolicyServer$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -1436,7 +1436,7 @@ key named verification-config in the Configmap. + | | Optional: \{} + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policyspec"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policyspec"] ==== PolicySpec @@ -1447,8 +1447,8 @@ key named verification-config in the Configmap. + | | Optional: \{} + .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-admissionpolicyspec[$$AdmissionPolicySpec$$] -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-admissionpolicyspec[$$AdmissionPolicySpec$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-clusteradmissionpolicyspec[$$ClusterAdmissionPolicySpec$$] **** [cols="20a,50a,15a,15a", options="header"] @@ -1461,7 +1461,7 @@ local file (file://), a remote file served by an HTTP server + (http://, https://), or an artifact served by an OCI-compatible + registry (registry://). + | | Required: \{} + -| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + +| *`mode`* __xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policymode[$$PolicyMode$$]__ | Mode defines the execution mode of this policy. Can be set to + either "protect" or "monitor". If it's empty, it is defaulted to + "protect". + Transitioning this setting from "monitor" to "protect" is + @@ -1533,7 +1533,7 @@ Default to 10 seconds. + | 10 | Optional: \{} + -[id="{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policystatusenum"] +[id="{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policystatusenum"] ==== PolicyStatusEnum _Underlying type:_ _string_ @@ -1545,7 +1545,7 @@ _Underlying type:_ _string_ .Appears In: **** -- xref:{anchor_prefix}-github-com-kubewarden-kubewarden-controller-api-policies-v1alpha2-policystatus[$$PolicyStatus$$] +- xref:{anchor_prefix}-github-com-kubewarden-adm-controller-api-policies-v1alpha2-policystatus[$$PolicyStatus$$] **** diff --git a/docs/policy-server/README.md b/docs/policy-server/README.md index ae6ee50a8..a9dd29114 100644 --- a/docs/policy-server/README.md +++ b/docs/policy-server/README.md @@ -11,7 +11,7 @@ modules. # Deployment -We recommend to rely on the [kubewarden-controller](https://github.com/kubewarden/kubewarden-controller) +We recommend to rely on the [Kubewarden admission controller](https://github.com/kubewarden/adm-controller) and the [Kubernetes Custom Resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) provided by it to deploy the Kubewarden stack. diff --git a/e2e/admissionpolicy_test.go b/e2e/admissionpolicy_test.go index a805a2683..a20c2919b 100644 --- a/e2e/admissionpolicy_test.go +++ b/e2e/admissionpolicy_test.go @@ -30,8 +30,8 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestAdmissionPolicyController(t *testing.T) { diff --git a/e2e/admissionpolicygroup_test.go b/e2e/admissionpolicygroup_test.go index 3f1b83725..2084b97b4 100644 --- a/e2e/admissionpolicygroup_test.go +++ b/e2e/admissionpolicygroup_test.go @@ -30,8 +30,8 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestAdmissionPolicyGroupController(t *testing.T) { diff --git a/e2e/clusteradmissionpolicy_test.go b/e2e/clusteradmissionpolicy_test.go index 78b6163cd..d000ed7c3 100644 --- a/e2e/clusteradmissionpolicy_test.go +++ b/e2e/clusteradmissionpolicy_test.go @@ -30,8 +30,8 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestClusterAdmissionPolicyController(t *testing.T) { diff --git a/e2e/clusteradmissionpolicygroup_test.go b/e2e/clusteradmissionpolicygroup_test.go index ec2167b87..b034a1214 100644 --- a/e2e/clusteradmissionpolicygroup_test.go +++ b/e2e/clusteradmissionpolicygroup_test.go @@ -30,8 +30,8 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" "sigs.k8s.io/e2e-framework/pkg/features" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) func TestClusterAdmissionPolicyGroupController(t *testing.T) { diff --git a/e2e/helpers_test.go b/e2e/helpers_test.go index a637c490b..79382d215 100644 --- a/e2e/helpers_test.go +++ b/e2e/helpers_test.go @@ -12,8 +12,8 @@ import ( "sigs.k8s.io/e2e-framework/klient/wait/conditions" "sigs.k8s.io/e2e-framework/pkg/envconf" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) const ( diff --git a/e2e/main_test.go b/e2e/main_test.go index 09bd313e1..6dd1d34e2 100644 --- a/e2e/main_test.go +++ b/e2e/main_test.go @@ -24,9 +24,9 @@ var ( testenv env.Environment kindClusterName string namespace = "kubewarden" - controllerImage = "ghcr.io/kubewarden/kubewarden-controller:dev" - auditScannerImage = "ghcr.io/kubewarden/audit-scanner:dev" - policyServerImage = "ghcr.io/kubewarden/policy-server:dev" + controllerImage = "ghcr.io/kubewarden/adm-controller/controller:dev" + auditScannerImage = "ghcr.io/kubewarden/adm-controller/audit-scanner:dev" + policyServerImage = "ghcr.io/kubewarden/adm-controller/policy-server:dev" ) func TestMain(m *testing.M) { diff --git a/go.mod b/go.mod index fc5c7a773..49efad6d0 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/kubewarden/kubewarden-controller +module github.com/kubewarden/adm-controller go 1.26 diff --git a/go.sum b/go.sum index bba558732..ddc4f0e88 100644 --- a/go.sum +++ b/go.sum @@ -369,8 +369,6 @@ github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3v github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= -github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y= github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -507,32 +505,18 @@ go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= -go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho= -go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc= go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I= go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.42.0 h1:MdKucPl/HbzckWWEisiNqMPhRrAOQX8r4jTuGr636gk= -go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.42.0/go.mod h1:RolT8tWtfHcjajEH5wFIZ4Dgh5jpPdFXYV9pTAk/qjc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0 h1:8UQVDcZxOJLtX6gxtDt3vY2WTgvZqMQRzjsqiIHQdkc= go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.43.0/go.mod h1:2lmweYCiHYpEjQ/lSJBYhj9jP1zvCvQW4BqL9dnT7FQ= -go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4= -go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI= go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM= go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY= -go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo= -go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts= go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg= go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg= -go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA= -go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc= go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw= go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A= -go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY= -go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc= go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A= go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0= -go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A= -go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4= go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g= go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -593,8 +577,6 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= -golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -627,8 +609,6 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -684,12 +664,8 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -699,8 +675,6 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -747,8 +721,6 @@ golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc= -golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg= golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -758,8 +730,8 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= -gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +gonum.org/v1/gonum v0.17.0 h1:VbpOemQlsSMrYmn7T2OUvQ4dqxQXU+ouZFQsZOx50z4= +gonum.org/v1/gonum v0.17.0/go.mod h1:El3tOrEuMpv2UdMrbNlKEh9vd86bmQ6vqIcDwxEOc1E= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -794,12 +766,8 @@ google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= -google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 h1:VPWxll4HlMw1Vs/qXtN7BvhZqsS9cdAittCNvVENElA= google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:7QBABkRtR8z+TEnmXTqIqwJLlzrZKVfAUm7tY3yGv0M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= -google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 h1:m8qni9SQFH0tJc1X0vmnpw/0t+AImlSvp30sEupozUg= google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -810,8 +778,6 @@ google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= -google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/grpc v1.80.0 h1:Xr6m2WmWZLETvUNvIUmeD5OAagMw3FiKmMlTdViWsHM= google.golang.org/grpc v1.80.0/go.mod h1:ho/dLnxwi3EDJA4Zghp7k2Ec1+c2jqup0bFkw07bwF4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= @@ -861,10 +827,6 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI= k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8= -k8s.io/api v0.35.2 h1:tW7mWc2RpxW7HS4CoRXhtYHSzme1PN1UjGHJ1bdrtdw= -k8s.io/api v0.35.2/go.mod h1:7AJfqGoAZcwSFhOjcGM7WV05QxMMgUaChNfLTXDRE60= -k8s.io/api v0.35.3 h1:pA2fiBc6+N9PDf7SAiluKGEBuScsTzd2uYBkA5RzNWQ= -k8s.io/api v0.35.3/go.mod h1:9Y9tkBcFwKNq2sxwZTQh1Njh9qHl81D0As56tu42GA4= k8s.io/api v0.35.4 h1:P7nFYKl5vo9AGUp1Z+Pmd3p2tA7bX2wbFWCvDeRv988= k8s.io/api v0.35.4/go.mod h1:yl4lqySWOgYJJf9RERXKUwE9g2y+CkuwG+xmcOK8wXU= k8s.io/apiextensions-apiserver v0.18.6/go.mod h1:lv89S7fUysXjLZO7ke783xOwVTm6lKizADfvUM/SS/M= @@ -872,33 +834,17 @@ k8s.io/apiextensions-apiserver v0.35.0 h1:3xHk2rTOdWXXJM+RDQZJvdx0yEOgC0FgQ1PlJa k8s.io/apiextensions-apiserver v0.35.0/go.mod h1:E1Ahk9SADaLQ4qtzYFkwUqusXTcaV2uw3l14aqpL2LU= k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= -k8s.io/apimachinery v0.35.2 h1:NqsM/mmZA7sHW02JZ9RTtk3wInRgbVxL8MPfzSANAK8= -k8s.io/apimachinery v0.35.2/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= -k8s.io/apimachinery v0.35.3 h1:MeaUwQCV3tjKP4bcwWGgZ/cp/vpsRnQzqO6J6tJyoF8= -k8s.io/apimachinery v0.35.3/go.mod h1:jQCgFZFR1F4Ik7hvr2g84RTJSZegBc8yHgFWKn//hns= k8s.io/apimachinery v0.35.4 h1:xtdom9RG7e+yDp71uoXoJDWEE2eOiHgeO4GdBzwWpds= k8s.io/apimachinery v0.35.4/go.mod h1:NNi1taPOpep0jOj+oRha3mBJPqvi0hGdaV8TCqGQ+cc= k8s.io/apiserver v0.18.6/go.mod h1:Zt2XvTHuaZjBz6EFYzpp+X4hTmgWGy8AthNVnTdm3Wg= -k8s.io/apiserver v0.35.2 h1:rb52v0CZGEL0FkhjS+I6jHflAp7fZ4MIaKcEHX7wmDk= -k8s.io/apiserver v0.35.2/go.mod h1:CROJUAu0tfjZLyYgSeBsBan2T7LUJGh0ucWwTCSSk7g= -k8s.io/apiserver v0.35.3 h1:D2eIcfJ05hEAEewoSDg+05e0aSRwx8Y4Agvd/wiomUI= -k8s.io/apiserver v0.35.3/go.mod h1:JI0n9bHYzSgIxgIrfe21dbduJ9NHzKJ6RchcsmIKWKY= k8s.io/apiserver v0.35.4 h1:vtuFqNFmF9bPRdHDL2lpK6qCTPWDreZJL4LRPwVM6ho= k8s.io/apiserver v0.35.4/go.mod h1:JnBcb+J8kFXKpZkgcbcUnPBBHi4qgBii1I7dLxFY/oo= k8s.io/client-go v0.18.6/go.mod h1:/fwtGLjYMS1MaM5oi+eXhKwG+1UHidUEXRh6cNsdO0Q= k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= -k8s.io/client-go v0.35.2 h1:YUfPefdGJA4aljDdayAXkc98DnPkIetMl4PrKX97W9o= -k8s.io/client-go v0.35.2/go.mod h1:4QqEwh4oQpeK8AaefZ0jwTFJw/9kIjdQi0jpKeYvz7g= -k8s.io/client-go v0.35.3 h1:s1lZbpN4uI6IxeTM2cpdtrwHcSOBML1ODNTCCfsP1pg= -k8s.io/client-go v0.35.3/go.mod h1:RzoXkc0mzpWIDvBrRnD+VlfXP+lRzqQjCmKtiwZ8Q9c= k8s.io/client-go v0.35.4 h1:DN6fyaGuzK64UvnKO5fOA6ymSjvfGAnCAHAR0C66kD8= k8s.io/client-go v0.35.4/go.mod h1:2Pg9WpsS4NeOpoYTfHHfMxBG8zFMSAUi4O/qoiJC3nY= k8s.io/code-generator v0.18.6/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/component-base v0.18.6/go.mod h1:knSVsibPR5K6EW2XOjEHik6sdU5nCvKMrzMt2D4In14= -k8s.io/component-base v0.35.2 h1:btgR+qNrpWuRSuvWSnQYsZy88yf5gVwemvz0yw79pGc= -k8s.io/component-base v0.35.2/go.mod h1:B1iBJjooe6xIJYUucAxb26RwhAjzx0gHnqO9htWIX+0= -k8s.io/component-base v0.35.3 h1:mbKbzoIMy7JDWS/wqZobYW1JDVRn/RKRaoMQHP9c4P0= -k8s.io/component-base v0.35.3/go.mod h1:IZ8LEG30kPN4Et5NeC7vjNv5aU73ku5MS15iZyvyMYk= k8s.io/component-base v0.35.4 h1:6n1tNJ87johN0Hif0Fs8K2GMthsaUwMqCebUDLYyv7U= k8s.io/component-base v0.35.4/go.mod h1:qaDJgz5c1KYKla9occFmlJEfPpkuA55s90G509R+PeY= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -918,8 +864,6 @@ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfX k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU= -k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5 h1:kBawHLSnx/mYHmRnNUf9d4CpjREbeZuxoSGOX/J+aYM= k8s.io/utils v0.0.0-20260319190234-28399d86e0b5/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/internal/audit-scanner/policies/client.go b/internal/audit-scanner/policies/client.go index ddc6cfacf..ce4f47a20 100644 --- a/internal/audit-scanner/policies/client.go +++ b/internal/audit-scanner/policies/client.go @@ -8,8 +8,8 @@ import ( "net/url" "slices" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/meta" diff --git a/internal/audit-scanner/policies/client_test.go b/internal/audit-scanner/policies/client_test.go index 8dd03f31b..f2f800ce9 100644 --- a/internal/audit-scanner/policies/client_test.go +++ b/internal/audit-scanner/policies/client_test.go @@ -12,8 +12,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/testutils" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/testutils" ) func TestGetPoliciesByNamespace(t *testing.T) { diff --git a/internal/audit-scanner/report/legacy_migration_test.go b/internal/audit-scanner/report/legacy_migration_test.go index 136cf0177..283b4bf66 100644 --- a/internal/audit-scanner/report/legacy_migration_test.go +++ b/internal/audit-scanner/report/legacy_migration_test.go @@ -4,7 +4,7 @@ import ( "log/slog" "testing" - testutils "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/testutils" + testutils "github.com/kubewarden/adm-controller/internal/audit-scanner/testutils" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/report/openreports.go b/internal/audit-scanner/report/openreports.go index b06155e49..0ffc04e7d 100644 --- a/internal/audit-scanner/report/openreports.go +++ b/internal/audit-scanner/report/openreports.go @@ -3,7 +3,7 @@ package report import ( "time" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" openreports "github.com/openreports/reports-api/apis/openreports.io/v1alpha1" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/report/openreports_store.go b/internal/audit-scanner/report/openreports_store.go index 1e4128fe1..b09ea23b5 100644 --- a/internal/audit-scanner/report/openreports_store.go +++ b/internal/audit-scanner/report/openreports_store.go @@ -5,7 +5,7 @@ import ( "fmt" "log/slog" - auditConstants "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + auditConstants "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" openreports "github.com/openreports/reports-api/apis/openreports.io/v1alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" diff --git a/internal/audit-scanner/report/openreports_store_test.go b/internal/audit-scanner/report/openreports_store_test.go index a96a8c68f..8c978cede 100644 --- a/internal/audit-scanner/report/openreports_store_test.go +++ b/internal/audit-scanner/report/openreports_store_test.go @@ -5,8 +5,8 @@ import ( "log/slog" "testing" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - auditConstants "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + auditConstants "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" openreports "github.com/openreports/reports-api/apis/openreports.io/v1alpha1" "github.com/stretchr/testify/require" admissionv1 "k8s.io/api/admission/v1" @@ -16,7 +16,7 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/testutils" + "github.com/kubewarden/adm-controller/internal/audit-scanner/testutils" ) func TestCreateReport(t *testing.T) { diff --git a/internal/audit-scanner/report/policyreports.go b/internal/audit-scanner/report/policyreports.go index 023a1f100..02d0a28ef 100644 --- a/internal/audit-scanner/report/policyreports.go +++ b/internal/audit-scanner/report/policyreports.go @@ -3,7 +3,7 @@ package report import ( "time" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" diff --git a/internal/audit-scanner/report/policyreports_store.go b/internal/audit-scanner/report/policyreports_store.go index 5228b8a15..46ff40608 100644 --- a/internal/audit-scanner/report/policyreports_store.go +++ b/internal/audit-scanner/report/policyreports_store.go @@ -5,7 +5,7 @@ import ( "fmt" "log/slog" - auditConstants "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + auditConstants "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/internal/audit-scanner/report/policyreports_store_test.go b/internal/audit-scanner/report/policyreports_store_test.go index a18ca7269..4f1fad0aa 100644 --- a/internal/audit-scanner/report/policyreports_store_test.go +++ b/internal/audit-scanner/report/policyreports_store_test.go @@ -5,9 +5,9 @@ import ( "log/slog" "testing" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - auditConstants "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" - testutils "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/testutils" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + auditConstants "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" + testutils "github.com/kubewarden/adm-controller/internal/audit-scanner/testutils" "github.com/stretchr/testify/require" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/report/policyreports_test.go b/internal/audit-scanner/report/policyreports_test.go index 2dff42886..3b179114c 100644 --- a/internal/audit-scanner/report/policyreports_test.go +++ b/internal/audit-scanner/report/policyreports_test.go @@ -4,8 +4,8 @@ import ( "testing" "time" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" "github.com/stretchr/testify/assert" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/report/report.go b/internal/audit-scanner/report/report.go index 2dcec2006..8e8d3cf29 100644 --- a/internal/audit-scanner/report/report.go +++ b/internal/audit-scanner/report/report.go @@ -1,8 +1,8 @@ package report import ( - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" admissionv1 "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/scanner/config.go b/internal/audit-scanner/scanner/config.go index ed8ae3abf..2cb84c0f3 100644 --- a/internal/audit-scanner/scanner/config.go +++ b/internal/audit-scanner/scanner/config.go @@ -3,9 +3,9 @@ package scanner import ( "log/slog" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/k8s" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/policies" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/report" + "github.com/kubewarden/adm-controller/internal/audit-scanner/k8s" + "github.com/kubewarden/adm-controller/internal/audit-scanner/policies" + "github.com/kubewarden/adm-controller/internal/audit-scanner/report" ) type ParallelizationConfig struct { diff --git a/internal/audit-scanner/scanner/scanner.go b/internal/audit-scanner/scanner/scanner.go index 4d1b49274..e4491dc12 100644 --- a/internal/audit-scanner/scanner/scanner.go +++ b/internal/audit-scanner/scanner/scanner.go @@ -16,10 +16,10 @@ import ( "sync" "time" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/k8s" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/policies" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/report" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/k8s" + "github.com/kubewarden/adm-controller/internal/audit-scanner/policies" + "github.com/kubewarden/adm-controller/internal/audit-scanner/report" "golang.org/x/sync/semaphore" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/internal/audit-scanner/scanner/scanner_test.go b/internal/audit-scanner/scanner/scanner_test.go index 6a27c43ab..1920c045c 100644 --- a/internal/audit-scanner/scanner/scanner_test.go +++ b/internal/audit-scanner/scanner/scanner_test.go @@ -11,12 +11,12 @@ import ( "testing" "github.com/google/uuid" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - auditConstants "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/k8s" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/policies" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/report" - auditscheme "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/scheme" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + auditConstants "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" + "github.com/kubewarden/adm-controller/internal/audit-scanner/k8s" + "github.com/kubewarden/adm-controller/internal/audit-scanner/policies" + "github.com/kubewarden/adm-controller/internal/audit-scanner/report" + auditscheme "github.com/kubewarden/adm-controller/internal/audit-scanner/scheme" openreports "github.com/openreports/reports-api/apis/openreports.io/v1alpha1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -34,7 +34,7 @@ import ( testingclient "k8s.io/client-go/testing" wgpolicy "sigs.k8s.io/wg-policy-prototypes/policy-report/pkg/api/wgpolicyk8s.io/v1alpha2" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/testutils" + "github.com/kubewarden/adm-controller/internal/audit-scanner/testutils" ) const ( diff --git a/internal/audit-scanner/scheme/scheme.go b/internal/audit-scanner/scheme/scheme.go index a0a658fe1..72a855703 100644 --- a/internal/audit-scanner/scheme/scheme.go +++ b/internal/audit-scanner/scheme/scheme.go @@ -3,7 +3,7 @@ package scheme import ( "fmt" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" openreports "github.com/openreports/reports-api/pkg/client/clientset/versioned/scheme" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" diff --git a/internal/audit-scanner/testutils/testutils.go b/internal/audit-scanner/testutils/testutils.go index 852b36a2d..fba664e69 100644 --- a/internal/audit-scanner/testutils/testutils.go +++ b/internal/audit-scanner/testutils/testutils.go @@ -12,9 +12,9 @@ import ( "os" "time" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/constants" - "github.com/kubewarden/kubewarden-controller/internal/audit-scanner/scheme" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/audit-scanner/constants" + "github.com/kubewarden/adm-controller/internal/audit-scanner/scheme" openreports "github.com/openreports/reports-api/apis/openreports.io/v1alpha1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" "k8s.io/apimachinery/pkg/api/meta" diff --git a/internal/certs/secrets.go b/internal/certs/secrets.go index c5a5f2832..97c2d7729 100644 --- a/internal/certs/secrets.go +++ b/internal/certs/secrets.go @@ -3,7 +3,7 @@ package certs import ( "fmt" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/constants" corev1 "k8s.io/api/core/v1" ) diff --git a/internal/controller/admissionpolicy_controller.go b/internal/controller/admissionpolicy_controller.go index 8b96b9a55..2785fe0c5 100644 --- a/internal/controller/admissionpolicy_controller.go +++ b/internal/controller/admissionpolicy_controller.go @@ -31,8 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // Warning: this controller is deployed by a helm chart which has its own diff --git a/internal/controller/admissionpolicygroup_controller.go b/internal/controller/admissionpolicygroup_controller.go index 92aafab48..7af7c95b0 100644 --- a/internal/controller/admissionpolicygroup_controller.go +++ b/internal/controller/admissionpolicygroup_controller.go @@ -31,8 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // Warning: this controller is deployed by a helm chart which has its own diff --git a/internal/controller/cert_controller.go b/internal/controller/cert_controller.go index 7362f9c4b..1bf1afa4a 100644 --- a/internal/controller/cert_controller.go +++ b/internal/controller/cert_controller.go @@ -14,8 +14,8 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/kubewarden/kubewarden-controller/internal/certs" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/certs" + "github.com/kubewarden/adm-controller/internal/constants" ) const tickerDuration = 12 * time.Hour diff --git a/internal/controller/cert_controller_test.go b/internal/controller/cert_controller_test.go index bd4a1f006..d3ae3700e 100644 --- a/internal/controller/cert_controller_test.go +++ b/internal/controller/cert_controller_test.go @@ -4,8 +4,8 @@ import ( "context" "time" - "github.com/kubewarden/kubewarden-controller/internal/certs" - "github.com/kubewarden/kubewarden-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/certs" + "github.com/kubewarden/adm-controller/internal/constants" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" diff --git a/internal/controller/clusteradmissionpolicy_controller.go b/internal/controller/clusteradmissionpolicy_controller.go index 805da5eb5..7770b46c1 100644 --- a/internal/controller/clusteradmissionpolicy_controller.go +++ b/internal/controller/clusteradmissionpolicy_controller.go @@ -31,8 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // Warning: this controller is deployed by a helm chart which has its own diff --git a/internal/controller/clusteradmissionpolicygroup_controller.go b/internal/controller/clusteradmissionpolicygroup_controller.go index ee93cd7b6..eeac0c871 100644 --- a/internal/controller/clusteradmissionpolicygroup_controller.go +++ b/internal/controller/clusteradmissionpolicygroup_controller.go @@ -31,8 +31,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // Warning: this controller is deployed by a helm chart which has its own diff --git a/internal/controller/policy_subreconciler.go b/internal/controller/policy_subreconciler.go index d06e628cd..c28cf6692 100644 --- a/internal/controller/policy_subreconciler.go +++ b/internal/controller/policy_subreconciler.go @@ -34,9 +34,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/go-logr/logr" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" - "github.com/kubewarden/kubewarden-controller/internal/metrics" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" + "github.com/kubewarden/adm-controller/internal/metrics" ) type policySubReconciler struct { diff --git a/internal/controller/policy_subreconciler_webhook.go b/internal/controller/policy_subreconciler_webhook.go index 2fb54733f..c34b74950 100644 --- a/internal/controller/policy_subreconciler_webhook.go +++ b/internal/controller/policy_subreconciler_webhook.go @@ -12,8 +12,8 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) //+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=create;delete;get;list;patch;watch diff --git a/internal/controller/policy_subreconciler_webhook_test.go b/internal/controller/policy_subreconciler_webhook_test.go index 449b86196..713c421f6 100644 --- a/internal/controller/policy_subreconciler_webhook_test.go +++ b/internal/controller/policy_subreconciler_webhook_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" ) const testDeploymentsNamespace = "kubewarden" diff --git a/internal/controller/policyserver_controller.go b/internal/controller/policyserver_controller.go index 1cd592aa9..9099f7697 100644 --- a/internal/controller/policyserver_controller.go +++ b/internal/controller/policyserver_controller.go @@ -34,8 +34,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // Warning: this controller is deployed by a helm chart which has its own diff --git a/internal/controller/policyserver_controller_cert_secret.go b/internal/controller/policyserver_controller_cert_secret.go index e0dcad440..61d4db279 100644 --- a/internal/controller/policyserver_controller_cert_secret.go +++ b/internal/controller/policyserver_controller_cert_secret.go @@ -11,9 +11,9 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/certs" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/certs" + "github.com/kubewarden/adm-controller/internal/constants" ) // Reconcile the certificate to be used by the policy server for TLS. The diff --git a/internal/controller/policyserver_controller_cert_secret_test.go b/internal/controller/policyserver_controller_cert_secret_test.go index d4cf1c970..4cd10e612 100644 --- a/internal/controller/policyserver_controller_cert_secret_test.go +++ b/internal/controller/policyserver_controller_cert_secret_test.go @@ -9,8 +9,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) var _ = Describe("PolicyServer certificate secret reconciliation", func() { diff --git a/internal/controller/policyserver_controller_configmap.go b/internal/controller/policyserver_controller_configmap.go index 200dd6d91..961b708f5 100644 --- a/internal/controller/policyserver_controller_configmap.go +++ b/internal/controller/policyserver_controller_configmap.go @@ -16,8 +16,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/reconcile" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) const dataType string = "Data" // only data type is supported diff --git a/internal/controller/policyserver_controller_deployment.go b/internal/controller/policyserver_controller_deployment.go index 946e12261..7efa8a35d 100644 --- a/internal/controller/policyserver_controller_deployment.go +++ b/internal/controller/policyserver_controller_deployment.go @@ -15,8 +15,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) const ( diff --git a/internal/controller/policyserver_controller_pdb.go b/internal/controller/policyserver_controller_pdb.go index ec09dc244..80dce7280 100644 --- a/internal/controller/policyserver_controller_pdb.go +++ b/internal/controller/policyserver_controller_pdb.go @@ -9,8 +9,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) func (r *PolicyServerReconciler) reconcilePolicyServerPodDisruptionBudget(ctx context.Context, policyServer *policiesv1.PolicyServer) error { diff --git a/internal/controller/policyserver_controller_service.go b/internal/controller/policyserver_controller_service.go index 1212aa3ce..79edd9d99 100644 --- a/internal/controller/policyserver_controller_service.go +++ b/internal/controller/policyserver_controller_service.go @@ -12,8 +12,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) // This is the port where the Policy Server service will be exposing metrics. Can be overridden diff --git a/internal/controller/policyserver_controller_test.go b/internal/controller/policyserver_controller_test.go index e76591f57..6b5963f1a 100644 --- a/internal/controller/policyserver_controller_test.go +++ b/internal/controller/policyserver_controller_test.go @@ -36,8 +36,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) var _ = Describe("PolicyServer controller", func() { diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go index 564583873..2cab4799e 100644 --- a/internal/controller/suite_test.go +++ b/internal/controller/suite_test.go @@ -35,9 +35,9 @@ import ( logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/certs" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/certs" + "github.com/kubewarden/adm-controller/internal/constants" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" //+kubebuilder:scaffold:imports ) diff --git a/internal/controller/utils_test.go b/internal/controller/utils_test.go index 55cd4b2f3..6e017c7e7 100644 --- a/internal/controller/utils_test.go +++ b/internal/controller/utils_test.go @@ -35,8 +35,8 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" - "github.com/kubewarden/kubewarden-controller/internal/constants" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" + "github.com/kubewarden/adm-controller/internal/constants" ) const ( diff --git a/internal/metrics/metrics.go b/internal/metrics/metrics.go index de7a98c58..a9041276d 100644 --- a/internal/metrics/metrics.go +++ b/internal/metrics/metrics.go @@ -11,7 +11,7 @@ import ( "go.opentelemetry.io/otel/metric" metricSDK "go.opentelemetry.io/otel/sdk/metric" - policiesv1 "github.com/kubewarden/kubewarden-controller/api/policies/v1" + policiesv1 "github.com/kubewarden/adm-controller/api/policies/v1" ) const ( diff --git a/scripts/charts-generate-changelog-files.sh b/scripts/charts-generate-changelog-files.sh index c44ec0185..0f9f632ef 100755 --- a/scripts/charts-generate-changelog-files.sh +++ b/scripts/charts-generate-changelog-files.sh @@ -5,8 +5,8 @@ CHART_DIR=$1 IMAGELIST_FILENAME=$2 TMP_CHANGELOG_FILE_PATH=/tmp/changelog.md -CONTROLLER_VERSION=$(grep "kubewarden-controller" <"$IMAGELIST_FILENAME" | sed "s/.*kubewarden-controller:\(\)/\1/g") -CONTROLLER_URL=$(gh release view "$CONTROLLER_VERSION" --repo kubewarden/kubewarden-controller --json "url" | jq -r ".url") +CONTROLLER_VERSION=$(grep "kubewarden/controller" <"$IMAGELIST_FILENAME" | sed "s/.*controller:\(\)/\1/g") +CONTROLLER_URL=$(gh release view "$CONTROLLER_VERSION" --repo kubewarden/adm-controller --json "url" | jq -r ".url") { echo "Kubewarden Admission Controller [changelog]($CONTROLLER_URL)" } >>$TMP_CHANGELOG_FILE_PATH diff --git a/scripts/test-sigstore-e2e.sh b/scripts/test-sigstore-e2e.sh index 597e459fa..b0077db42 100755 --- a/scripts/test-sigstore-e2e.sh +++ b/scripts/test-sigstore-e2e.sh @@ -12,7 +12,7 @@ # and exercise the webhook to confirm allow/deny behaviour. # # Based on: https://github.com/sigstore/scaffolding/blob/main/getting-started.md -# Related: https://github.com/kubewarden/kubewarden-controller/pull/1485 +# Related: https://github.com/kubewarden/adm-controller/pull/1485 # # Usage: # ./test-sigstore-e2e.sh [OPTIONS] @@ -29,7 +29,7 @@ # configuration. Skips policy deployment and webhook evaluation. # --policy-server-image Full image reference (repository:tag) for the policy-server. # Overrides the default image in charts/kubewarden-defaults. -# Example: --policy-server-image ghcr.io/kubewarden/policy-server:dev +# Example: --policy-server-image ghcr.io/kubewarden/adm-controller/policy-server:dev # # Tools required (per stage): # All stages: kubectl, jq @@ -403,13 +403,13 @@ function install_kubewarden() { -n "$KUBEWARDEN_NAMESPACE" \ --wait - echo -e "${GREEN} Installing kubewarden-controller...${NC}" + echo -e "${GREEN} Installing adm-controller...${NC}" helm upgrade --install kubewarden-controller ./charts/kubewarden-controller \ -n "$KUBEWARDEN_NAMESPACE" \ --set replicas=1 \ --wait - echo -e "${GREEN} Waiting for kubewarden-controller rollout...${NC}" + echo -e "${GREEN} Waiting for adm-controller rollout...${NC}" kubectl rollout status deployment/kubewarden-controller \ -n "$KUBEWARDEN_NAMESPACE" --timeout=3m } diff --git a/scripts/validate-hauler-manifest.sh b/scripts/validate-hauler-manifest.sh index 48fe4db88..c5ab92957 100755 --- a/scripts/validate-hauler-manifest.sh +++ b/scripts/validate-hauler-manifest.sh @@ -8,7 +8,7 @@ # # The script runs automatically in CI when the `ci-full` label is added to a # PR, on pushes to the main branch, and on manual workflow triggers. It -# validates all container images (kubewarden-controller, audit-scanner, +# validates all container images (controller, audit-scanner, # policy-server, kuberlr-kubectl, policy modules and third-party images: # policy-reporter, policy-reporter-ui ) and Helm charts (kubewarden-crds, # kubewarden-controller, kubewarden-defaults, policy-reporter, openreports). @@ -75,10 +75,10 @@ echo "📦 Validating Container Images..." echo "==================================" echo -# Validate kubewarden-controller image +# Validate controller image CONTROLLER_CHART_VERSION=$(yq eval '.image.tag' "$CONTROLLER_VALUES") -CONTROLLER_HAULER_VERSION=$(get_hauler_image_version "kubewarden-controller") -compare_version "kubewarden-controller" "$CONTROLLER_CHART_VERSION" "$CONTROLLER_HAULER_VERSION" "$CONTROLLER_VALUES" +CONTROLLER_HAULER_VERSION=$(get_hauler_image_version "controller") +compare_version "controller" "$CONTROLLER_CHART_VERSION" "$CONTROLLER_HAULER_VERSION" "$CONTROLLER_VALUES" # Validate audit-scanner image AUDIT_SCANNER_CHART_VERSION=$(yq eval '.auditScanner.image.tag' "$CONTROLLER_VALUES") diff --git a/updatecli/DEVELOPING.md b/updatecli/DEVELOPING.md index 326129e97..4b5173cc2 100644 --- a/updatecli/DEVELOPING.md +++ b/updatecli/DEVELOPING.md @@ -19,7 +19,7 @@ This structure ensures a single source of truth for artifact definitions while a Change `updatecli/values/scms.yaml` as needed to target forks. ```console -$ cd kubewarden-controller/ +$ cd adm-controller/ $ export UPDATECLI_GITHUB_TOKEN= $ export UPDATECLI_GITHUB_OWNER=kubewarden $ updatecli compose apply --file updatecli/open-release-pr.yaml @@ -36,7 +36,7 @@ Pipeline(s) run: * Total: 1 One action to follow up: - * https://github.com/kubewarden/kubewarden-controller/pull/XXX + * https://github.com/kubewarden/adm-controller/pull/XXX ``` ## Dependency Updates diff --git a/updatecli/updatecli.d/go.yaml b/updatecli/updatecli.d/go.yaml index 077990df9..e00b7e591 100644 --- a/updatecli/updatecli.d/go.yaml +++ b/updatecli/updatecli.d/go.yaml @@ -34,7 +34,7 @@ actions: mergemethod: squash description: | Automatic Golang version {{ source "go" }} update. - This PR has been created by the automation used to automatically update the Golang version in the kubewarden-controller project + This PR has been created by the automation used to automatically update the Golang version in the adm-controller project REMEMBER IF YOU WANT TO MERGE IN A SINGLE COMMIT CHANGES AND VERSION BUMP, YOU MUST SQUASH THE COMMIT BEFORE MERGING THIS PR! draft: false labels: @@ -48,12 +48,12 @@ scms: user: "{{ .github.author }}" email: "{{ .github.email }}" owner: "{{ requiredEnv .github.owner }}" - repository: "kubewarden-controller" + repository: "adm-controller" branch: "{{ .github.branch }}" commitusingapi: true commitmessage: type: "chore" scope: deps title: "update Golang version" - footers: "Signed-off-by: kubewarden-controller bot " + footers: "Signed-off-by: adm-controller bot " hidecredit: true diff --git a/updatecli/updatecli.d/update-chart-deps.yaml b/updatecli/updatecli.d/update-chart-deps.yaml index bb571fe04..3f84bedd6 100644 --- a/updatecli/updatecli.d/update-chart-deps.yaml +++ b/updatecli/updatecli.d/update-chart-deps.yaml @@ -84,11 +84,11 @@ scms: user: "{{ .github.author }}" email: "{{ .github.email }}" owner: "{{ requiredEnv .github.owner }}" - repository: "kubewarden-controller" + repository: "adm-controller" branch: "{{ .github.branch }}" commitmessage: type: "chore" scope: deps title: "Update Helm charts dependencies" hidecredit: true - footers: "Signed-off-by: kubewarden-controller bot " + footers: "Signed-off-by: adm-controller bot " diff --git a/updatecli/updatecli.d/update-hauler-manifest.yaml b/updatecli/updatecli.d/update-hauler-manifest.yaml index 9234373d1..c3a4c2260 100644 --- a/updatecli/updatecli.d/update-hauler-manifest.yaml +++ b/updatecli/updatecli.d/update-hauler-manifest.yaml @@ -11,13 +11,13 @@ scms: user: "{{ .github.author }}" email: "{{ .github.email }}" owner: "{{ requiredEnv .github.owner }}" - repository: "kubewarden-controller" + repository: "adm-controller" branch: "{{ .github.branch }}" commitmessage: type: "chore" scope: deps title: "Update dependencies in Hauler manifest" - footers: "Signed-off-by: kubewarden-controller bot " + footers: "Signed-off-by: adm-controller bot " hidecredit: true sources: diff --git a/updatecli/updatecli.d/update-rust-toolchain.yaml b/updatecli/updatecli.d/update-rust-toolchain.yaml index bf96b4877..6e07b2c6f 100644 --- a/updatecli/updatecli.d/update-rust-toolchain.yaml +++ b/updatecli/updatecli.d/update-rust-toolchain.yaml @@ -11,14 +11,14 @@ scms: user: "{{ .github.author }}" email: "{{ .github.email }}" owner: "{{ requiredEnv .github.owner }}" - repository: "kubewarden-controller" + repository: "adm-controller" branch: "{{ .github.branch }}" commitusingapi: true commitmessage: type: "chore" scope: deps title: "update Rust toolchain version" - footers: "Signed-off-by: kubewarden-controller bot " + footers: "Signed-off-by: adm-controller bot " hidecredit: true sources: diff --git a/updatecli/updatecli.release.d/open-release-pr.yaml b/updatecli/updatecli.release.d/open-release-pr.yaml index a94167206..1a0175a13 100644 --- a/updatecli/updatecli.release.d/open-release-pr.yaml +++ b/updatecli/updatecli.release.d/open-release-pr.yaml @@ -1,11 +1,11 @@ -name: Update kubewarden-controller chart versions +name: Update adm-controller chart versions pipelineid: "{{ .pipelineid }}" # This updatecli pipeline receives as input a RELEASE_VERSION env var with the # desired Kubewarden admission controller stack version. # # Then bumps all charts and Cargo.* files following that version and opens a PR against -# the kubewarden-controller repo. +# the adm-controller repo. sources: desiredReleaseVersion: @@ -251,16 +251,16 @@ scms: user: "{{ .github.author }}" email: "{{ .github.email }}" owner: "{{ requiredEnv .github.owner }}" - repository: "kubewarden-controller" + repository: "adm-controller" branch: "{{ .github.branch }}" token: "{{ requiredEnv .github.token }}" commitusingapi: true commitmessage: squash: true type: "chore" - title: "update kubewarden-controller Helm charts" + title: "update adm-controller Helm charts" hidecredit: true - footers: "Signed-off-by: kubewarden-controller bot " + footers: "Signed-off-by: adm-controller bot " # {{ if not .pr.haulerUpdatePr }} actions: diff --git a/updatecli/values.yaml b/updatecli/values.yaml index fdc075ab9..12d9a8e5d 100644 --- a/updatecli/values.yaml +++ b/updatecli/values.yaml @@ -1,10 +1,10 @@ github: token: "UPDATECLI_GITHUB_TOKEN" branch: "main" # change in pipeline call to `updatecli_main_release_pr` - author: "kubewarden-controller bot" - email: "kubewarden-controller-bot@users.noreply.github.com" + author: "adm-controller bot" + email: "adm-controller-bot@users.noreply.github.com" owner: "UPDATECLI_GITHUB_OWNER" - repo: "kubewarden-controller" + repo: "adm-controller" pipelineid: release_pr # PR branch will be named: updatecli_main_release_pr diff --git a/updatecli/values/artifacts.yaml b/updatecli/values/artifacts.yaml index 09ca51f1e..acb291a96 100644 --- a/updatecli/values/artifacts.yaml +++ b/updatecli/values/artifacts.yaml @@ -13,18 +13,18 @@ ociArtifacts: # image defined in the release process - file: "charts/kubewarden-controller/values.yaml" key: "$.image.tag" - image: "ghcr.io/kubewarden/kubewarden-controller" - workflowUrl: "https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags" + image: "ghcr.io/kubewarden/adm-controller/controller" + workflowUrl: "https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags" skipVersionFromRegistry: true - file: "charts/kubewarden-controller/values.yaml" key: "$.auditScanner.image.tag" - image: "ghcr.io/kubewarden/audit-scanner" - workflowUrl: "https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags" + image: "ghcr.io/kubewarden/adm-controller/audit-scanner" + workflowUrl: "https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags" skipVersionFromRegistry: true - file: "charts/kubewarden-defaults/values.yaml" key: "$.policyServer.image.tag" - image: "ghcr.io/kubewarden/policy-server" - workflowUrl: "https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags" + image: "ghcr.io/kubewarden/adm-controller/policy-server" + workflowUrl: "https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags" skipVersionFromRegistry: true # Policies - image: ghcr.io/kubewarden/policies/allow-privilege-escalation-psp @@ -75,15 +75,15 @@ kubewardenContainerImage: - name: "controller" file: "charts/kubewarden-controller/values.yaml" key: "$.image.tag" - image: "ghcr.io/kubewarden/kubewarden-controller" - workflowUrl: "https://github.com/kubewarden/kubewarden-controller/.github/workflows/release.yml@refs/tags" + image: "ghcr.io/kubewarden/adm-controller/controller" + workflowUrl: "https://github.com/kubewarden/adm-controller/.github/workflows/release.yml@refs/tags" - name: "auditScanner" file: "charts/kubewarden-controller/values.yaml" key: "$.auditScanner.image.tag" - image: "ghcr.io/kubewarden/audit-scanner" + image: "ghcr.io/kubewarden/adm-controller/audit-scanner" workflowUrl: "https://github.com/kubewarden/audit-scanner/.github/workflows/release.yml@refs/tags" - name: "policyServer" file: "charts/kubewarden-defaults/values.yaml" key: "$.policyServer.image.tag" - image: "ghcr.io/kubewarden/policy-server" + image: "ghcr.io/kubewarden/adm-controller/policy-server" workflowUrl: "https://github.com/kubewarden/policy-server/.github/workflows/release.yml@refs/tags" diff --git a/updatecli/values/scms.yaml b/updatecli/values/scms.yaml index 74704b2e4..b84c4d83f 100644 --- a/updatecli/values/scms.yaml +++ b/updatecli/values/scms.yaml @@ -5,4 +5,4 @@ github: email: "cncf-kubewarden-maintainers@lists.cncf.io" user: "UPDATECLI_GITHUB_OWNER" token: "UPDATECLI_GITHUB_TOKEN" - repo: "kubewarden-controller" + repo: "adm-controller"