Comments (19)
Hi @bitva77 , since you're commenting on a (closed) PR which is not super related, would you open this instead on the main Kyverno repo, please?
from website.
@bitva77 - you can limit policy rules to match a kind (see: https://kyverno.io/docs/writing-policies/match-exclude/) and the CLI should skip other types. If this does not work, please log an issue here: https://github.com/kyverno/kyverno/issues or reach out on the slack channel.
from website.
Hi @yuriydzobak, cilium.io/v2
is the apiVersion, not the kind. Kyverno currently takes Kind
only in kinds
, here's the working PR that extends kinds
to match by Group
and Version
.
from website.
Sure I can send the update!
from website.
We can probably go ahead and publish this since 1.3.0 was released. Are we claiming 1.3.0 supports K8s 1.14-1.20 at this time? Should we start the matrix with 1.3.0 and list only it? Going forward, it might be good to specify this compatibility on the releases, which we can then pick up and copy into the docs.
from website.
@realshuting can you comment, please?
from website.
There may be a problem for supporting 1.20, see this issue.
We can claim 1.3.0 supports K8s 1.14-1.19.
from website.
If that's the case, then max version would be 1.18 since the Ingress containing API graduated to stable in 1.19 (not 1.20). Do we want to make that claim if the only blocker is the CLI when testing policy? And this isn't fixed in 1.3.0?
from website.
Kyverno 1.3.0 uses K8s 1.18 client library, and networking.k8s.io/v1beta1
was dropped in 1.19, so it causes errors with CLI. To fix it in CLI, we need to upgrade the client version.
While for Kyverno controller, this shouldn't matter as Kyverno always fetches the Kind
with the preferred API version.
from website.
Can we claim support through 1.20 with an exception for this known issue in the CLI? Is that reasonable?
from website.
Sounds good to me, @JimBugwadia do you see any other exceptions?
from website.
Yes, that seems fine to me as well!
from website.
end user here.
Is there anyway to add an "ignore-api-version-errors" options or something to the CLI? Or a way to dynamically include/override other API versions?
Our Ingresses are set at networking.k8s.io/v1
and our manifests are in one file. So even if we're trying to just validate a kinds: Deployment
, the whole thing fails because the CLI seems to validate every kind
anyways.
This won't be the last time this issue comes up, I imagine.
from website.
Kyverno v1.3.0 does not support K8s 1.15 and all previous versions, as all CRDs are defined with apiextensions.k8s.io/v1
, which was introduced in K8s 1.16.
Kyverno v1.2.1 supports K8s 1.14 and 1.15.
from website.
Ok so min version for 1.3.0 is 1.16, correct?
from website.
Yes correct.
from website.
Hi
What's about CIlium?
Error: failed to load resources
Cause: no kind "CiliumNetworkPolicy" is registered for version "cilium.io/v2" in scheme "pkg/runtime/scheme.go:100"
I tried to skip but no luck =(
exclude:
resources:
kinds:
- CiliumNetworkPolicy
- cilium.io/v2
from website.
Kyverno v1.3.0 does not support K8s 1.15 and all previous versions, as all CRDs are defined with
apiextensions.k8s.io/v1
, which was introduced in K8s 1.16.Kyverno v1.2.1 supports K8s 1.14 and 1.15.
@chipzoller - are you sending the update? Otherwise I can pick this up.
from website.
Sorry, I dropped the ball on this one due to work overload. If you can pick it up, that's great.
from website.
Related Issues (20)
- [Enhancement] Add docs related to match conditions
- [Enhancement] Add docs for VerifyImage TTL cache HOT 2
- [Enhancement] Add docs for validating admission policies HOT 1
- [Bug] Kyverno is not list on the EKS ISV add-on HOT 1
- [Bug] ca certificate issue HOT 1
- [Enhancement] Add Policy Annotations description to documentation HOT 5
- [Enhancement] Add a word about the impossibility to mutate certain fields HOT 1
- [Enhancement] Add match for whole API group
- [Bug] Drop NET_RAW capability instead of CAP_NET_RAW HOT 2
- [Bug] incorrect documentation for add and replace operations of RFC 6902 JSONPatch
- [Bug] Typo on JMESPath page (missing 'it') HOT 2
- [Enhancement] PolicyException moves to beta HOT 1
- [Enhancement] Add docs for CRDs subchart HOT 1
- [Enhancement] Add new CLI commands documentation HOT 2
- [Enhancement] Add documentation for enabling flexible registry credential configurations
- [Enhancement] Add docs for wildcard support in subjects statements
- [Enhancement] add doc for allow overriding ca and tls secret names
- [Enhancement] update doc for policy report aggregation HOT 1
- [Enhancement] Add IsExternalURL doc HOT 1
- [Enhancement] Add docs for conditions support in `PolicyException` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from website.