shuting

icon company @nirmata icon location San Jose, CA

Results 645 comments of shuting

Support existence anchor in the mutate policy (including for lists)

@wkbentley - thanks for reporting it. However, this is not a bug in Kyverno. `envFrom` follows default `patchStrategy=replace` ([type description](https://github.com/kubernetes/api/blob/fd88418e43d2da5bce86eeeae341d6477c63e07a/core/v1/types.go#L2252-L2259)), so this field will be replaced rather than merged. I...

Support existence anchor in the mutate policy (including for lists)

I didn't see there's the `patchStrategy` set for `envFrom`, can you point me to it? ``` EnvFrom []EnvFromSource `json:"envFrom,omitempty" protobuf:"bytes,19,rep,name=envFrom"` ``` You can of course add to `envFrom` with path...

Support existence anchor in the mutate policy (including for lists)

@wkbentley To iterate over all containers, you can define the following rule, it will add `envFrom` (or replace if already present) to all containers. ```yaml mutate: patchStrategicMerge: spec: template: spec:...

Support existence anchor in the mutate policy (including for lists)

Currently there seems to be no way to change the default patchStrategy. I'm proposing to use the [existence anchor](https://github.com/kyverno/kyverno/issues/1637#issuecomment-796984360) to ensure each element in the list of a mutate rule...

[Enhancement] [CLI] Warn/fail testing if ClusterPolicy contains `metadata.namespace` field

@inosmeet - this is for a ClusterPolicy, so it should not specify the namespace in the `policy` key. The issue persists in 1.13.1, we need a fix for better UX....

[Enhancement] [CLI] Warn/fail testing if ClusterPolicy contains `metadata.namespace` field

As Chip suggested [above](https://github.com/kyverno/kyverno/issues/10319#issuecomment-2135096831), we can add a validation check and throw the error for such a scenario. So I expect an error with a clear message in the final...

chore: remove yaml markers from the API

What's the next step for this?

[Bug] Why did kyverno delete ipv6 address from status Addresses in node

I'm able to reproduce it with 1.12, [playground](https://playground.kyverno.io/next/#/?content=N4IgDg9gNglgxgTxALhAQzDAagUwE4DOMEAdsgAQDWCAbviRAHTED0NAjADomUwkAmFAMJQArgQAu%2BAArR4CbgFscEtPzSrk3cuRJplFCHUJooOALSLRqqebhhR3AmBxwtJHTVMx1E4iQAxNBgxPBwAQTg/UgoAURIAMwg8OBxtcgAjNDhKAHM8CFEBCgTTAjSPcjxRMwJ3HXNyRQ04AAt6nU60EgQOzvJGsIJClJw69P7%2B3gFxysnOxoA5CH4K/r0DciN8AlMLKxsLe0c58jhSKQAPCT6B3X0cQ2NdswB5PBhcviEHCc6vD5oDJmW79ABWygI0g07SqOAAjqIxhJGBAMmDXCjlKpfGhGN0GDZ/ARGJwQNsTGYWMlPnw7L8QH9%2BqtSjUbuQANoAXT%2BjQ2jy2zz2ACUNMQmeQATAgSCJToIWNoRJYWFEcjUejMYxsWoNHiCRAiaQSWSKS8cCxjuY8GKIGS5eQWWg2RRubz7pszXsfqIAKokGASCVSmWPB0KqEwiiqpGSDUYqLalS61T4kiE20kE3koVUq1FQP207MnCsqDs%2B2M05gMLnASB4mg8imKBNxqUHC9chk4DAchmEi5ZUACi9bw%2BXxIPoAlOQAL5zovzHQQFw2iTJCgAcTCGnwABVWt0HV4xAKAAwS9udig9vsDoetUe5nCi6KzhdL5er/AaTfkHccD3PBD2PYt/lMJEKEvU4Dj3W9wLAFpWgAZQkdccC%2BOAAFl8FyMNwJ0SQNHEJt%2BhbCA4D1YECOXSZjlvEBew3AB9SQPkHYdyASKAIGSYcrHLGAwCgBAuIAA17MccHeWkpwcBdxIAGkk4BpLfYhFNnadpwXKSXx9f1A0/EAQCUkAhhGVIUHQTBcEIfwKA4bhpkEchllWJRk1xDoDSNLNbmky0HGtW1GIAFi/FcX2pCc6QY7sQAAZgAJi/KAgRwKBZn6DJk0YShRDyvASBUMZmAgFg0BSWF9H4AA2SLTjy1NCuK0qpBJVgIDqfs%2BFES4/lcXjRH4Sg0AScaKGGwoxom8a/ja%2Bgyq6yrqraCg6saxaiuWzqKpYVoeokfkKAAd2SSgdvalaDp6ihYBIAb0lO8gUvPFKkvMI7JHMc96qcFw3HSSB%2BCEABJAARYVGIAKi/UGIehnK7jJeGqwaRL0acGxSPSNR%2BCGcoUcaAmiYoFLwvPABOZB4dOCQEBcChwZIKQStMcHpHSUn%2BEJsZevYc9GHp/pGeZ8hWfZvQoC5nnmz58nyAuvAroZpmBQACWO/l8agXiqNUGjbgSsl2BSgAOKLyBwMBWhwZQbSgcxJGSNB8IigB2cKAFZ6vq892Gpn32ABjHOlaUR8KQ/CCHMdgtxgRjL3DnRI%2Bj92xnMFLsKTxKU7%2BZRFGSLt2CSmmLc9%2BrzYAaRgP5Qd6s2ha/KikLgQNej%2BU3krS1Obbth3f2d12bQ98gQ/C6mks988LYtuu/nT23M7jhO87JAvTmXmOs5zjeQC3/oi5Ligy6F6nz0DlLF%2BrFYm5AdgW9M8zoH4YUxisnAbLMkA4HEDcigP7DFEKMSGpY%2BANmND/cycAxCSHwMAr%2BBAbIYGwDsRykouA8D4G5FCrgwhBhIDqHyL0HjRkwnAMI/AyGQnbgKJ0bJuDiwFK8JCapuCkMqEhAgBAVZuWwgAdQAJoIAAFqQwCFAbCihfQpUWClYUihf44EuKkMA0Qsw/znEAA==).

[Bug] Why did kyverno delete ipv6 address from status Addresses in node

> > 我能够使用 1.12 版的[Playground](https://playground.kyverno.io/next/#/?content=N4IgDg9gNglgxgTxALhAQzDAagUwE4DOMEAdsgAQDWCAbviRAHTED0NAjADomUwkAmFAMJQArgQAu%2BAArR4CbgFscEtPzSrk3cuRJplFCHUJooOALSLRqqebhhR3AmBxwtJHTVMx1E4iQAxNBgxPBwAQTg/UgoAURIAMwg8OBxtcgAjNDhKAHM8CFEBCgTTAjSPcjxRMwJ3HXNyRQ04AAt6nU60EgQOzvJGsIJClJw69P7%2B3gFxysnOxoA5CH4K/r0DciN8AlMLKxsLe0c58jhSKQAPCT6B3X0cQ2NdswB5PBhcviEHCc6vD5oDJmW79ABWygI0g07SqOAAjqIxhJGBAMmDXCjlKpfGhGN0GDZ/ARGJwQNsTGYWMlPnw7L8QH9%2BqtSjUbuQANoAXT%2BjQ2jy2zz2ACUNMQmeQATAgSCJToIWNoRJYWFEcjUejMYxsWoNHiCRAiaQSWSKS8cCxjuY8GKIGS5eQWWg2RRubz7pszXsfqIAKokGASCVSmWPB0KqEwiiqpGSDUYqLalS61T4kiE20kE3koVUq1FQP207MnCsqDs%2B2M05gMLnASB4mg8imKBNxqUHC9chk4DAchmEi5ZUACi9bw%2BXxIPoAlOQAL5zovzHQQFw2iTJCgAcTCGnwABVWt0HV4xAKAAwS9udig9vsDoetUe5nCi6KzhdL5er/AaTfkHccD3PBD2PYt/lMJEKEvU4Dj3W9wLAFpWgAZQkdccC%2BOAAFl8FyMNwJ0SQNHEJt%2BhbCA4D1YECOXSZjlvEBew3AB9SQPkHYdyASKAIGSYcrHLGAwCgBAuIAA17MccHeWkpwcBdxIAGkk4BpLfYhFNnadpwXKSXx9f1A0/EAQCUkAhhGVIUHQTBcEIfwKA4bhpkEchllWJRk1xDoDSNLNbmky0HGtW1GIAFi/FcX2pCc6QY7sQAAZgAJi/KAgRwKBZn6DJk0YShRDyvASBUMZmAgFg0BSWF9H4AA2SLTjy1NCuK0qpBJVgIDqfs%2BFES4/lcXjRH4Sg0AScaKGGwoxom8a/ja%2Bgyq6yrqraCg6saxaiuWzqKpYVoeokfkKAAd2SSgdvalaDp6ihYBIAb0lO8gUvPFKkvMI7JHMc96qcFw3HSSB%2BCEABJAARYVGIAKi/UGIehnK7jJeGqwaRL0acGxSPSNR%2BCGcoUcaAmiYoFLwvPABOZB4dOCQEBcChwZIKQStMcHpHSUn%2BEJsZevYc9GHp/pGeZ8hWfZvQoC5nnmz58nyAuvAroZpmBQACWO/l8agXiqNUGjbgSsl2BSgAOKLyBwMBWhwZQbSgcxJGSNB8IigB2cKAFZ6vq892Gpn32ABjHOlaUR8KQ/CCHMdgtxgRjL3DnRI%2Bj92xnMFLsKTxKU7%2BZRFGSLt2CSmmLc9%2BrzYAaRgP5Qd6s2ha/KikLgQNej%2BU3krS1Obbth3f2d12bQ98gQ/C6mks988LYtuu/nT23M7jhO87JAvTmXmOs5zjeQC3/oi5Ligy6F6nz0DlLF%2BrFYm5AdgW9M8zoH4YUxisnAbLMkA4HEDcigP7DFEKMSGpY%2BANmND/cycAxCSHwMAr%2BBAbIYGwDsRykouA8D4G5FCrgwhBhIDqHyL0HjRkwnAMI/AyGQnbgKJ0bJuDiwFK8JCapuCkMqEhAgBAVZuWwgAdQAJoIAAFqQwCFAbCihfQpUWClYUihf44EuKkMA0Qsw/znEAA==)重现它。 > > You mean the latest version has the same problem? Yes.

[kyverno helm chart] make webhook pod annotations configurable

Codegen needs to be updated, https://github.com/kyverno/kyverno/actions/runs/8206520996/job/22445841341?pr=9875.