mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity
kyverno/pkg/webhooks/generate/generate.go

212 lines
6.2 KiB
Go
Raw Normal View History

538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
package generate
import (
Add Policy Report (#1229) * add report in cli * policy report crd added * policy report added * configmap added * added jobs * added jobs * bug fixed * added logic for cli * common function added * sub command added for policy report * subcommand added for report * common package changed * configmap added * added logic for kyverno cli * added logic for jobs * added logic for jobs * added logic for jobs * added logic for cli * buf fix * cli changes * count bug fix * docs added for command * go fmt * refactor codebase * remove policy controller for policyreport * policy report removed * bug fixes * bug fixes * added job trigger if needed * job deletation logic added * build failed fix * fixed e2e test * remove hard coded variables * packages adde * improvment added in jobs sheduler * policy report yaml added * cronjob added * small fixes * remove background sync * documentation added for report command * remove extra log * small improvement * tested policy report * revert hardcoded changes * changes for demo * demo changes * resource aggrigation added * More changes * More changes * - resolve PR comments; - refactor jobs controller * set rbac for jobs * add clean up in job controller * add short names * remove application scope for policyreport * move job controller to policyreport * add report logic in command apply * - update policy report types; - upgrade k8s library; - update code gen * temporarily comment out code to pass CI build * generate / update policyreport to cluster * add unit test for CLI report * add test for apply - generate policy report * fix unit test * - remove job controller; - remove in-memory configmap; - clean up kustomize manifest * remove dependency * add reportRequest / clusterReportRequest * clean up policy report * generate report request * update crd clusterReportRequest * - update json tag of report summary; - update definition manifests; - fix dclient creation * aggregate reportRequest into policy report * fix unit tests * - update report summary to optional; - generate clusterPolicyReport; - remove reportRequests after merged to report * remove * generate reportRequest in kyverno namespace * update resource filter in helm chart * - rename reportRequest to reportChangeRequest; -rename clusterReportRequest to clusterReportChangeRequest * generate policy report in background scan * skip generating report change request if there's entry results * fix results entry removal when policy / rule gets deleted * rename apiversion from policy.kubernetes.io to policy.k8s.io * update summary.* to lower case * move reportChangeRequest to kyverno.io/v1alpha1 * remove policy report flag * fix report update * clean up policy violation CRD * remove violation CRD from manifest * clean up policy violation code - remove pvGenerator * change severity fields to lower case * update import library * set report category Co-authored-by: Yuvraj <yuvraj.yad001@gmail.com> Co-authored-by: Yuvraj <10830562+evalsocket@users.noreply.github.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-11-09 11:26:12 -08:00
"context"
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
"fmt"
"time"
backoff "github.com/cenkalti/backoff"
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
"github.com/gardener/controller-manager-library/pkg/logger"
logs & access
2020-03-17 11:05:20 -07:00
"github.com/go-logr/logr"
update nirmata/kyverno to kyverno/kyverno
2020-10-07 11:12:31 -07:00
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
update nirmata/kyverno to kyverno/kyverno
2020-10-07 11:12:31 -07:00
"github.com/kyverno/kyverno/pkg/config"
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
"k8s.io/api/admission/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
"k8s.io/apimachinery/pkg/labels"
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait"
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
"k8s.io/client-go/tools/cache"
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
)
fixes for golint ./...
2020-11-17 13:07:30 -08:00
// GenerateRequests provides interface to manage generate requests
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
type GenerateRequests interface {
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
Apply(gr kyverno.GenerateRequestSpec, action v1beta1.Operation) error
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
}
fixes for golint ./...
2020-11-17 13:07:30 -08:00
// GeneratorChannel ...
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
type GeneratorChannel struct {
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
spec kyverno.GenerateRequestSpec
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
action v1beta1.Operation
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
fix generate clone/data check
2020-12-14 02:43:16 -08:00
// Generator defines the implementation to mange generate request resource
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
type Generator struct {
linter suggestions (#655) * cleanup phase 1 * linter fixes phase 2
2020-01-24 12:05:53 -08:00
// channel to receive request
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
ch chan GeneratorChannel
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
client *kyvernoclient.Clientset
stopCh <-chan struct{}
logs & access
2020-03-17 11:05:20 -07:00
log logr.Logger
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
// grLister can list/get generate request from the shared informer's store
grLister kyvernolister.GenerateRequestNamespaceLister
grSynced cache.InformerSynced
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
fixes for golint ./...
2020-11-17 13:07:30 -08:00
// NewGenerator returns a new instance of Generate-Request resource generator
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
func NewGenerator(client *kyvernoclient.Clientset, grInformer kyvernoinformer.GenerateRequestInformer, stopCh <-chan struct{}, log logr.Logger) *Generator {
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
gen := &Generator{
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
ch: make(chan GeneratorChannel, 1000),
client: client,
stopCh: stopCh,
log: log,
grLister: grInformer.Lister().GenerateRequests(config.KyvernoNamespace),
grSynced: grInformer.Informer().HasSynced,
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
return gen
}
fix generate clone/data check
2020-12-14 02:43:16 -08:00
// Apply creates generate request resource (blocking call if channel is full)
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
func (g *Generator) Apply(gr kyverno.GenerateRequestSpec, action v1beta1.Operation) error {
logs & access
2020-03-17 11:05:20 -07:00
logger := g.log
logger.V(4).Info("creating Generate Request", "request", gr)
fix generate clone/data check
2020-12-14 02:43:16 -08:00
1319 fix throttling (#1341) * fix policy status and generate controller issues * shorten ACTION column name * update logs Co-authored-by: Shuting Zhao <shutting06@gmail.com>
2020-11-30 11:22:20 -08:00
// Update to channel
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
message := GeneratorChannel{
action: action,
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
spec: gr,
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
}
fix generate clone/data check
2020-12-14 02:43:16 -08:00
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
select {
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
case g.ch <- message:
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
return nil
case <-g.stopCh:
logs & access
2020-03-17 11:05:20 -07:00
logger.Info("shutting down channel")
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
return fmt.Errorf("shutting down gr create channel")
}
}
// Run starts the generate request spec
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
func (g *Generator) Run(workers int, stopCh <-chan struct{}) {
logs & access
2020-03-17 11:05:20 -07:00
logger := g.log
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
defer utilruntime.HandleCrash()
fix generate clone/data check
2020-12-14 02:43:16 -08:00
logs & access
2020-03-17 11:05:20 -07:00
logger.V(4).Info("starting")
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
defer func() {
logs & access
2020-03-17 11:05:20 -07:00
logger.V(4).Info("shutting down")
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}()
fix generate clone/data check
2020-12-14 02:43:16 -08:00
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
if !cache.WaitForCacheSync(stopCh, g.grSynced) {
logger.Info("failed to sync informer cache")
return
}
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
for i := 0; i < workers; i++ {
Fixes 1410 strategic merge patch (#1414) * fixes #1410 * fix unit test * re-initialize worker immediately on failure
2020-12-23 17:48:00 -08:00
go wait.Until(g.processApply, time.Second, g.stopCh)
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
fix generate clone/data check
2020-12-14 02:43:16 -08:00
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
<-g.stopCh
}
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
func (g *Generator) processApply() {
logs & access
2020-03-17 11:05:20 -07:00
logger := g.log
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
for r := range g.ch {
correct misspelled words
2020-11-17 12:01:01 -08:00
logger.V(4).Info("received generate request", "request", r)
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
if err := g.generate(r.spec, r.action); err != nil {
logs & access
2020-03-17 11:05:20 -07:00
logger.Error(err, "failed to generate request CR")
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
}
}
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
func (g *Generator) generate(grSpec kyverno.GenerateRequestSpec, action v1beta1.Operation) error {
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
// create/update a generate request
Reconcile Generate request on policy update (#1096) * policy report crd added * added namespaced rule * remove extra field from crd * revert crd change * remove policy report chnages * remove policy report chnages * remove policy report chnages * remove policy report chnages * added logic for gr * revert changes * fixed generate rules * fixed generate rules * fixed generate rules * fixed generate rules * remove extra logs * remove extra logs * fixed e2e test * remove extra logs * crd issue resolved * added check for sync * add labels update * add label update * added permission to role * roles added to helm * roles added to helm
2020-09-04 03:04:23 +05:30
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
if err := retryApplyResource(g.client, grSpec, g.log, action, g.grLister); err != nil {
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
return err
}
return nil
}
linter suggestions (#655) * cleanup phase 1 * linter fixes phase 2
2020-01-24 12:05:53 -08:00
// -> receiving channel to take requests to create request
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
// use worker pattern to read and create the CR resource
merge main
2020-12-14 16:08:01 -08:00
func retryApplyResource(client *kyvernoclient.Clientset, grSpec kyverno.GenerateRequestSpec,
log logr.Logger, action v1beta1.Operation, grLister kyvernolister.GenerateRequestNamespaceLister) error {
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
var i int
var err error
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
applyResource := func() error {
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
gr := kyverno.GenerateRequest{
removing hardcoded namespace from the code (#955) * removing hardcoded namespace from the code * Added to helm chart * removing hard-coded namespace and deployment name from config, generate, checker * added namespace to configMap, service, serviceAccount * updated installation documentation passing `KYVERNO_NAMESPACE` while running in debug mode. * Update installation.md removing `kyverno` only namespace note
2020-07-02 03:20:49 +05:30
Spec: grSpec,
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
}
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks
2020-11-26 16:07:06 -08:00
gr.SetNamespace(config.KyvernoNamespace)
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
// Initial state "Pending"
// TODO: status is not updated
// gr.Status.State = kyverno.Pending
// generate requests created in kyverno namespace
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
isExist := false
if action == v1beta1.Create || action == v1beta1.Update {
1319 fix throttling (#1348) * fix policy status and generate controller issues * shorten ACTION column name * update logs * improve naming * add temp logs for troubleshooting * cleanup logs * apply generate policy to old & new resource in webhook * cleanup log messages * cleanup log messages * cleanup log messages * fix clean up of policy report in init container Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-12-01 12:30:08 -08:00
log.V(4).Info("querying all generate requests")
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
selector := labels.SelectorFromSet(labels.Set(map[string]string{
changed label prefix
2020-12-23 12:20:29 +05:30
"generate.kyverno.io/policy-name": grSpec.Policy,
fixed syntax error
2020-12-23 13:06:48 +05:30
"generate.kyverno.io/resource-name": grSpec.Resource.Name,
changed label prefix
2020-12-23 12:20:29 +05:30
"generate.kyverno.io/resource-kind": grSpec.Resource.Kind,
"generate.kyverno.io/resource-namespace": grSpec.Resource.Namespace,
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
}))
grList, err := grLister.List(selector)
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
if err != nil {
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
logger.Error(err, "failed to get generate request for the resource", "kind", grSpec.Resource.Kind, "name", grSpec.Resource.Name, "namespace", grSpec.Resource.Namespace)
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
return err
}
1319 fix throttling (#1348) * fix policy status and generate controller issues * shorten ACTION column name * update logs * improve naming * add temp logs for troubleshooting * cleanup logs * apply generate policy to old & new resource in webhook * cleanup log messages * cleanup log messages * cleanup log messages * fix clean up of policy report in init container Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2020-12-01 12:30:08 -08:00
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
for _, v := range grList {
making sure older labels are not removed
2020-12-29 16:36:43 +05:30
grLabels := gr.Labels
if grLabels == nil || len(grLabels) == 0 {
grLabels = make(map[string]string)
}
grLabels["resources-update"] = "true"
gr.SetLabels(grLabels)
changed label prefix
2020-12-23 12:20:29 +05:30
v.Spec.Context = gr.Spec.Context
v.Spec.Policy = gr.Spec.Policy
v.Spec.Resource = gr.Spec.Resource
fixed syntax error
2020-12-23 13:06:48 +05:30
changed label prefix
2020-12-23 12:20:29 +05:30
_, err = client.KyvernoV1().GenerateRequests(config.KyvernoNamespace).Update(context.TODO(), v, metav1.UpdateOptions{})
if err != nil {
return err
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
}
changed label prefix
2020-12-23 12:20:29 +05:30
isExist = true
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
}
changed label prefix
2020-12-23 12:20:29 +05:30
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
if !isExist {
gr.SetGenerateName("gr-")
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
gr.SetLabels(map[string]string{
changed label prefix
2020-12-23 12:20:29 +05:30
"generate.kyverno.io/policy-name": grSpec.Policy,
fixed syntax error
2020-12-23 13:06:48 +05:30
"generate.kyverno.io/resource-name": grSpec.Resource.Name,
changed label prefix
2020-12-23 12:20:29 +05:30
"generate.kyverno.io/resource-kind": grSpec.Resource.Kind,
"generate.kyverno.io/resource-namespace": grSpec.Resource.Namespace,
1345 use GR lister (#1387) * improved log message * added lister for GR * added label to GR * added wait for cache is sync
2020-12-15 04:22:13 +05:30
})
update webhook registration and monitor (#1318) * update webhook registration and monitor * update log * fix test * improve logs * improve logs * format changes * decrease interval for webhook config checks
2020-11-26 16:07:06 -08:00
_, err = client.KyvernoV1().GenerateRequests(config.KyvernoNamespace).Create(context.TODO(), &gr, metav1.CreateOptions{})
Generate policy does not work on namespace update (#1085) * added logic for handling generate request * generate rules added * added label condition for generate * remove extra logs * remove extra logs * buf fixed * bug fixed * added logic for delete gr * log fixed * documentation changed * remove best practices changes * bug fix * added best pratice
2020-08-31 23:55:13 +05:30
if err != nil {
return err
}
}
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
}
log.V(4).Info("retrying update generate request CR", "retryCount", i, "name", gr.GetGenerateName(), "namespace", gr.GetNamespace())
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
i++
return err
}
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
exbackoff := &backoff.ExponentialBackOff{
InitialInterval: 500 * time.Millisecond,
RandomizationFactor: 0.5,
Multiplier: 1.5,
MaxInterval: time.Second,
MaxElapsedTime: 3 * time.Second,
Clock: backoff.SystemClock,
}
exbackoff.Reset()
Synchronize data for generated resources (#933) * Generate request added fro update resource * synchronize flag added * documentation added for keeping resource synchronized Signed-off-by: Yuvraj <yuvraj.yad001@gmail.com>
2020-06-22 18:49:43 -07:00
err = backoff.Retry(applyResource, exbackoff)
538 (#587) * initial commit * background policy validation * correct message * skip non-background policy process for add/update * add Generate Request CR * generate Request Generator Initial * test generate request CR generation * initial commit gr generator * generate controller initial framework * add crd for generate request * gr cleanup controller initial commit * cleanup controller initial * generate mid-commit * generate rule processing * create PV on generate error * embed resource type * testing phase 1- generate resources with variable substitution * fix tests * comment broken test #586 * add printer column for state * return if existing resource for clone * set resync time to 2 mins & remove resource version check in update handler for gr * generate events for reporting * fix logs * cleanup * CR fixes * fix logs
2020-01-07 10:33:28 -08:00
if err != nil {
return err
}
return nil
}
Copy permalink