From 009268f844f31015e68cfead497ab65fb7924e76 Mon Sep 17 00:00:00 2001
From: NoSkillGirl <singhpooja240393@gmail.com>
Date: Mon, 9 Nov 2020 20:36:42 +0530
Subject: [PATCH] special handling - when applying policy with annotations on
 pod

---
 pkg/engine/utils.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/engine/utils.go b/pkg/engine/utils.go
index 0647a928e3..cac8e68802 100644
--- a/pkg/engine/utils.go
+++ b/pkg/engine/utils.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-	"strings"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -23,6 +22,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/context"
 	"github.com/kyverno/kyverno/pkg/resourcecache"
 	"k8s.io/apimachinery/pkg/runtime"
+	"strings"
 )
 
 //EngineStats stores in the statistics for a single application of resource
@@ -272,6 +272,12 @@ func excludeResource(resource unstructured.Unstructured) bool {
 // - if the policy has auto-gen annotation && resource == Pod
 // - if the auto-gen contains cronJob && resource == Job
 func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool {
+	if resource.GetKind() == "Pod" && policy.HasAutoGenAnnotation() {
+		if _, ok := policy.GetAnnotations()[PodControllersAnnotation]; ok {
+			delete(policy.Annotations, PodControllersAnnotation)
+		}
+	}
+
 	if policy.HasAutoGenAnnotation() && excludeResource(resource) {
 		return true
 	}