mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00
Code Activity

special handling - when applying policy with annotations on pod

Browse source
This commit is contained in:
NoSkillGirl 2020-11-09 20:36:42 +05:30
parent 0a7be578ea
commit 009268f844
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkg/engine/utils.go
View file

@ -5,7 +5,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"reflect" "reflect"
"strings"
"time" "time"
"github.com/go-logr/logr" "github.com/go-logr/logr"
@ -23,6 +22,7 @@ import (
"github.com/kyverno/kyverno/pkg/engine/context" "github.com/kyverno/kyverno/pkg/engine/context"
"github.com/kyverno/kyverno/pkg/resourcecache" "github.com/kyverno/kyverno/pkg/resourcecache"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"strings"
) )
//EngineStats stores in the statistics for a single application of resource //EngineStats stores in the statistics for a single application of resource
@ -272,6 +272,12 @@ func excludeResource(resource unstructured.Unstructured) bool {
// - if the policy has auto-gen annotation && resource == Pod // - if the policy has auto-gen annotation && resource == Pod
// - if the auto-gen contains cronJob && resource == Job // - if the auto-gen contains cronJob && resource == Job
func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool { func SkipPolicyApplication(policy kyverno.ClusterPolicy, resource unstructured.Unstructured) bool {
if resource.GetKind() == "Pod" && policy.HasAutoGenAnnotation() {
if _, ok := policy.GetAnnotations()[PodControllersAnnotation]; ok {
delete(policy.Annotations, PodControllersAnnotation)
}
}
if policy.HasAutoGenAnnotation() && excludeResource(resource) { if policy.HasAutoGenAnnotation() && excludeResource(resource) {
return true return true
} }