feat: add global context support in helm chart (#9614)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-13 19:28:55 +00:00 · 2024-02-02 12:37:58 +01:00 · 2024-02-02 12:37:58 +01:00 · 03af9831f3
commit 03af9831f3
parent 226fa9515a
12 changed files with 57 additions and 8 deletions
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -334,6 +334,7 @@ The chart values are organised per component.
 | features.dumpPayload.enabled | bool | `false` | Enables the feature |
 | features.forceFailurePolicyIgnore.enabled | bool | `false` | Enables the feature |
 | features.generateValidatingAdmissionPolicy.enabled | bool | `false` | Enables the feature |
+| features.globalContext.enabled | bool | `true` | Enables the feature |
 | features.logging.format | string | `"text"` | Logging format |
 | features.logging.verbosity | int | `2` | Logging verbosity |
 | features.omitEvents.eventTypes | list | `["PolicyApplied","PolicySkipped"]` | Events which should not be emitted (possible values `PolicyViolation`, `PolicyApplied`, `PolicyError`, and `PolicySkipped`) |
--- a/charts/kyverno/templates/_helpers.tpl
+++ b/charts/kyverno/templates/_helpers.tpl
@ -46,6 +46,9 @@
 {{- with .generateValidatingAdmissionPolicy -}}
  {{- $flags = append $flags (print "--generateValidatingAdmissionPolicy=" .enabled) -}}
 {{- end -}}
+{{- with .globalContext -}}
+  {{- $flags = append $flags (print "--enableGlobalContext=" .enabled) -}}
+{{- end -}}
 {{- with .logging -}}
  {{- $flags = append $flags (print "--loggingFormat=" .format) -}}
  {{- $flags = append $flags (print "--v=" (join "," .verbosity)) -}}
--- a/charts/kyverno/templates/admission-controller/deployment.yaml
+++ b/charts/kyverno/templates/admission-controller/deployment.yaml
@ -163,6 +163,7 @@ spec:
              "dumpPayload"
              "forceFailurePolicyIgnore"
              "generateValidatingAdmissionPolicy"
+              "globalContext"
              "logging"
              "omitEvents"
              "policyExceptions"
--- a/charts/kyverno/templates/background-controller/deployment.yaml
+++ b/charts/kyverno/templates/background-controller/deployment.yaml
@ -117,6 +117,7 @@ spec:
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.backgroundController.featuresOverride)
              "configMapCaching"
              "deferredLoading"
+              "globalContext"
              "logging"
              "omitEvents"
              "policyExceptions"
--- a/charts/kyverno/templates/cleanup-controller/deployment.yaml
+++ b/charts/kyverno/templates/cleanup-controller/deployment.yaml
@ -119,6 +119,7 @@ spec:
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.cleanupController.featuresOverride)
              "deferredLoading"
              "dumpPayload"
+              "globalContext"
              "logging"
              "ttlController"
              "protectManagedResources"
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@ -122,6 +122,7 @@ spec:
              "backgroundScan"
              "configMapCaching"
              "deferredLoading"
+              "globalContext"
              "logging"
              "omitEvents"
              "policyExceptions"
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -629,6 +629,9 @@ features:
  generateValidatingAdmissionPolicy:
    # -- Enables the feature
    enabled: false
+  globalContext:
+    # -- Enables the feature
+    enabled: true
  logging:
    # -- Logging format
    format: text
--- a/cmd/background-controller/main.go
+++ b/cmd/background-controller/main.go
@ -15,9 +15,11 @@ import (
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/config"
+	globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
 	policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/apicall"
+	"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
@ -153,7 +155,15 @@ func main() {
 		eventGenerator,
 		event.Workers,
 	)
-	// this controller only subscribe to events, nothing is returned...
+	gceController := internal.NewController(
+		globalcontextcontroller.ControllerName,
+		globalcontextcontroller.NewController(
+			kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
+			setup.KyvernoDynamicClient,
+			store.New(),
+		),
+		globalcontextcontroller.Workers,
+	) // this controller only subscribe to events, nothing is returned...
 	policymetricscontroller.NewController(
 		setup.MetricsManager,
 		kyvernoInformer.Kyverno().V1().ClusterPolicies(),
@ -231,6 +241,7 @@ func main() {
 	}
 	// start non leader controllers
 	eventController.Run(signalCtx, setup.Logger, &wg)
+	gceController.Run(signalCtx, setup.Logger, &wg)
 	// start leader election
 	le.Run(signalCtx)
 	// wait for everything to shut down and exit
--- a/cmd/cleanup-controller/main.go
+++ b/cmd/cleanup-controller/main.go
@ -19,9 +19,9 @@ import (
 	"github.com/kyverno/kyverno/pkg/controllers/cleanup"
 	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
-	"github.com/kyverno/kyverno/pkg/controllers/globalcontext"
+	globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
 	ttlcontroller "github.com/kyverno/kyverno/pkg/controllers/ttl"
-	globalcontextstore "github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
+	"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/informers"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
@ -159,15 +159,14 @@ func main() {
 		eventGenerator,
 		event.Workers,
 	)
-	store := globalcontextstore.New()
 	gceController := internal.NewController(
-		globalcontext.ControllerName,
-		globalcontext.NewController(
+		globalcontextcontroller.ControllerName,
+		globalcontextcontroller.NewController(
 			kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
 			setup.KyvernoDynamicClient,
-			store,
+			store.New(),
 		),
-		globalcontext.Workers,
+		globalcontextcontroller.Workers,
 	)
 	// start informers and wait for cache sync
 	if !internal.StartInformersAndWaitForCacheSync(ctx, setup.Logger, kubeInformer, kyvernoInformer) {
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -20,12 +20,14 @@ import (
 	"github.com/kyverno/kyverno/pkg/controllers/certmanager"
 	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
+	globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
 	policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
 	policycachecontroller "github.com/kyverno/kyverno/pkg/controllers/policycache"
 	vapcontroller "github.com/kyverno/kyverno/pkg/controllers/validatingadmissionpolicy-generate"
 	webhookcontroller "github.com/kyverno/kyverno/pkg/controllers/webhook"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/apicall"
+	"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/informers"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
@ -323,6 +325,15 @@ func main() {
 		logging.WithName("EventGenerator"),
 		strings.Split(omitEvents, ",")...,
 	)
+	gceController := internal.NewController(
+		globalcontextcontroller.ControllerName,
+		globalcontextcontroller.NewController(
+			kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
+			setup.KyvernoDynamicClient,
+			store.New(),
+		),
+		globalcontextcontroller.Workers,
+	)
 	eventController := internal.NewController(
 		event.ControllerName,
 		eventGenerator,
@ -523,6 +534,7 @@ func main() {
 	defer server.Stop()
 	// start non leader controllers
 	eventController.Run(signalCtx, setup.Logger, &wg)
+	gceController.Run(signalCtx, setup.Logger, &wg)
 	for _, controller := range nonLeaderControllers {
 		controller.Run(signalCtx, setup.Logger.WithName("controllers"), &wg)
 	}
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@ -14,12 +14,14 @@ import (
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/config"
+	globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
 	admissionreportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/admission"
 	aggregatereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/aggregate"
 	backgroundscancontroller "github.com/kyverno/kyverno/pkg/controllers/report/background"
 	resourcereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/resource"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/apicall"
+	"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
@ -283,6 +285,15 @@ func main() {
 		eventGenerator,
 		event.Workers,
 	)
+	gceController := internal.NewController(
+		globalcontextcontroller.ControllerName,
+		globalcontextcontroller.NewController(
+			kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
+			setup.KyvernoDynamicClient,
+			store.New(),
+		),
+		globalcontextcontroller.Workers,
+	)
 	// engine
 	engine := internal.NewEngine(
 		ctx,
@ -372,6 +383,7 @@ func main() {
 	}
 	// start non leader controllers
 	eventController.Run(ctx, setup.Logger, &wg)
+	gceController.Run(ctx, setup.Logger, &wg)
 	// start leader election
 	le.Run(ctx)
 	// wait for everything to shut down and exit
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -51836,6 +51836,7 @@ spec:
            - --dumpPayload=false
            - --forceFailurePolicyIgnore=false
            - --generateValidatingAdmissionPolicy=false
+            - --enableGlobalContext=true
            - --loggingFormat=text
            - --v=2
            - --omitEvents=PolicyApplied,PolicySkipped
@ -51987,6 +51988,7 @@ spec:
            - --metricsPort=8000
            - --enableConfigMapCaching=true
            - --enableDeferredLoading=true
+            - --enableGlobalContext=true
            - --loggingFormat=text
            - --v=2
            - --omitEvents=PolicyApplied,PolicySkipped
@ -52094,6 +52096,7 @@ spec:
            - --metricsPort=8000
            - --enableDeferredLoading=true
            - --dumpPayload=false
+            - --enableGlobalContext=true
            - --loggingFormat=text
            - --v=2
            - --protectManagedResources=false
@ -52234,6 +52237,7 @@ spec:
            - --skipResourceFilters=true
            - --enableConfigMapCaching=true
            - --enableDeferredLoading=true
+            - --enableGlobalContext=true
            - --loggingFormat=text
            - --v=2
            - --omitEvents=PolicyApplied,PolicySkipped