mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-13 19:28:55 +00:00
feat: add global context support in helm chart (#9614)
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
parent
226fa9515a
commit
03af9831f3
12 changed files with 57 additions and 8 deletions
|
@ -334,6 +334,7 @@ The chart values are organised per component.
|
|||
| features.dumpPayload.enabled | bool | `false` | Enables the feature |
|
||||
| features.forceFailurePolicyIgnore.enabled | bool | `false` | Enables the feature |
|
||||
| features.generateValidatingAdmissionPolicy.enabled | bool | `false` | Enables the feature |
|
||||
| features.globalContext.enabled | bool | `true` | Enables the feature |
|
||||
| features.logging.format | string | `"text"` | Logging format |
|
||||
| features.logging.verbosity | int | `2` | Logging verbosity |
|
||||
| features.omitEvents.eventTypes | list | `["PolicyApplied","PolicySkipped"]` | Events which should not be emitted (possible values `PolicyViolation`, `PolicyApplied`, `PolicyError`, and `PolicySkipped`) |
|
||||
|
|
|
@ -46,6 +46,9 @@
|
|||
{{- with .generateValidatingAdmissionPolicy -}}
|
||||
{{- $flags = append $flags (print "--generateValidatingAdmissionPolicy=" .enabled) -}}
|
||||
{{- end -}}
|
||||
{{- with .globalContext -}}
|
||||
{{- $flags = append $flags (print "--enableGlobalContext=" .enabled) -}}
|
||||
{{- end -}}
|
||||
{{- with .logging -}}
|
||||
{{- $flags = append $flags (print "--loggingFormat=" .format) -}}
|
||||
{{- $flags = append $flags (print "--v=" (join "," .verbosity)) -}}
|
||||
|
|
|
@ -163,6 +163,7 @@ spec:
|
|||
"dumpPayload"
|
||||
"forceFailurePolicyIgnore"
|
||||
"generateValidatingAdmissionPolicy"
|
||||
"globalContext"
|
||||
"logging"
|
||||
"omitEvents"
|
||||
"policyExceptions"
|
||||
|
|
|
@ -117,6 +117,7 @@ spec:
|
|||
{{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.backgroundController.featuresOverride)
|
||||
"configMapCaching"
|
||||
"deferredLoading"
|
||||
"globalContext"
|
||||
"logging"
|
||||
"omitEvents"
|
||||
"policyExceptions"
|
||||
|
|
|
@ -119,6 +119,7 @@ spec:
|
|||
{{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.cleanupController.featuresOverride)
|
||||
"deferredLoading"
|
||||
"dumpPayload"
|
||||
"globalContext"
|
||||
"logging"
|
||||
"ttlController"
|
||||
"protectManagedResources"
|
||||
|
|
|
@ -122,6 +122,7 @@ spec:
|
|||
"backgroundScan"
|
||||
"configMapCaching"
|
||||
"deferredLoading"
|
||||
"globalContext"
|
||||
"logging"
|
||||
"omitEvents"
|
||||
"policyExceptions"
|
||||
|
|
|
@ -629,6 +629,9 @@ features:
|
|||
generateValidatingAdmissionPolicy:
|
||||
# -- Enables the feature
|
||||
enabled: false
|
||||
globalContext:
|
||||
# -- Enables the feature
|
||||
enabled: true
|
||||
logging:
|
||||
# -- Logging format
|
||||
format: text
|
||||
|
|
|
@ -15,9 +15,11 @@ import (
|
|||
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
|
||||
policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/apicall"
|
||||
"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
|
||||
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
||||
"github.com/kyverno/kyverno/pkg/event"
|
||||
"github.com/kyverno/kyverno/pkg/leaderelection"
|
||||
|
@ -153,7 +155,15 @@ func main() {
|
|||
eventGenerator,
|
||||
event.Workers,
|
||||
)
|
||||
// this controller only subscribe to events, nothing is returned...
|
||||
gceController := internal.NewController(
|
||||
globalcontextcontroller.ControllerName,
|
||||
globalcontextcontroller.NewController(
|
||||
kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
|
||||
setup.KyvernoDynamicClient,
|
||||
store.New(),
|
||||
),
|
||||
globalcontextcontroller.Workers,
|
||||
) // this controller only subscribe to events, nothing is returned...
|
||||
policymetricscontroller.NewController(
|
||||
setup.MetricsManager,
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
|
@ -231,6 +241,7 @@ func main() {
|
|||
}
|
||||
// start non leader controllers
|
||||
eventController.Run(signalCtx, setup.Logger, &wg)
|
||||
gceController.Run(signalCtx, setup.Logger, &wg)
|
||||
// start leader election
|
||||
le.Run(signalCtx)
|
||||
// wait for everything to shut down and exit
|
||||
|
|
|
@ -19,9 +19,9 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/controllers/cleanup"
|
||||
genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
|
||||
genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
|
||||
"github.com/kyverno/kyverno/pkg/controllers/globalcontext"
|
||||
globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
|
||||
ttlcontroller "github.com/kyverno/kyverno/pkg/controllers/ttl"
|
||||
globalcontextstore "github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
|
||||
"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
|
||||
"github.com/kyverno/kyverno/pkg/event"
|
||||
"github.com/kyverno/kyverno/pkg/informers"
|
||||
"github.com/kyverno/kyverno/pkg/leaderelection"
|
||||
|
@ -159,15 +159,14 @@ func main() {
|
|||
eventGenerator,
|
||||
event.Workers,
|
||||
)
|
||||
store := globalcontextstore.New()
|
||||
gceController := internal.NewController(
|
||||
globalcontext.ControllerName,
|
||||
globalcontext.NewController(
|
||||
globalcontextcontroller.ControllerName,
|
||||
globalcontextcontroller.NewController(
|
||||
kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
|
||||
setup.KyvernoDynamicClient,
|
||||
store,
|
||||
store.New(),
|
||||
),
|
||||
globalcontext.Workers,
|
||||
globalcontextcontroller.Workers,
|
||||
)
|
||||
// start informers and wait for cache sync
|
||||
if !internal.StartInformersAndWaitForCacheSync(ctx, setup.Logger, kubeInformer, kyvernoInformer) {
|
||||
|
|
|
@ -20,12 +20,14 @@ import (
|
|||
"github.com/kyverno/kyverno/pkg/controllers/certmanager"
|
||||
genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
|
||||
genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
|
||||
globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
|
||||
policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
|
||||
policycachecontroller "github.com/kyverno/kyverno/pkg/controllers/policycache"
|
||||
vapcontroller "github.com/kyverno/kyverno/pkg/controllers/validatingadmissionpolicy-generate"
|
||||
webhookcontroller "github.com/kyverno/kyverno/pkg/controllers/webhook"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/apicall"
|
||||
"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
|
||||
"github.com/kyverno/kyverno/pkg/event"
|
||||
"github.com/kyverno/kyverno/pkg/informers"
|
||||
"github.com/kyverno/kyverno/pkg/leaderelection"
|
||||
|
@ -323,6 +325,15 @@ func main() {
|
|||
logging.WithName("EventGenerator"),
|
||||
strings.Split(omitEvents, ",")...,
|
||||
)
|
||||
gceController := internal.NewController(
|
||||
globalcontextcontroller.ControllerName,
|
||||
globalcontextcontroller.NewController(
|
||||
kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
|
||||
setup.KyvernoDynamicClient,
|
||||
store.New(),
|
||||
),
|
||||
globalcontextcontroller.Workers,
|
||||
)
|
||||
eventController := internal.NewController(
|
||||
event.ControllerName,
|
||||
eventGenerator,
|
||||
|
@ -523,6 +534,7 @@ func main() {
|
|||
defer server.Stop()
|
||||
// start non leader controllers
|
||||
eventController.Run(signalCtx, setup.Logger, &wg)
|
||||
gceController.Run(signalCtx, setup.Logger, &wg)
|
||||
for _, controller := range nonLeaderControllers {
|
||||
controller.Run(signalCtx, setup.Logger.WithName("controllers"), &wg)
|
||||
}
|
||||
|
|
|
@ -14,12 +14,14 @@ import (
|
|||
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
"github.com/kyverno/kyverno/pkg/config"
|
||||
globalcontextcontroller "github.com/kyverno/kyverno/pkg/controllers/globalcontext"
|
||||
admissionreportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/admission"
|
||||
aggregatereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/aggregate"
|
||||
backgroundscancontroller "github.com/kyverno/kyverno/pkg/controllers/report/background"
|
||||
resourcereportcontroller "github.com/kyverno/kyverno/pkg/controllers/report/resource"
|
||||
engineapi "github.com/kyverno/kyverno/pkg/engine/api"
|
||||
"github.com/kyverno/kyverno/pkg/engine/apicall"
|
||||
"github.com/kyverno/kyverno/pkg/engine/globalcontext/store"
|
||||
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
||||
"github.com/kyverno/kyverno/pkg/event"
|
||||
"github.com/kyverno/kyverno/pkg/leaderelection"
|
||||
|
@ -283,6 +285,15 @@ func main() {
|
|||
eventGenerator,
|
||||
event.Workers,
|
||||
)
|
||||
gceController := internal.NewController(
|
||||
globalcontextcontroller.ControllerName,
|
||||
globalcontextcontroller.NewController(
|
||||
kyvernoInformer.Kyverno().V2alpha1().GlobalContextEntries(),
|
||||
setup.KyvernoDynamicClient,
|
||||
store.New(),
|
||||
),
|
||||
globalcontextcontroller.Workers,
|
||||
)
|
||||
// engine
|
||||
engine := internal.NewEngine(
|
||||
ctx,
|
||||
|
@ -372,6 +383,7 @@ func main() {
|
|||
}
|
||||
// start non leader controllers
|
||||
eventController.Run(ctx, setup.Logger, &wg)
|
||||
gceController.Run(ctx, setup.Logger, &wg)
|
||||
// start leader election
|
||||
le.Run(ctx)
|
||||
// wait for everything to shut down and exit
|
||||
|
|
|
@ -51836,6 +51836,7 @@ spec:
|
|||
- --dumpPayload=false
|
||||
- --forceFailurePolicyIgnore=false
|
||||
- --generateValidatingAdmissionPolicy=false
|
||||
- --enableGlobalContext=true
|
||||
- --loggingFormat=text
|
||||
- --v=2
|
||||
- --omitEvents=PolicyApplied,PolicySkipped
|
||||
|
@ -51987,6 +51988,7 @@ spec:
|
|||
- --metricsPort=8000
|
||||
- --enableConfigMapCaching=true
|
||||
- --enableDeferredLoading=true
|
||||
- --enableGlobalContext=true
|
||||
- --loggingFormat=text
|
||||
- --v=2
|
||||
- --omitEvents=PolicyApplied,PolicySkipped
|
||||
|
@ -52094,6 +52096,7 @@ spec:
|
|||
- --metricsPort=8000
|
||||
- --enableDeferredLoading=true
|
||||
- --dumpPayload=false
|
||||
- --enableGlobalContext=true
|
||||
- --loggingFormat=text
|
||||
- --v=2
|
||||
- --protectManagedResources=false
|
||||
|
@ -52234,6 +52237,7 @@ spec:
|
|||
- --skipResourceFilters=true
|
||||
- --enableConfigMapCaching=true
|
||||
- --enableDeferredLoading=true
|
||||
- --enableGlobalContext=true
|
||||
- --loggingFormat=text
|
||||
- --v=2
|
||||
- --omitEvents=PolicyApplied,PolicySkipped
|
||||
|
|
Loading…
Add table
Reference in a new issue