mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
structure code to be reusable
This commit is contained in:
Shuting Zhao
parent
a8acc9eb5a
commit
05f26335f7
2 changed files with 16 additions and 18 deletions
|
|
@ -227,7 +227,7 @@ spec:
|
||||||
containers:
|
containers:
|
||||||
- name: kyverno
|
- name: kyverno
|
||||||
image: nirmata/kyverno:latest
|
image: nirmata/kyverno:latest
|
||||||
args: ["--filterK8Resources","[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*]Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]"]
|
args: ["--filterK8Resources","[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]"]
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 443
|
- containerPort: 443
|
||||||
securityContext:
|
securityContext:
|
||||||
|
|
|
||||||
|
|
@ -45,22 +45,13 @@ func (ws *WebhookServer) registerWebhookConfigurations(policy v1alpha1.Policy) e
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebhookServer) deregisterWebhookConfigurations(policy v1alpha1.Policy) error {
|
func (ws *WebhookServer) deregisterWebhookConfigurations(policy v1alpha1.Policy) error {
|
||||||
pt := none
|
|
||||||
glog.V(3).Infof("Retreiving policy type for %s\n", policy.Name)
|
glog.V(3).Infof("Retreiving policy type for %s\n", policy.Name)
|
||||||
|
|
||||||
for _, rule := range policy.Spec.Rules {
|
pt := GetPolicyType([]*v1alpha1.Policy{&policy}, "")
|
||||||
if rule.Validation != nil {
|
|
||||||
pt = pt | validate
|
|
||||||
}
|
|
||||||
|
|
||||||
if rule.Mutation != nil {
|
glog.V(3).Infof("Policy to be deleted type==%v\n", pt)
|
||||||
pt = pt | mutate
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
glog.V(3).Infof("Scanning policy type==%v\n", pt)
|
existPolicyType := ws.getExistingPolicyType(policy.Name)
|
||||||
|
|
||||||
existPolicyType := ws.isPolicyTypeExist(pt, policy.Name)
|
|
||||||
glog.V(3).Infof("Found existing policy type==%v\n", existPolicyType)
|
glog.V(3).Infof("Found existing policy type==%v\n", existPolicyType)
|
||||||
|
|
||||||
switch existPolicyType {
|
switch existPolicyType {
|
||||||
|
|
@ -84,17 +75,24 @@ func (ws *WebhookServer) deregisterWebhookConfigurations(policy v1alpha1.Policy)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebhookServer) isPolicyTypeExist(pt policyType, policyName string) policyType {
|
func (ws *WebhookServer) getExistingPolicyType(policyName string) policyType {
|
||||||
ptype := none
|
|
||||||
|
|
||||||
policies, err := ws.policyLister.List(labels.NewSelector())
|
policies, err := ws.policyLister.List(labels.NewSelector())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Errorf("Failed to get policy list")
|
glog.Errorf("Failed to get policy list")
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, p := range policies {
|
return GetPolicyType(policies, policyName)
|
||||||
if p.Name == policyName {
|
}
|
||||||
glog.Infof("Skipping policy type check on %s\n", policyName)
|
|
||||||
|
// GetPolicyType get the type of policies
|
||||||
|
// excludes is the policy name to be skipped
|
||||||
|
func GetPolicyType(policyList []*v1alpha1.Policy, excludes string) policyType {
|
||||||
|
ptype := none
|
||||||
|
|
||||||
|
for _, p := range policyList {
|
||||||
|
if p.Name == excludes {
|
||||||
|
glog.Infof("Skipping policy type check on %s\n", excludes)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue