diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 0cdbf4d6f4..4e552e1b16 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -16,7 +16,6 @@ import ( "github.com/nirmata/kyverno/pkg/policy" "github.com/nirmata/kyverno/pkg/policystore" "github.com/nirmata/kyverno/pkg/policyviolation" - "github.com/nirmata/kyverno/pkg/resourcewebhookwatcher" "github.com/nirmata/kyverno/pkg/signal" "github.com/nirmata/kyverno/pkg/utils" "github.com/nirmata/kyverno/pkg/version" @@ -92,7 +91,7 @@ func main() { // Resource Mutating Webhook Watcher lastReqTime := checker.NewLastReqTime() - rWebhookWatcher := resourcewebhookwatcher.NewResourceWebhookWatcher( + rWebhookWatcher := webhookconfig.NewResourceWebhookWatcher( lastReqTime, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient, @@ -220,7 +219,6 @@ func main() { policyMetaStore, pvgen, rWebhookWatcher, - lastReqTime, cleanUp) if err != nil { glog.Fatalf("Unable to create webhook server: %v\n", err) diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go index 7d91532b59..b2a0f63f5a 100644 --- a/pkg/policy/controller.go +++ b/pkg/policy/controller.go @@ -18,7 +18,7 @@ import ( "github.com/nirmata/kyverno/pkg/event" "github.com/nirmata/kyverno/pkg/policystore" "github.com/nirmata/kyverno/pkg/policyviolation" - "github.com/nirmata/kyverno/pkg/resourcewebhookwatcher" + "github.com/nirmata/kyverno/pkg/webhookconfig" v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -82,7 +82,7 @@ type PolicyController struct { // policy violation generator pvGenerator policyviolation.GeneratorInterface // resourceWebhookWatcher queues the webhook creation request, creates the webhook - resourceWebhookWatcher *resourcewebhookwatcher.ResourceWebhookWatcher + resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher } // NewPolicyController create a new PolicyController @@ -95,7 +95,7 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, eventGen event.Interface, pvGenerator policyviolation.GeneratorInterface, pMetaStore policystore.UpdateInterface, - resourceWebhookWatcher *resourcewebhookwatcher.ResourceWebhookWatcher) (*PolicyController, error) { + resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher) (*PolicyController, error) { // Event broad caster eventBroadcaster := record.NewBroadcaster() eventBroadcaster.StartLogging(glog.Infof) diff --git a/pkg/resourcewebhookwatcher/deregister.go b/pkg/resourcewebhookwatcher/deregister.go deleted file mode 100644 index cb58457898..0000000000 --- a/pkg/resourcewebhookwatcher/deregister.go +++ /dev/null @@ -1,26 +0,0 @@ -package resourcewebhookwatcher - -import ( - "github.com/golang/glog" -) - -func (rww *ResourceWebhookWatcher) RemoveResourceWebhookConfiguration() error { - var err error - // check informer cache - configName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName() - config, err := rww.mWebhookConfigLister.Get(configName) - if err != nil { - glog.V(4).Infof("failed to list mutating webhook config: %v", err) - return err - } - if config == nil { - // as no resource is found - return nil - } - err = rww.webhookRegistrationClient.RemoveResourceMutatingWebhookConfiguration() - if err != nil { - return err - } - glog.V(3).Info("removed resource webhook configuration") - return nil -} diff --git a/pkg/resourcewebhookwatcher/register.go b/pkg/webhookconfig/rwebhookwatcher.go similarity index 77% rename from pkg/resourcewebhookwatcher/register.go rename to pkg/webhookconfig/rwebhookwatcher.go index 66699a62fe..d4bceb0ffb 100644 --- a/pkg/resourcewebhookwatcher/register.go +++ b/pkg/webhookconfig/rwebhookwatcher.go @@ -1,11 +1,10 @@ -package resourcewebhookwatcher +package webhookconfig import ( "time" "github.com/golang/glog" checker "github.com/nirmata/kyverno/pkg/checker" - webhookconfig "github.com/nirmata/kyverno/pkg/webhookconfig" errorsapi "k8s.io/apimachinery/pkg/api/errors" mconfiginformer "k8s.io/client-go/informers/admissionregistration/v1beta1" mconfiglister "k8s.io/client-go/listers/admissionregistration/v1beta1" @@ -13,22 +12,22 @@ import ( ) type ResourceWebhookWatcher struct { - lastReqTime *checker.LastReqTime + LastReqTime *checker.LastReqTime // ch holds the requests to create resource mutatingwebhookconfiguration ch chan bool mwebhookconfigSynced cache.InformerSynced // list/get mutatingwebhookconfigurations mWebhookConfigLister mconfiglister.MutatingWebhookConfigurationLister - webhookRegistrationClient *webhookconfig.WebhookRegistrationClient + webhookRegistrationClient *WebhookRegistrationClient } func NewResourceWebhookWatcher( lastReqTime *checker.LastReqTime, mconfigwebhookinformer mconfiginformer.MutatingWebhookConfigurationInformer, - webhookRegistrationClient *webhookconfig.WebhookRegistrationClient, + webhookRegistrationClient *WebhookRegistrationClient, ) *ResourceWebhookWatcher { return &ResourceWebhookWatcher{ - lastReqTime: lastReqTime, + LastReqTime: lastReqTime, ch: make(chan bool), mwebhookconfigSynced: mconfigwebhookinformer.Informer().HasSynced, mWebhookConfigLister: mconfigwebhookinformer.Lister(), @@ -59,7 +58,7 @@ func (rww *ResourceWebhookWatcher) Run(stopCh <-chan struct{}) { for { select { case <-rww.ch: - timeDiff := time.Since(rww.lastReqTime.Time()) + timeDiff := time.Since(rww.LastReqTime.Time()) if timeDiff < checker.DefaultDeadline { glog.V(3).Info("Verified webhook status, creating webhook configuration") go createWebhook() @@ -96,3 +95,24 @@ func (rww *ResourceWebhookWatcher) createResourceMutatingWebhookConfigurationIfR glog.V(3).Info("Successfully created mutating webhook configuration for resources") return nil } + +func (rww *ResourceWebhookWatcher) RemoveResourceWebhookConfiguration() error { + var err error + // check informer cache + configName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName() + config, err := rww.mWebhookConfigLister.Get(configName) + if err != nil { + glog.V(4).Infof("failed to list mutating webhook config: %v", err) + return err + } + if config == nil { + // as no resource is found + return nil + } + err = rww.webhookRegistrationClient.RemoveResourceMutatingWebhookConfiguration() + if err != nil { + return err + } + glog.V(3).Info("removed resource webhook configuration") + return nil +} diff --git a/pkg/webhooks/server.go b/pkg/webhooks/server.go index 4fdaab3c70..b72de53f93 100644 --- a/pkg/webhooks/server.go +++ b/pkg/webhooks/server.go @@ -21,7 +21,6 @@ import ( "github.com/nirmata/kyverno/pkg/policy" "github.com/nirmata/kyverno/pkg/policystore" "github.com/nirmata/kyverno/pkg/policyviolation" - "github.com/nirmata/kyverno/pkg/resourcewebhookwatcher" tlsutils "github.com/nirmata/kyverno/pkg/tls" userinfo "github.com/nirmata/kyverno/pkg/userinfo" "github.com/nirmata/kyverno/pkg/webhookconfig" @@ -66,7 +65,7 @@ type WebhookServer struct { pMetaStore policystore.LookupInterface // policy violation generator pvGenerator policyviolation.GeneratorInterface - resourceWebhookWatcher *resourcewebhookwatcher.ResourceWebhookWatcher + resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher } // NewWebhookServer creates new instance of WebhookServer accordingly to given configuration @@ -84,8 +83,7 @@ func NewWebhookServer( configHandler config.Interface, pMetaStore policystore.LookupInterface, pvGenerator policyviolation.GeneratorInterface, - resourceWebhookWatcher *resourcewebhookwatcher.ResourceWebhookWatcher, - lastReqTime *checker.LastReqTime, + resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher, cleanUp chan<- struct{}) (*WebhookServer, error) { if tlsPair == nil { @@ -113,7 +111,7 @@ func NewWebhookServer( policyStatus: policyStatus, configHandler: configHandler, cleanUp: cleanUp, - lastReqTime: lastReqTime, + lastReqTime: resourceWebhookWatcher.LastReqTime, pvGenerator: pvGenerator, pMetaStore: pMetaStore, resourceWebhookWatcher: resourceWebhookWatcher,