mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-15 17:51:20 +00:00
refactor: make config vars private (#3823)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
4d4f805d68
commit
2064a69b8a
28 changed files with 112 additions and 92 deletions
|
|
@ -137,16 +137,16 @@ func main() {
|
|||
os.Exit(1)
|
||||
}
|
||||
|
||||
depl, err := kubeClient.AppsV1().Deployments(config.KyvernoNamespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
depl, err := kubeClient.AppsV1().Deployments(config.KyvernoNamespace()).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
deplHash := ""
|
||||
if err != nil {
|
||||
log.Log.Info("failed to fetch deployment '%v': %v", config.KyvernoDeploymentName, err.Error())
|
||||
log.Log.Info("failed to fetch deployment '%v': %v", config.KyvernoDeploymentName(), err.Error())
|
||||
os.Exit(1)
|
||||
}
|
||||
deplHash = fmt.Sprintf("%v", depl.GetUID())
|
||||
|
||||
name := tls.GenerateRootCASecretName(certProps)
|
||||
secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace).Get(context.TODO(), name, metav1.GetOptions{})
|
||||
secret, err := kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
log.Log.Info("failed to fetch root CA secret", "name", name, "error", err.Error())
|
||||
|
||||
|
|
@ -155,7 +155,7 @@ func main() {
|
|||
}
|
||||
} else if tls.CanAddAnnotationToSecret(deplHash, secret) {
|
||||
secret.SetAnnotations(map[string]string{tls.MasterDeploymentUID: deplHash})
|
||||
_, err = kubeClient.CoreV1().Secrets(config.KyvernoNamespace).Update(context.TODO(), secret, metav1.UpdateOptions{})
|
||||
_, err = kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Update(context.TODO(), secret, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
log.Log.Info("failed to update cert: %v", err.Error())
|
||||
os.Exit(1)
|
||||
|
|
@ -163,7 +163,7 @@ func main() {
|
|||
}
|
||||
|
||||
name = tls.GenerateTLSPairSecretName(certProps)
|
||||
secret, err = kubeClient.CoreV1().Secrets(config.KyvernoNamespace).Get(context.TODO(), name, metav1.GetOptions{})
|
||||
secret, err = kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).Get(context.TODO(), name, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
log.Log.Info("failed to fetch TLS Pair secret", "name", name, "error", err.Error())
|
||||
|
||||
|
|
@ -206,7 +206,7 @@ func main() {
|
|||
os.Exit(0)
|
||||
}
|
||||
|
||||
le, err := leaderelection.New("kyvernopre", config.KyvernoNamespace, kubeClient, run, nil, log.Log.WithName("kyvernopre/LeaderElection"))
|
||||
le, err := leaderelection.New("kyvernopre", config.KyvernoNamespace(), kubeClient, run, nil, log.Log.WithName("kyvernopre/LeaderElection"))
|
||||
if err != nil {
|
||||
setupLog.Error(err, "failed to elect a leader")
|
||||
os.Exit(1)
|
||||
|
|
@ -216,7 +216,7 @@ func main() {
|
|||
}
|
||||
|
||||
func acquireLeader(ctx context.Context, kubeClient kubernetes.Interface) error {
|
||||
_, err := kubeClient.CoordinationV1().Leases(config.KyvernoNamespace).Get(ctx, "kyvernopre-lock", metav1.GetOptions{})
|
||||
_, err := kubeClient.CoordinationV1().Leases(config.KyvernoNamespace()).Get(ctx, "kyvernopre-lock", metav1.GetOptions{})
|
||||
if err != nil {
|
||||
log.Log.Info("Lease 'kyvernopre-lock' not found. Starting clean-up...")
|
||||
} else {
|
||||
|
|
@ -229,7 +229,7 @@ func acquireLeader(ctx context.Context, kubeClient kubernetes.Interface) error {
|
|||
Name: "kyvernopre-lock",
|
||||
},
|
||||
}
|
||||
_, err = kubeClient.CoordinationV1().Leases(config.KyvernoNamespace).Create(ctx, &lease, metav1.CreateOptions{})
|
||||
_, err = kubeClient.CoordinationV1().Leases(config.KyvernoNamespace()).Create(ctx, &lease, metav1.CreateOptions{})
|
||||
|
||||
return err
|
||||
}
|
||||
|
|
@ -404,7 +404,7 @@ func addPolicyReportSelectorLabel(client client.Interface) {
|
|||
func removeReportChangeRequest(client client.Interface, kind string) error {
|
||||
logger := log.Log.WithName("removeReportChangeRequest")
|
||||
|
||||
ns := config.KyvernoNamespace
|
||||
ns := config.KyvernoNamespace()
|
||||
rcrList, err := client.ListResource("", kind, ns, nil)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to list reportChangeRequest")
|
||||
|
|
@ -469,7 +469,7 @@ func convertGR(pclient kyvernoclient.Interface) error {
|
|||
logger := log.Log.WithName("convertGenerateRequest")
|
||||
|
||||
var errors []error
|
||||
grs, err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace).List(context.TODO(), metav1.ListOptions{})
|
||||
grs, err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace()).List(context.TODO(), metav1.ListOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to list update requests")
|
||||
return err
|
||||
|
|
@ -479,7 +479,7 @@ func convertGR(pclient kyvernoclient.Interface) error {
|
|||
var ur = &urkyverno.UpdateRequest{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "ur-",
|
||||
Namespace: config.KyvernoNamespace,
|
||||
Namespace: config.KyvernoNamespace(),
|
||||
Labels: gr.GetLabels(),
|
||||
},
|
||||
Spec: urkyverno.UpdateRequestSpec{
|
||||
|
|
@ -501,7 +501,7 @@ func convertGR(pclient kyvernoclient.Interface) error {
|
|||
},
|
||||
}
|
||||
|
||||
new, err := pclient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Create(context.TODO(), ur, metav1.CreateOptions{})
|
||||
new, err := pclient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
logger.Info("failed to create UpdateRequest", "GR namespace", gr.GetNamespace(), "GR name", gr.GetName(), "err", err.Error())
|
||||
errors = append(errors, err)
|
||||
|
|
@ -511,13 +511,13 @@ func convertGR(pclient kyvernoclient.Interface) error {
|
|||
}
|
||||
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := pclient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := pclient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
logger.Error(err, "failed to set UpdateRequest state to Pending")
|
||||
errors = append(errors, err)
|
||||
continue
|
||||
}
|
||||
|
||||
if err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace).Delete(context.TODO(), gr.GetName(), metav1.DeleteOptions{}); err != nil {
|
||||
if err := pclient.KyvernoV1().GenerateRequests(config.KyvernoNamespace()).Delete(context.TODO(), gr.GetName(), metav1.DeleteOptions{}); err != nil {
|
||||
errors = append(errors, err)
|
||||
logger.Error(err, "failed to delete GR")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ func main() {
|
|||
|
||||
// informer factories
|
||||
kubeInformer := kubeinformers.NewSharedInformerFactory(kubeClient, resyncPeriod)
|
||||
kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace))
|
||||
kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace()))
|
||||
kyvernoInformer := kyvernoinformer.NewSharedInformerFactory(kyvernoClient, policyControllerResyncPeriod)
|
||||
|
||||
// utils
|
||||
|
|
@ -158,7 +158,7 @@ func main() {
|
|||
secrets := strings.Split(imagePullSecrets, ",")
|
||||
if imagePullSecrets != "" && len(secrets) > 0 {
|
||||
setupLog.Info("initializing registry credentials", "secrets", secrets)
|
||||
if err := registryclient.Initialize(kubeClient, config.KyvernoNamespace, "", secrets); err != nil {
|
||||
if err := registryclient.Initialize(kubeClient, config.KyvernoNamespace(), "", secrets); err != nil {
|
||||
setupLog.Error(err, "failed to initialize image pull secrets")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
|
@ -350,7 +350,7 @@ func main() {
|
|||
waitForCacheSync(stopCh, kyvernoInformer, kubeInformer, kubeKyvernoInformer)
|
||||
|
||||
// validate the ConfigMap format
|
||||
if err := webhookCfg.ValidateWebhookConfigurations(config.KyvernoNamespace, config.KyvernoConfigMapName); err != nil {
|
||||
if err := webhookCfg.ValidateWebhookConfigurations(config.KyvernoNamespace(), config.KyvernoConfigMapName()); err != nil {
|
||||
setupLog.Error(err, "invalid format of the Kyverno init ConfigMap, please correct the format of 'data.webhooks'")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
|
@ -375,7 +375,7 @@ func main() {
|
|||
}()
|
||||
|
||||
// webhookconfigurations are registered by the leader only
|
||||
webhookRegisterLeader, err := leaderelection.New("webhook-register", config.KyvernoNamespace, kubeClient, registerWebhookConfigurations, nil, log.Log.WithName("webhookRegister/LeaderElection"))
|
||||
webhookRegisterLeader, err := leaderelection.New("webhook-register", config.KyvernoNamespace(), kubeClient, registerWebhookConfigurations, nil, log.Log.WithName("webhookRegister/LeaderElection"))
|
||||
if err != nil {
|
||||
setupLog.Error(err, "failed to elector leader")
|
||||
os.Exit(1)
|
||||
|
|
@ -447,7 +447,7 @@ func main() {
|
|||
server.Stop(c)
|
||||
}
|
||||
|
||||
le, err := leaderelection.New("kyverno", config.KyvernoNamespace, kubeClientLeaderElection, run, stop, log.Log.WithName("kyverno/LeaderElection"))
|
||||
le, err := leaderelection.New("kyverno", config.KyvernoNamespace(), kubeClientLeaderElection, run, stop, log.Log.WithName("kyverno/LeaderElection"))
|
||||
if err != nil {
|
||||
setupLog.Error(err, "failed to elect a leader")
|
||||
os.Exit(1)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ func PatchUpdateRequest(ur *urkyverno.UpdateRequest, patch jsonutils.Patch, clie
|
|||
if nil != err {
|
||||
return ur, err
|
||||
}
|
||||
newUR, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Patch(context.TODO(), ur.Name, types.JSONPatchType, data, metav1.PatchOptions{}, subresources...)
|
||||
newUR, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Patch(context.TODO(), ur.Name, types.JSONPatchType, data, metav1.PatchOptions{}, subresources...)
|
||||
if err != nil {
|
||||
return ur, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ func NewController(
|
|||
|
||||
c.pLister = pInformer.Lister()
|
||||
c.npLister = npInformer.Lister()
|
||||
c.urLister = urInformer.Lister().UpdateRequests(config.KyvernoNamespace)
|
||||
c.urLister = urInformer.Lister().UpdateRequests(config.KyvernoNamespace())
|
||||
c.nsLister = namespaceInformer.Lister()
|
||||
|
||||
return &c, nil
|
||||
|
|
|
|||
|
|
@ -20,5 +20,5 @@ type Control struct {
|
|||
|
||||
//Delete deletes the specified resource
|
||||
func (c Control) Delete(gr string) error {
|
||||
return c.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Delete(context.TODO(), gr, metav1.DeleteOptions{})
|
||||
return c.client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), gr, metav1.DeleteOptions{})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ func (c *GenerateController) ProcessUR(ur *urkyverno.UpdateRequest) error {
|
|||
|
||||
if updateAnnotation {
|
||||
ur.SetAnnotations(urAnnotations)
|
||||
_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Update(contextdefault.TODO(), ur, metav1.UpdateOptions{})
|
||||
_, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(contextdefault.TODO(), ur, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to update annotation in update request for the resource", "update request", ur.Name, "resourceVersion", ur.GetResourceVersion())
|
||||
return err
|
||||
|
|
@ -226,7 +226,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
|
|||
}
|
||||
|
||||
for _, v := range urList {
|
||||
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to delete update request")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,15 +29,15 @@ func (c *Controller) ProcessUR(ur *urkyverno.UpdateRequest) error {
|
|||
func (c *Controller) MarkUR(ur *urkyverno.UpdateRequest) (*urkyverno.UpdateRequest, bool, error) {
|
||||
handler := ur.Status.Handler
|
||||
if handler != "" {
|
||||
if handler != config.KyvernoPodName {
|
||||
if handler != config.KyvernoPodName() {
|
||||
return nil, false, nil
|
||||
}
|
||||
return ur, true, nil
|
||||
}
|
||||
|
||||
handler = config.KyvernoPodName
|
||||
handler = config.KyvernoPodName()
|
||||
ur.Status.Handler = handler
|
||||
new, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), ur, metav1.UpdateOptions{})
|
||||
new, err := c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), ur, metav1.UpdateOptions{})
|
||||
return new, true, err
|
||||
}
|
||||
|
||||
|
|
@ -48,6 +48,6 @@ func (c *Controller) UnmarkUR(ur *urkyverno.UpdateRequest) error {
|
|||
}
|
||||
|
||||
newUR.Status.Handler = ""
|
||||
_, err = c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), newUR, metav1.UpdateOptions{})
|
||||
_, err = c.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), newUR, metav1.UpdateOptions{})
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ func NewController(
|
|||
|
||||
c.policyLister = policyInformer.Lister()
|
||||
c.npolicyLister = npolicyInformer.Lister()
|
||||
c.urLister = urInformer.Lister().UpdateRequests(config.KyvernoNamespace)
|
||||
c.urLister = urInformer.Lister().UpdateRequests(config.KyvernoNamespace())
|
||||
c.nsLister = namespaceInformer.Lister()
|
||||
|
||||
return &c, nil
|
||||
|
|
|
|||
|
|
@ -70,20 +70,40 @@ const (
|
|||
)
|
||||
|
||||
var (
|
||||
// KyvernoNamespace is the Kyverno namespace
|
||||
KyvernoNamespace = osutils.GetEnvWithFallback("KYVERNO_NAMESPACE", "kyverno")
|
||||
// KyvernoDeploymentName is the Kyverno deployment name
|
||||
KyvernoDeploymentName = osutils.GetEnvWithFallback("KYVERNO_DEPLOYMENT", "kyverno")
|
||||
// KyvernoServiceName is the Kyverno service name
|
||||
KyvernoServiceName = osutils.GetEnvWithFallback("KYVERNO_SVC", "kyverno-svc")
|
||||
// KyvernoPodName is the Kyverno pod name
|
||||
KyvernoPodName = osutils.GetEnvWithFallback("KYVERNO_POD_NAME", "kyverno")
|
||||
// KyvernoConfigMapName is the Kyverno configmap name
|
||||
KyvernoConfigMapName = osutils.GetEnvWithFallback("INIT_CONFIG", "kyverno")
|
||||
// kyvernoNamespace is the Kyverno namespace
|
||||
kyvernoNamespace = osutils.GetEnvWithFallback("KYVERNO_NAMESPACE", "kyverno")
|
||||
// kyvernoDeploymentName is the Kyverno deployment name
|
||||
kyvernoDeploymentName = osutils.GetEnvWithFallback("KYVERNO_DEPLOYMENT", "kyverno")
|
||||
// kyvernoServiceName is the Kyverno service name
|
||||
kyvernoServiceName = osutils.GetEnvWithFallback("KYVERNO_SVC", "kyverno-svc")
|
||||
// kyvernoPodName is the Kyverno pod name
|
||||
kyvernoPodName = osutils.GetEnvWithFallback("KYVERNO_POD_NAME", "kyverno")
|
||||
// kyvernoConfigMapName is the Kyverno configmap name
|
||||
kyvernoConfigMapName = osutils.GetEnvWithFallback("INIT_CONFIG", "kyverno")
|
||||
// defaultExcludeGroupRole ...
|
||||
defaultExcludeGroupRole []string = []string{"system:serviceaccounts:kube-system", "system:nodes", "system:kube-scheduler"}
|
||||
)
|
||||
|
||||
func KyvernoNamespace() string {
|
||||
return kyvernoNamespace
|
||||
}
|
||||
|
||||
func KyvernoDeploymentName() string {
|
||||
return kyvernoDeploymentName
|
||||
}
|
||||
|
||||
func KyvernoServiceName() string {
|
||||
return kyvernoServiceName
|
||||
}
|
||||
|
||||
func KyvernoPodName() string {
|
||||
return kyvernoPodName
|
||||
}
|
||||
|
||||
func KyvernoConfigMapName() string {
|
||||
return kyvernoConfigMapName
|
||||
}
|
||||
|
||||
// Configuration to be used by consumer to check filters
|
||||
type Configuration interface {
|
||||
// ToFilter checks if the given resource is set to be filtered in the configuration
|
||||
|
|
@ -125,7 +145,7 @@ func NewConfiguration(client kubernetes.Interface, reconcilePolicyReport, update
|
|||
restrictDevelopmentUsername: []string{"minikube-user", "kubernetes-admin"},
|
||||
excludeGroupRole: defaultExcludeGroupRole,
|
||||
}
|
||||
if cm, err := client.CoreV1().ConfigMaps(KyvernoNamespace).Get(context.TODO(), KyvernoConfigMapName, metav1.GetOptions{}); err != nil {
|
||||
if cm, err := client.CoreV1().ConfigMaps(kyvernoNamespace).Get(context.TODO(), kyvernoConfigMapName, metav1.GetOptions{}); err != nil {
|
||||
if !errors.IsNotFound(err) {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ func NewMetricsConfigData(rclient kubernetes.Interface) (*MetricsConfigData, err
|
|||
}
|
||||
|
||||
if cmName != "" {
|
||||
kyvernoNamespace := KyvernoNamespace
|
||||
kyvernoNamespace := kyvernoNamespace
|
||||
configMap, err := rclient.CoreV1().ConfigMaps(kyvernoNamespace).Get(context.TODO(), mcd.cmName, metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("error occurred while fetching the metrics configmap at %s/%s: %w", kyvernoNamespace, mcd.cmName, err)
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ func NewController(secretInformer informerv1.SecretInformer, certRenewer *tls.Ce
|
|||
|
||||
func (m *controller) addSecretFunc(obj interface{}) {
|
||||
secret := obj.(*v1.Secret)
|
||||
if secret.GetNamespace() == config.KyvernoNamespace && secret.GetName() == m.renewer.GenerateTLSPairSecretName() {
|
||||
if secret.GetNamespace() == config.KyvernoNamespace() && secret.GetName() == m.renewer.GenerateTLSPairSecretName() {
|
||||
m.secretQueue <- true
|
||||
}
|
||||
}
|
||||
|
|
@ -51,7 +51,7 @@ func (m *controller) addSecretFunc(obj interface{}) {
|
|||
func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
|
||||
old := oldObj.(*v1.Secret)
|
||||
new := newObj.(*v1.Secret)
|
||||
if new.GetNamespace() == config.KyvernoNamespace && new.GetName() == m.renewer.GenerateTLSPairSecretName() {
|
||||
if new.GetNamespace() == config.KyvernoNamespace() && new.GetName() == m.renewer.GenerateTLSPairSecretName() {
|
||||
if !reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) {
|
||||
m.secretQueue <- true
|
||||
logger.V(4).Info("secret updated, reconciling webhook configurations")
|
||||
|
|
@ -60,7 +60,7 @@ func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
|
|||
}
|
||||
|
||||
func (m *controller) GetTLSPemPair() (*tls.PemPair, error) {
|
||||
secret, err := m.secretLister.Secrets(config.KyvernoNamespace).Get(m.renewer.GenerateTLSPairSecretName())
|
||||
secret, err := m.secretLister.Secrets(config.KyvernoNamespace()).Get(m.renewer.GenerateTLSPairSecretName())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ func (c *controller) reconcile(key string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if namespace != config.KyvernoNamespace || name != config.KyvernoConfigMapName {
|
||||
if namespace != config.KyvernoNamespace() || name != config.KyvernoConfigMapName() {
|
||||
return nil
|
||||
}
|
||||
configMap, err := c.configmapLister.ConfigMaps(namespace).Get(name)
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ func newFixture(t *testing.T) *fixture {
|
|||
kubeutils.NewUnstructured("group/version", "TheKind", "ns-foo", "name-bar"),
|
||||
kubeutils.NewUnstructured("group/version", "TheKind", "ns-foo", "name-baz"),
|
||||
kubeutils.NewUnstructured("group2/version", "TheKind", "ns-foo", "name2-baz"),
|
||||
kubeutils.NewUnstructured("apps/v1", "Deployment", config.KyvernoNamespace, config.KyvernoDeploymentName),
|
||||
kubeutils.NewUnstructured("apps/v1", "Deployment", config.KyvernoNamespace(), config.KyvernoDeploymentName()),
|
||||
}
|
||||
|
||||
scheme := runtime.NewScheme()
|
||||
|
|
|
|||
|
|
@ -522,7 +522,7 @@ func generateTriggers(client client.Interface, rule kyverno.Rule, log logr.Logge
|
|||
func deleteUR(kyvernoClient kyvernoclient.Interface, policyKey string, grList []*urkyverno.UpdateRequest, logger logr.Logger) {
|
||||
for _, v := range grList {
|
||||
if policyKey == v.Spec.Policy {
|
||||
err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
logger.Error(err, "failed to delete ur", "name", v.GetName())
|
||||
}
|
||||
|
|
@ -545,14 +545,14 @@ func updateUR(kyvernoClient kyvernoclient.Interface, policyKey string, urList []
|
|||
urLabels["policy-update"] = fmt.Sprintf("revision-count-%d", nBig.Int64())
|
||||
ur.SetLabels(urLabels)
|
||||
|
||||
new, err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Update(context.TODO(), ur, metav1.UpdateOptions{})
|
||||
new, err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(context.TODO(), ur, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to update gr", "name", ur.GetName())
|
||||
continue
|
||||
}
|
||||
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
logger.Error(err, "failed to set UpdateRequest state to Pending")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ func cleanupReportChangeRequests(pclient kyvernoclient.Interface, rcrLister chan
|
|||
errors = append(errors, err.Error())
|
||||
}
|
||||
|
||||
err = pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
|
||||
err = pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace()).DeleteCollection(context.TODO(), deleteOptions, metav1.ListOptions{})
|
||||
if err != nil {
|
||||
errors = append(errors, err.Error())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -116,13 +116,13 @@ func (pc *PolicyController) handleUpdateRequest(ur *urkyverno.UpdateRequest, tri
|
|||
continue
|
||||
}
|
||||
|
||||
new, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Create(context.TODO(), ur, metav1.CreateOptions{})
|
||||
new, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), ur, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := pc.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
pc.log.Error(err, "failed to set UpdateRequest state to Pending")
|
||||
return false, err
|
||||
}
|
||||
|
|
@ -169,7 +169,7 @@ func newUR(policy kyverno.PolicyInterface, trigger *unstructured.Unstructured, r
|
|||
return &urkyverno.UpdateRequest{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
GenerateName: "ur-",
|
||||
Namespace: config.KyvernoNamespace,
|
||||
Namespace: config.KyvernoNamespace(),
|
||||
Labels: label,
|
||||
},
|
||||
Spec: urkyverno.UpdateRequestSpec{
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ func set(obj *unstructured.Unstructured, info Info) {
|
|||
} else {
|
||||
obj.SetGenerateName("rcr-")
|
||||
obj.SetKind("ReportChangeRequest")
|
||||
obj.SetNamespace(config.KyvernoNamespace)
|
||||
obj.SetNamespace(config.KyvernoNamespace())
|
||||
}
|
||||
|
||||
obj.SetLabels(map[string]string{
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ func (c *changeRequestCreator) add(request *unstructured.Unstructured) {
|
|||
func (c *changeRequestCreator) create(request *unstructured.Unstructured) error {
|
||||
ns := ""
|
||||
if request.GetKind() == "ReportChangeRequest" {
|
||||
ns = config.KyvernoNamespace
|
||||
ns = config.KyvernoNamespace()
|
||||
rcr, err := convertToRCR(request)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -427,7 +427,7 @@ func (g *ReportGenerator) removePolicyEntryFromReport(policyName, ruleName strin
|
|||
deletedLabelRule: ruleName,
|
||||
})
|
||||
}
|
||||
aggregatedRequests, err = g.reportChangeRequestLister.ReportChangeRequests(config.KyvernoNamespace).List(labels.SelectorFromSet(labelset))
|
||||
aggregatedRequests, err = g.reportChangeRequestLister.ReportChangeRequests(config.KyvernoNamespace()).List(labels.SelectorFromSet(labelset))
|
||||
if err != nil {
|
||||
return aggregatedRequests, err
|
||||
}
|
||||
|
|
@ -512,7 +512,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
|
|||
aggregatedRequests interface{},
|
||||
err error,
|
||||
) {
|
||||
kyvernoNamespace, err := g.nsLister.Get(config.KyvernoNamespace)
|
||||
kyvernoNamespace, err := g.nsLister.Get(config.KyvernoNamespace())
|
||||
if err != nil {
|
||||
g.log.Error(err, "failed to get Kyverno namespace, policy reports will not be garbage collected upon termination")
|
||||
}
|
||||
|
|
@ -541,7 +541,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
|
|||
}
|
||||
|
||||
selector := labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, resourceLabelNamespace: namespace}))
|
||||
requests, err := g.reportChangeRequestLister.ReportChangeRequests(config.KyvernoNamespace).List(selector)
|
||||
requests, err := g.reportChangeRequestLister.ReportChangeRequests(config.KyvernoNamespace()).List(selector)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("unable to list reportChangeRequests within namespace %s: %v", ns, err)
|
||||
}
|
||||
|
|
@ -716,7 +716,7 @@ func (g *ReportGenerator) cleanupReportRequests(requestsGeneral interface{}) {
|
|||
defer g.log.V(5).Info("successfully cleaned up report requests")
|
||||
if requests, ok := requestsGeneral.([]*changerequest.ReportChangeRequest); ok {
|
||||
for _, request := range requests {
|
||||
if err := g.pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace).Delete(context.TODO(), request.Name, metav1.DeleteOptions{}); err != nil {
|
||||
if err := g.pclient.KyvernoV1alpha2().ReportChangeRequests(config.KyvernoNamespace()).Delete(context.TODO(), request.Name, metav1.DeleteOptions{}); err != nil {
|
||||
if !apierrors.IsNotFound(err) {
|
||||
g.log.Error(err, "failed to delete report request")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@ func (c *CertRenewer) WriteCACertToSecret(caPEM *PemPair) error {
|
|||
logger := c.log.WithName("CAcert")
|
||||
name := c.GenerateRootCASecretName()
|
||||
|
||||
depl, err := c.client.AppsV1().Deployments(c.certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
depl, err := c.client.AppsV1().Deployments(c.certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
|
||||
deplHash := ""
|
||||
if err == nil {
|
||||
|
|
@ -183,7 +183,7 @@ func (c *CertRenewer) WriteTLSPairToSecret(pemPair *PemPair) error {
|
|||
|
||||
name := c.GenerateTLSPairSecretName()
|
||||
|
||||
depl, err := c.client.AppsV1().Deployments(c.certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
depl, err := c.client.AppsV1().Deployments(c.certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
|
||||
deplHash := ""
|
||||
if err == nil {
|
||||
|
|
@ -250,7 +250,7 @@ func (c *CertRenewer) WriteTLSPairToSecret(pemPair *PemPair) error {
|
|||
// Kyverno pod will register webhook server with new cert
|
||||
func (c *CertRenewer) RollingUpdate() error {
|
||||
update := func() error {
|
||||
deploy, err := c.client.AppsV1().Deployments(config.KyvernoNamespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
deploy, err := c.client.AppsV1().Deployments(config.KyvernoNamespace()).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to find Kyverno")
|
||||
}
|
||||
|
|
@ -265,7 +265,7 @@ func (c *CertRenewer) RollingUpdate() error {
|
|||
|
||||
deploy.Spec.Template.Annotations[rollingUpdateAnnotation] = time.Now().String()
|
||||
|
||||
if _, err = c.client.AppsV1().Deployments(config.KyvernoNamespace).Update(context.TODO(), deploy, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err = c.client.AppsV1().Deployments(config.KyvernoNamespace()).Update(context.TODO(), deploy, metav1.UpdateOptions{}); err != nil {
|
||||
return errors.Wrap(err, "update Kyverno deployment")
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ func ReadRootCASecret(restConfig *rest.Config, client kubernetes.Interface) (res
|
|||
return nil, errors.Wrap(err, "failed to get TLS Cert Properties")
|
||||
}
|
||||
|
||||
depl, err := client.AppsV1().Deployments(certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
depl, err := client.AppsV1().Deployments(certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
|
||||
deplHash := ""
|
||||
if err == nil {
|
||||
|
|
@ -61,7 +61,7 @@ func ReadTLSPair(restConfig *rest.Config, client kubernetes.Interface) (*PemPair
|
|||
return nil, errors.Wrap(err, "failed to get TLS Cert Properties")
|
||||
}
|
||||
|
||||
depl, err := client.AppsV1().Deployments(certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
depl, err := client.AppsV1().Deployments(certProps.Namespace).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
|
||||
deplHash := ""
|
||||
if err == nil {
|
||||
|
|
@ -116,8 +116,8 @@ func GetTLSCertProps(configuration *rest.Config) (*CertificateProps, error) {
|
|||
return nil, err
|
||||
}
|
||||
return &CertificateProps{
|
||||
Service: config.KyvernoServiceName,
|
||||
Namespace: config.KyvernoNamespace,
|
||||
Service: config.KyvernoServiceName(),
|
||||
Namespace: config.KyvernoNamespace(),
|
||||
APIServerHost: apiServerURL.Hostname(),
|
||||
}, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ func (wrc *Register) GetKubePolicyClusterRoleName() (*rbacv1.ClusterRole, error)
|
|||
// GetKubePolicyDeployment gets Kyverno deployment using the resource cache
|
||||
// it does not initialize any client call
|
||||
func (wrc *Register) GetKubePolicyDeployment() (*appsv1.Deployment, error) {
|
||||
deploy, err := wrc.kDeplLister.Deployments(config.KyvernoNamespace).Get(config.KyvernoDeploymentName)
|
||||
deploy, err := wrc.kDeplLister.Deployments(config.KyvernoNamespace()).Get(config.KyvernoDeploymentName())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -155,8 +155,8 @@ func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSec
|
|||
Name: name,
|
||||
ClientConfig: admregapi.WebhookClientConfig{
|
||||
Service: &admregapi.ServiceReference{
|
||||
Namespace: config.KyvernoNamespace,
|
||||
Name: config.KyvernoServiceName,
|
||||
Namespace: config.KyvernoNamespace(),
|
||||
Name: config.KyvernoServiceName(),
|
||||
Path: &servicePath,
|
||||
},
|
||||
CABundle: caData,
|
||||
|
|
@ -174,8 +174,8 @@ func generateValidatingWebhook(name, servicePath string, caData []byte, timeoutS
|
|||
Name: name,
|
||||
ClientConfig: admregapi.WebhookClientConfig{
|
||||
Service: &admregapi.ServiceReference{
|
||||
Namespace: config.KyvernoNamespace,
|
||||
Name: config.KyvernoServiceName,
|
||||
Namespace: config.KyvernoNamespace(),
|
||||
Name: config.KyvernoServiceName(),
|
||||
Path: &servicePath,
|
||||
},
|
||||
CABundle: caData,
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ type Monitor struct {
|
|||
// NewMonitor returns a new instance of webhook monitor
|
||||
func NewMonitor(kubeClient kubernetes.Interface, log logr.Logger) (*Monitor, error) {
|
||||
monitor := &Monitor{
|
||||
leaseClient: kubeClient.CoordinationV1().Leases(config.KyvernoNamespace),
|
||||
leaseClient: kubeClient.CoordinationV1().Leases(config.KyvernoNamespace()),
|
||||
lastSeenRequestTime: time.Now(),
|
||||
log: log,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ func (wrc *Register) Check() error {
|
|||
func (wrc *Register) Remove(cleanUp chan<- struct{}) {
|
||||
defer close(cleanUp)
|
||||
// delete Lease object to let init container do the cleanup
|
||||
if err := wrc.kubeClient.CoordinationV1().Leases(config.KyvernoNamespace).Delete(context.TODO(), "kyvernopre-lock", metav1.DeleteOptions{}); err != nil && errorsapi.IsNotFound(err) {
|
||||
if err := wrc.kubeClient.CoordinationV1().Leases(config.KyvernoNamespace()).Delete(context.TODO(), "kyvernopre-lock", metav1.DeleteOptions{}); err != nil && errorsapi.IsNotFound(err) {
|
||||
wrc.log.WithName("cleanup").Error(err, "failed to clean up Lease lock")
|
||||
}
|
||||
if wrc.shouldCleanupKyvernoResource() {
|
||||
|
|
@ -315,16 +315,16 @@ func (wrc *Register) createVerifyMutatingWebhookConfiguration(caData []byte) err
|
|||
}
|
||||
|
||||
func (wrc *Register) checkEndpoint() error {
|
||||
endpoint, err := wrc.kubeClient.CoreV1().Endpoints(config.KyvernoNamespace).Get(context.TODO(), config.KyvernoServiceName, metav1.GetOptions{})
|
||||
endpoint, err := wrc.kubeClient.CoreV1().Endpoints(config.KyvernoNamespace()).Get(context.TODO(), config.KyvernoServiceName(), metav1.GetOptions{})
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to get endpoint %s/%s: %v", config.KyvernoNamespace, config.KyvernoServiceName, err)
|
||||
return fmt.Errorf("failed to get endpoint %s/%s: %v", config.KyvernoNamespace(), config.KyvernoServiceName(), err)
|
||||
}
|
||||
selector := &metav1.LabelSelector{
|
||||
MatchLabels: map[string]string{
|
||||
"app.kubernetes.io/name": "kyverno",
|
||||
},
|
||||
}
|
||||
pods, err := wrc.kubeClient.CoreV1().Pods(config.KyvernoNamespace).List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
|
||||
pods, err := wrc.kubeClient.CoreV1().Pods(config.KyvernoNamespace()).List(context.TODO(), metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)})
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to list Kyverno Pod: %v", err)
|
||||
}
|
||||
|
|
@ -338,13 +338,13 @@ func (wrc *Register) checkEndpoint() error {
|
|||
}
|
||||
for _, addr := range subset.Addresses {
|
||||
if utils.ContainsString(ips, addr.IP) {
|
||||
wrc.log.Info("Endpoint ready", "ns", config.KyvernoNamespace, "name", config.KyvernoServiceName)
|
||||
wrc.log.Info("Endpoint ready", "ns", config.KyvernoNamespace(), "name", config.KyvernoServiceName())
|
||||
return nil
|
||||
}
|
||||
}
|
||||
}
|
||||
err = fmt.Errorf("endpoint not ready")
|
||||
wrc.log.V(3).Info(err.Error(), "ns", config.KyvernoNamespace, "name", config.KyvernoServiceName)
|
||||
wrc.log.V(3).Info(err.Error(), "ns", config.KyvernoNamespace(), "name", config.KyvernoServiceName())
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -480,7 +480,7 @@ func (wrc *Register) updateValidatingWebhookConfiguration(targetConfig *admregap
|
|||
|
||||
func (wrc *Register) shouldCleanupKyvernoResource() bool {
|
||||
logger := wrc.log.WithName("cleanupKyvernoResource")
|
||||
deploy, err := wrc.kubeClient.AppsV1().Deployments(config.KyvernoNamespace).Get(context.TODO(), config.KyvernoDeploymentName, metav1.GetOptions{})
|
||||
deploy, err := wrc.kubeClient.AppsV1().Deployments(config.KyvernoNamespace()).Get(context.TODO(), config.KyvernoDeploymentName(), metav1.GetOptions{})
|
||||
if err != nil {
|
||||
if errorsapi.IsNotFound(err) {
|
||||
logger.Info("Kyverno deployment not found, cleanup Kyverno resources")
|
||||
|
|
@ -507,7 +507,7 @@ func (wrc *Register) removeSecrets() {
|
|||
tls.ManagedByLabel: "kyverno",
|
||||
},
|
||||
}
|
||||
if err := wrc.kubeClient.CoreV1().Secrets(config.KyvernoNamespace).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)}); err != nil {
|
||||
if err := wrc.kubeClient.CoreV1().Secrets(config.KyvernoNamespace()).DeleteCollection(context.TODO(), metav1.DeleteOptions{}, metav1.ListOptions{LabelSelector: metav1.FormatLabelSelector(selector)}); err != nil {
|
||||
wrc.log.Error(err, "failed to clean up Kyverno managed secrets")
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ func newStatusControl(leaseClient coordinationv1.LeaseInterface, eventGen event.
|
|||
}
|
||||
|
||||
func (vc statusControl) setStatus(status string) error {
|
||||
logger := vc.log.WithValues("name", leaseName, "namespace", config.KyvernoNamespace)
|
||||
logger := vc.log.WithValues("name", leaseName, "namespace", config.KyvernoNamespace())
|
||||
var ann map[string]string
|
||||
var err error
|
||||
|
||||
|
|
@ -88,7 +88,7 @@ func (vc statusControl) setStatus(status string) error {
|
|||
func createStatusUpdateEvent(status string, eventGen event.Interface) {
|
||||
e := event.Info{}
|
||||
e.Kind = "Lease"
|
||||
e.Namespace = config.KyvernoNamespace
|
||||
e.Namespace = config.KyvernoNamespace()
|
||||
e.Name = leaseName
|
||||
e.Reason = "Update"
|
||||
e.Message = fmt.Sprintf("admission control webhook active status changed to %s", status)
|
||||
|
|
|
|||
|
|
@ -171,7 +171,7 @@ func (ws *WebhookServer) updateAnnotationInUR(ur *urkyverno.UpdateRequest, logge
|
|||
return
|
||||
}
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := ws.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(contextdefault.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := ws.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(contextdefault.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
logger.Error(err, "failed to set UpdateRequest state to Pending", "update request", ur.Name)
|
||||
}
|
||||
}
|
||||
|
|
@ -371,7 +371,7 @@ func (ws *WebhookServer) deleteGR(logger logr.Logger, engineResponse *response.E
|
|||
}
|
||||
|
||||
for _, v := range urList {
|
||||
err := ws.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
err := ws.kyvernoClient.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Delete(contextdefault.TODO(), v.GetName(), metav1.DeleteOptions{})
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to update ur")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -125,7 +125,7 @@ func NewWebhookServer(
|
|||
ws := &WebhookServer{
|
||||
client: client,
|
||||
kyvernoClient: kyvernoClient,
|
||||
urLister: urInformer.Lister().UpdateRequests(config.KyvernoNamespace),
|
||||
urLister: urInformer.Lister().UpdateRequests(config.KyvernoNamespace()),
|
||||
rbLister: rbInformer.Lister(),
|
||||
rLister: rInformer.Lister(),
|
||||
nsLister: namespace.Lister(),
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ func NewGenerator(client kyvernoclient.Interface, urInformer urkyvernoinformer.U
|
|||
client: client,
|
||||
stopCh: stopCh,
|
||||
log: log,
|
||||
urLister: urInformer.Lister().UpdateRequests(config.KyvernoNamespace),
|
||||
urLister: urInformer.Lister().UpdateRequests(config.KyvernoNamespace()),
|
||||
}
|
||||
return gen
|
||||
}
|
||||
|
|
@ -137,7 +137,7 @@ func retryApplyResource(
|
|||
})
|
||||
}
|
||||
|
||||
ur.SetNamespace(config.KyvernoNamespace)
|
||||
ur.SetNamespace(config.KyvernoNamespace())
|
||||
isExist := false
|
||||
log.V(4).Info("apply UpdateRequest", "ruleType", ur.Spec.Type)
|
||||
|
||||
|
|
@ -155,7 +155,7 @@ func retryApplyResource(
|
|||
v.Spec.Resource = ur.Spec.Resource
|
||||
v.Status.Message = ""
|
||||
|
||||
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Update(context.TODO(), v, metav1.UpdateOptions{})
|
||||
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Update(context.TODO(), v, metav1.UpdateOptions{})
|
||||
if err != nil {
|
||||
log.V(4).Info("failed to update UpdateRequest, retrying", "retryCount", i, "name", ur.GetName(), "namespace", ur.GetNamespace(), "err", err.Error())
|
||||
i++
|
||||
|
|
@ -165,7 +165,7 @@ func retryApplyResource(
|
|||
}
|
||||
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
log.Error(err, "failed to set UpdateRequest state to Pending")
|
||||
return err
|
||||
}
|
||||
|
|
@ -179,7 +179,7 @@ func retryApplyResource(
|
|||
ur.SetGenerateName("ur-")
|
||||
ur.SetLabels(queryLabels)
|
||||
|
||||
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).Create(context.TODO(), &ur, metav1.CreateOptions{})
|
||||
new, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).Create(context.TODO(), &ur, metav1.CreateOptions{})
|
||||
if err != nil {
|
||||
log.V(4).Info("failed to create UpdateRequest, retrying", "retryCount", i, "name", ur.GetGenerateName(), "namespace", ur.GetNamespace(), "err", err.Error())
|
||||
i++
|
||||
|
|
@ -189,7 +189,7 @@ func retryApplyResource(
|
|||
}
|
||||
|
||||
new.Status.State = urkyverno.Pending
|
||||
if _, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
if _, err := client.KyvernoV1beta1().UpdateRequests(config.KyvernoNamespace()).UpdateStatus(context.TODO(), new, metav1.UpdateOptions{}); err != nil {
|
||||
log.Error(err, "failed to set UpdateRequest state to Pending")
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue