mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
refactor: policycache package logger (#3783)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché
GitHub
parent
f70ef051dc
commit
207459cc40
5 changed files with 47 additions and 56 deletions
|
|
@ -151,6 +151,9 @@ func main() {
|
|||
kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace))
|
||||
kyvernoInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(kyvernoClient, policyControllerResyncPeriod)
|
||||
|
||||
// utils
|
||||
kyvernoV1 := kyvernoInformer.Kyverno().V1()
|
||||
|
||||
// load image registry secrets
|
||||
secrets := strings.Split(imagePullSecrets, ",")
|
||||
if imagePullSecrets != "" && len(secrets) > 0 {
|
||||
|
|
@ -169,8 +172,8 @@ func main() {
|
|||
// - generate event with retry mechanism
|
||||
eventGenerator := event.NewEventGenerator(
|
||||
dynamicClient,
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
log.Log.WithName("EventGenerator"))
|
||||
|
||||
// POLICY Report GENERATOR
|
||||
|
|
@ -178,8 +181,8 @@ func main() {
|
|||
dynamicClient,
|
||||
kyvernoInformer.Kyverno().V1alpha2().ReportChangeRequests(),
|
||||
kyvernoInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(),
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
log.Log.WithName("ReportChangeRequestGenerator"),
|
||||
)
|
||||
|
||||
|
|
@ -206,8 +209,8 @@ func main() {
|
|||
kubeInformer.Admissionregistration().V1().MutatingWebhookConfigurations(),
|
||||
kubeInformer.Admissionregistration().V1().ValidatingWebhookConfigurations(),
|
||||
kubeKyvernoInformer.Apps().V1().Deployments(),
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
serverIP,
|
||||
int32(webhookTimeout),
|
||||
debug,
|
||||
|
|
@ -268,8 +271,8 @@ func main() {
|
|||
kubeClient,
|
||||
kyvernoClient,
|
||||
dynamicClient,
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
|
||||
configData,
|
||||
eventGenerator,
|
||||
|
|
@ -295,8 +298,8 @@ func main() {
|
|||
kubeClient,
|
||||
kyvernoClient,
|
||||
dynamicClient,
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
|
||||
eventGenerator,
|
||||
kubeInformer.Core().V1().Namespaces(),
|
||||
|
|
@ -312,8 +315,8 @@ func main() {
|
|||
kubeClient,
|
||||
kyvernoClient,
|
||||
dynamicClient,
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kyvernoV1.Policies(),
|
||||
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
|
||||
kubeInformer.Core().V1().Namespaces(),
|
||||
log.Log.WithName("GenerateCleanUpController"),
|
||||
|
|
@ -323,11 +326,7 @@ func main() {
|
|||
os.Exit(1)
|
||||
}
|
||||
|
||||
pCacheController := policycache.NewPolicyCacheController(
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoInformer.Kyverno().V1().Policies(),
|
||||
log.Log.WithName("PolicyCacheController"),
|
||||
)
|
||||
pCacheController := policycache.NewPolicyCacheController(kyvernoV1.ClusterPolicies(), kyvernoV1.Policies())
|
||||
|
||||
auditHandler := webhooks.NewValidateAuditHandler(
|
||||
pCacheController.Cache,
|
||||
|
|
@ -417,7 +416,7 @@ func main() {
|
|||
dynamicClient,
|
||||
tlsPair,
|
||||
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
|
||||
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
|
||||
kyvernoV1.ClusterPolicies(),
|
||||
kubeInformer.Rbac().V1().RoleBindings(),
|
||||
kubeInformer.Rbac().V1().ClusterRoleBindings(),
|
||||
kubeInformer.Rbac().V1().Roles(),
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ import (
|
|||
lv1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
"gotest.tools/assert"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
)
|
||||
|
||||
type dummyLister struct {
|
||||
|
|
@ -46,7 +45,7 @@ func (dl dummyNsLister) Get(name string) (*kyverno.Policy, error) {
|
|||
}
|
||||
|
||||
func Test_All(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newPolicy(t)
|
||||
//add
|
||||
pCache.add(policy)
|
||||
|
|
@ -78,7 +77,7 @@ func Test_All(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Add_Duplicate_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newPolicy(t)
|
||||
pCache.add(policy)
|
||||
pCache.add(policy)
|
||||
|
|
@ -104,7 +103,7 @@ func Test_Add_Duplicate_Policy(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Add_Validate_Audit(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newPolicy(t)
|
||||
pCache.add(policy)
|
||||
pCache.add(policy)
|
||||
|
|
@ -129,7 +128,7 @@ func Test_Add_Validate_Audit(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Add_Remove(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newPolicy(t)
|
||||
kind := "Pod"
|
||||
pCache.add(policy)
|
||||
|
|
@ -157,7 +156,7 @@ func Test_Add_Remove(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Add_Remove_Any(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newAnyPolicy(t)
|
||||
kind := "Pod"
|
||||
pCache.add(policy)
|
||||
|
|
@ -185,7 +184,7 @@ func Test_Add_Remove_Any(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Remove_From_Empty_Cache(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, nil, nil)
|
||||
pCache := newPolicyCache(nil, nil)
|
||||
policy := newPolicy(t)
|
||||
|
||||
pCache.remove(policy)
|
||||
|
|
@ -926,7 +925,7 @@ func newValidateEnforcePolicy(t *testing.T) *kyverno.ClusterPolicy {
|
|||
}
|
||||
|
||||
func Test_Ns_All(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newNsPolicy(t)
|
||||
//add
|
||||
pCache.add(policy)
|
||||
|
|
@ -958,7 +957,7 @@ func Test_Ns_All(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Ns_Add_Duplicate_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newNsPolicy(t)
|
||||
pCache.add(policy)
|
||||
pCache.add(policy)
|
||||
|
|
@ -985,7 +984,7 @@ func Test_Ns_Add_Duplicate_Policy(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Ns_Add_Validate_Audit(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newNsPolicy(t)
|
||||
pCache.add(policy)
|
||||
pCache.add(policy)
|
||||
|
|
@ -1010,7 +1009,7 @@ func Test_Ns_Add_Validate_Audit(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Ns_Add_Remove(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newNsPolicy(t)
|
||||
nspace := policy.GetNamespace()
|
||||
kind := "Pod"
|
||||
|
|
@ -1028,7 +1027,7 @@ func Test_Ns_Add_Remove(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_GVk_Cache(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newGVKPolicy(t)
|
||||
//add
|
||||
pCache.add(policy)
|
||||
|
|
@ -1044,7 +1043,7 @@ func Test_GVk_Cache(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_GVK_Add_Remove(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newGVKPolicy(t)
|
||||
kind := "ClusterRole"
|
||||
pCache.add(policy)
|
||||
|
|
@ -1061,7 +1060,7 @@ func Test_GVK_Add_Remove(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Add_Validate_Enforce(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newUserTestPolicy(t)
|
||||
nspace := policy.GetNamespace()
|
||||
//add
|
||||
|
|
@ -1077,7 +1076,7 @@ func Test_Add_Validate_Enforce(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Ns_Add_Remove_User(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newUserTestPolicy(t)
|
||||
nspace := policy.GetNamespace()
|
||||
kind := "Deployment"
|
||||
|
|
@ -1095,7 +1094,7 @@ func Test_Ns_Add_Remove_User(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Mutate_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newMutatePolicy(t)
|
||||
//add
|
||||
pCache.add(policy)
|
||||
|
|
@ -1114,7 +1113,7 @@ func Test_Mutate_Policy(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Generate_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newgenratePolicy(t)
|
||||
//add
|
||||
pCache.add(policy)
|
||||
|
|
@ -1131,7 +1130,7 @@ func Test_Generate_Policy(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_NsMutate_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy := newMutatePolicy(t)
|
||||
nspolicy := newNsMutatePolicy(t)
|
||||
//add
|
||||
|
|
@ -1156,7 +1155,7 @@ func Test_NsMutate_Policy(t *testing.T) {
|
|||
}
|
||||
|
||||
func Test_Validate_Enforce_Policy(t *testing.T) {
|
||||
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{})
|
||||
pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
|
||||
policy1 := newValidateAuditPolicy(t)
|
||||
policy2 := newValidateEnforcePolicy(t)
|
||||
pCache.add(policy1)
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import (
|
|||
"reflect"
|
||||
"sync/atomic"
|
||||
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
|
|
@ -21,22 +20,15 @@ import (
|
|||
// policies based on types (Mutate/ValidateEnforce/Generate/imageVerify).
|
||||
type Controller struct {
|
||||
Cache Interface
|
||||
log logr.Logger
|
||||
cpolLister kyvernolister.ClusterPolicyLister
|
||||
polLister kyvernolister.PolicyLister
|
||||
pCounter int64
|
||||
}
|
||||
|
||||
// NewPolicyCacheController create a new PolicyController
|
||||
func NewPolicyCacheController(
|
||||
pInformer kyvernoinformer.ClusterPolicyInformer,
|
||||
nspInformer kyvernoinformer.PolicyInformer,
|
||||
log logr.Logger,
|
||||
) *Controller {
|
||||
|
||||
func NewPolicyCacheController(pInformer kyvernoinformer.ClusterPolicyInformer, nspInformer kyvernoinformer.PolicyInformer) *Controller {
|
||||
pc := Controller{
|
||||
Cache: newPolicyCache(log, pInformer.Lister(), nspInformer.Lister()),
|
||||
log: log,
|
||||
Cache: newPolicyCache(pInformer.Lister(), nspInformer.Lister()),
|
||||
}
|
||||
|
||||
// ClusterPolicy Informer
|
||||
|
|
@ -103,7 +95,6 @@ func (c *Controller) deleteNsPolicy(obj interface{}) {
|
|||
|
||||
// CheckPolicySync wait until the internal policy cache is fully loaded
|
||||
func (c *Controller) CheckPolicySync(stopCh <-chan struct{}) {
|
||||
logger := c.log
|
||||
logger.Info("starting")
|
||||
|
||||
policies := []kyverno.PolicyInterface{}
|
||||
|
|
|
|||
5
pkg/policycache/log.go
Normal file
5
pkg/policycache/log.go
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
package policycache
|
||||
|
||||
import "sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
var logger = log.Log.WithName("policycache")
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
package policycache
|
||||
|
||||
import (
|
||||
"github.com/go-logr/logr"
|
||||
kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
|
||||
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
"github.com/kyverno/kyverno/pkg/policy"
|
||||
|
|
@ -29,8 +28,7 @@ type Interface interface {
|
|||
|
||||
// policyCache ...
|
||||
type policyCache struct {
|
||||
pMap pMap
|
||||
logger logr.Logger
|
||||
pMap pMap
|
||||
|
||||
// list/get cluster policy resource
|
||||
pLister kyvernolister.ClusterPolicyLister
|
||||
|
|
@ -40,7 +38,7 @@ type policyCache struct {
|
|||
}
|
||||
|
||||
// newPolicyCache ...
|
||||
func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface {
|
||||
func newPolicyCache(pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface {
|
||||
namesCache := map[PolicyType]map[string]bool{
|
||||
Mutate: make(map[string]bool),
|
||||
ValidateEnforce: make(map[string]bool),
|
||||
|
|
@ -55,7 +53,6 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister,
|
|||
nameCacheMap: namesCache,
|
||||
kindDataMap: make(map[string]map[PolicyType][]string),
|
||||
},
|
||||
log,
|
||||
pLister,
|
||||
npLister,
|
||||
}
|
||||
|
|
@ -64,7 +61,7 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister,
|
|||
// Add a policy to cache
|
||||
func (pc *policyCache) add(policy kyverno.PolicyInterface) {
|
||||
pc.pMap.add(policy)
|
||||
pc.logger.V(4).Info("policy is added to cache", "name", policy.GetName())
|
||||
logger.V(4).Info("policy is added to cache", "name", policy.GetName())
|
||||
}
|
||||
|
||||
// Get the list of matched policies
|
||||
|
|
@ -84,12 +81,12 @@ func (pc *policyCache) GetPolicies(pkey PolicyType, kind, nspace string) []kyver
|
|||
// Remove a policy from cache
|
||||
func (pc *policyCache) remove(p kyverno.PolicyInterface) {
|
||||
pc.pMap.remove(p)
|
||||
pc.logger.V(4).Info("policy is removed from cache", "name", p.GetName())
|
||||
logger.V(4).Info("policy is removed from cache", "name", p.GetName())
|
||||
}
|
||||
|
||||
func (pc *policyCache) update(oldP kyverno.PolicyInterface, newP kyverno.PolicyInterface) {
|
||||
pc.pMap.update(oldP, newP)
|
||||
pc.logger.V(4).Info("policy is updated from cache", "name", newP.GetName())
|
||||
logger.V(4).Info("policy is updated from cache", "name", newP.GetName())
|
||||
}
|
||||
|
||||
func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue