diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index c0b2e2fdaa..69ec349248 100755 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -151,6 +151,9 @@ func main() { kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace)) kyvernoInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(kyvernoClient, policyControllerResyncPeriod) + // utils + kyvernoV1 := kyvernoInformer.Kyverno().V1() + // load image registry secrets secrets := strings.Split(imagePullSecrets, ",") if imagePullSecrets != "" && len(secrets) > 0 { @@ -169,8 +172,8 @@ func main() { // - generate event with retry mechanism eventGenerator := event.NewEventGenerator( dynamicClient, - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), log.Log.WithName("EventGenerator")) // POLICY Report GENERATOR @@ -178,8 +181,8 @@ func main() { dynamicClient, kyvernoInformer.Kyverno().V1alpha2().ReportChangeRequests(), kyvernoInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(), - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), log.Log.WithName("ReportChangeRequestGenerator"), ) @@ -206,8 +209,8 @@ func main() { kubeInformer.Admissionregistration().V1().MutatingWebhookConfigurations(), kubeInformer.Admissionregistration().V1().ValidatingWebhookConfigurations(), kubeKyvernoInformer.Apps().V1().Deployments(), - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), serverIP, int32(webhookTimeout), debug, @@ -268,8 +271,8 @@ func main() { kubeClient, kyvernoClient, dynamicClient, - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), configData, eventGenerator, @@ -295,8 +298,8 @@ func main() { kubeClient, kyvernoClient, dynamicClient, - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), eventGenerator, kubeInformer.Core().V1().Namespaces(), @@ -312,8 +315,8 @@ func main() { kubeClient, kyvernoClient, dynamicClient, - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), + kyvernoV1.ClusterPolicies(), + kyvernoV1.Policies(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), kubeInformer.Core().V1().Namespaces(), log.Log.WithName("GenerateCleanUpController"), @@ -323,11 +326,7 @@ func main() { os.Exit(1) } - pCacheController := policycache.NewPolicyCacheController( - kyvernoInformer.Kyverno().V1().ClusterPolicies(), - kyvernoInformer.Kyverno().V1().Policies(), - log.Log.WithName("PolicyCacheController"), - ) + pCacheController := policycache.NewPolicyCacheController(kyvernoV1.ClusterPolicies(), kyvernoV1.Policies()) auditHandler := webhooks.NewValidateAuditHandler( pCacheController.Cache, @@ -417,7 +416,7 @@ func main() { dynamicClient, tlsPair, kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), - kyvernoInformer.Kyverno().V1().ClusterPolicies(), + kyvernoV1.ClusterPolicies(), kubeInformer.Rbac().V1().RoleBindings(), kubeInformer.Rbac().V1().ClusterRoleBindings(), kubeInformer.Rbac().V1().Roles(), diff --git a/pkg/policycache/cache_test.go b/pkg/policycache/cache_test.go index 15a99987c1..56fa82bb76 100644 --- a/pkg/policycache/cache_test.go +++ b/pkg/policycache/cache_test.go @@ -10,7 +10,6 @@ import ( lv1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" "gotest.tools/assert" "k8s.io/apimachinery/pkg/labels" - "sigs.k8s.io/controller-runtime/pkg/log" ) type dummyLister struct { @@ -46,7 +45,7 @@ func (dl dummyNsLister) Get(name string) (*kyverno.Policy, error) { } func Test_All(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newPolicy(t) //add pCache.add(policy) @@ -78,7 +77,7 @@ func Test_All(t *testing.T) { } func Test_Add_Duplicate_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newPolicy(t) pCache.add(policy) pCache.add(policy) @@ -104,7 +103,7 @@ func Test_Add_Duplicate_Policy(t *testing.T) { } func Test_Add_Validate_Audit(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newPolicy(t) pCache.add(policy) pCache.add(policy) @@ -129,7 +128,7 @@ func Test_Add_Validate_Audit(t *testing.T) { } func Test_Add_Remove(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newPolicy(t) kind := "Pod" pCache.add(policy) @@ -157,7 +156,7 @@ func Test_Add_Remove(t *testing.T) { } func Test_Add_Remove_Any(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newAnyPolicy(t) kind := "Pod" pCache.add(policy) @@ -185,7 +184,7 @@ func Test_Add_Remove_Any(t *testing.T) { } func Test_Remove_From_Empty_Cache(t *testing.T) { - pCache := newPolicyCache(log.Log, nil, nil) + pCache := newPolicyCache(nil, nil) policy := newPolicy(t) pCache.remove(policy) @@ -926,7 +925,7 @@ func newValidateEnforcePolicy(t *testing.T) *kyverno.ClusterPolicy { } func Test_Ns_All(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newNsPolicy(t) //add pCache.add(policy) @@ -958,7 +957,7 @@ func Test_Ns_All(t *testing.T) { } func Test_Ns_Add_Duplicate_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newNsPolicy(t) pCache.add(policy) pCache.add(policy) @@ -985,7 +984,7 @@ func Test_Ns_Add_Duplicate_Policy(t *testing.T) { } func Test_Ns_Add_Validate_Audit(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newNsPolicy(t) pCache.add(policy) pCache.add(policy) @@ -1010,7 +1009,7 @@ func Test_Ns_Add_Validate_Audit(t *testing.T) { } func Test_Ns_Add_Remove(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newNsPolicy(t) nspace := policy.GetNamespace() kind := "Pod" @@ -1028,7 +1027,7 @@ func Test_Ns_Add_Remove(t *testing.T) { } func Test_GVk_Cache(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newGVKPolicy(t) //add pCache.add(policy) @@ -1044,7 +1043,7 @@ func Test_GVk_Cache(t *testing.T) { } func Test_GVK_Add_Remove(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newGVKPolicy(t) kind := "ClusterRole" pCache.add(policy) @@ -1061,7 +1060,7 @@ func Test_GVK_Add_Remove(t *testing.T) { } func Test_Add_Validate_Enforce(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newUserTestPolicy(t) nspace := policy.GetNamespace() //add @@ -1077,7 +1076,7 @@ func Test_Add_Validate_Enforce(t *testing.T) { } func Test_Ns_Add_Remove_User(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newUserTestPolicy(t) nspace := policy.GetNamespace() kind := "Deployment" @@ -1095,7 +1094,7 @@ func Test_Ns_Add_Remove_User(t *testing.T) { } func Test_Mutate_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newMutatePolicy(t) //add pCache.add(policy) @@ -1114,7 +1113,7 @@ func Test_Mutate_Policy(t *testing.T) { } func Test_Generate_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newgenratePolicy(t) //add pCache.add(policy) @@ -1131,7 +1130,7 @@ func Test_Generate_Policy(t *testing.T) { } func Test_NsMutate_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy := newMutatePolicy(t) nspolicy := newNsMutatePolicy(t) //add @@ -1156,7 +1155,7 @@ func Test_NsMutate_Policy(t *testing.T) { } func Test_Validate_Enforce_Policy(t *testing.T) { - pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) + pCache := newPolicyCache(dummyLister{}, dummyNsLister{}) policy1 := newValidateAuditPolicy(t) policy2 := newValidateEnforcePolicy(t) pCache.add(policy1) diff --git a/pkg/policycache/informer.go b/pkg/policycache/informer.go index 9a4bacfa94..80d234d2d7 100644 --- a/pkg/policycache/informer.go +++ b/pkg/policycache/informer.go @@ -5,7 +5,6 @@ import ( "reflect" "sync/atomic" - "github.com/go-logr/logr" kyverno "github.com/kyverno/kyverno/api/kyverno/v1" kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" @@ -21,22 +20,15 @@ import ( // policies based on types (Mutate/ValidateEnforce/Generate/imageVerify). type Controller struct { Cache Interface - log logr.Logger cpolLister kyvernolister.ClusterPolicyLister polLister kyvernolister.PolicyLister pCounter int64 } // NewPolicyCacheController create a new PolicyController -func NewPolicyCacheController( - pInformer kyvernoinformer.ClusterPolicyInformer, - nspInformer kyvernoinformer.PolicyInformer, - log logr.Logger, -) *Controller { - +func NewPolicyCacheController(pInformer kyvernoinformer.ClusterPolicyInformer, nspInformer kyvernoinformer.PolicyInformer) *Controller { pc := Controller{ - Cache: newPolicyCache(log, pInformer.Lister(), nspInformer.Lister()), - log: log, + Cache: newPolicyCache(pInformer.Lister(), nspInformer.Lister()), } // ClusterPolicy Informer @@ -103,7 +95,6 @@ func (c *Controller) deleteNsPolicy(obj interface{}) { // CheckPolicySync wait until the internal policy cache is fully loaded func (c *Controller) CheckPolicySync(stopCh <-chan struct{}) { - logger := c.log logger.Info("starting") policies := []kyverno.PolicyInterface{} diff --git a/pkg/policycache/log.go b/pkg/policycache/log.go new file mode 100644 index 0000000000..066e9ca4c8 --- /dev/null +++ b/pkg/policycache/log.go @@ -0,0 +1,5 @@ +package policycache + +import "sigs.k8s.io/controller-runtime/pkg/log" + +var logger = log.Log.WithName("policycache") diff --git a/pkg/policycache/policy_cache.go b/pkg/policycache/policy_cache.go index e740b211c4..2ff4aba514 100644 --- a/pkg/policycache/policy_cache.go +++ b/pkg/policycache/policy_cache.go @@ -1,7 +1,6 @@ package policycache import ( - "github.com/go-logr/logr" kyverno "github.com/kyverno/kyverno/api/kyverno/v1" kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" "github.com/kyverno/kyverno/pkg/policy" @@ -29,8 +28,7 @@ type Interface interface { // policyCache ... type policyCache struct { - pMap pMap - logger logr.Logger + pMap pMap // list/get cluster policy resource pLister kyvernolister.ClusterPolicyLister @@ -40,7 +38,7 @@ type policyCache struct { } // newPolicyCache ... -func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface { +func newPolicyCache(pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface { namesCache := map[PolicyType]map[string]bool{ Mutate: make(map[string]bool), ValidateEnforce: make(map[string]bool), @@ -55,7 +53,6 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister, nameCacheMap: namesCache, kindDataMap: make(map[string]map[PolicyType][]string), }, - log, pLister, npLister, } @@ -64,7 +61,7 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister, // Add a policy to cache func (pc *policyCache) add(policy kyverno.PolicyInterface) { pc.pMap.add(policy) - pc.logger.V(4).Info("policy is added to cache", "name", policy.GetName()) + logger.V(4).Info("policy is added to cache", "name", policy.GetName()) } // Get the list of matched policies @@ -84,12 +81,12 @@ func (pc *policyCache) GetPolicies(pkey PolicyType, kind, nspace string) []kyver // Remove a policy from cache func (pc *policyCache) remove(p kyverno.PolicyInterface) { pc.pMap.remove(p) - pc.logger.V(4).Info("policy is removed from cache", "name", p.GetName()) + logger.V(4).Info("policy is removed from cache", "name", p.GetName()) } func (pc *policyCache) update(oldP kyverno.PolicyInterface, newP kyverno.PolicyInterface) { pc.pMap.update(oldP, newP) - pc.logger.V(4).Info("policy is updated from cache", "name", newP.GetName()) + logger.V(4).Info("policy is updated from cache", "name", newP.GetName()) } func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) {