mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00
Code Activity

refactor: policycache package logger (#3783)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-05-03 14:24:11 +02:00 committed by GitHub
parent f70ef051dc
commit 207459cc40
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
cmd/kyverno/main.go
View file

@ -151,6 +151,9 @@ func main() {
kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace)) kubeKyvernoInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod, kubeinformers.WithNamespace(config.KyvernoNamespace))
kyvernoInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(kyvernoClient, policyControllerResyncPeriod) kyvernoInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(kyvernoClient, policyControllerResyncPeriod)
// utils
kyvernoV1 := kyvernoInformer.Kyverno().V1()
// load image registry secrets // load image registry secrets
secrets := strings.Split(imagePullSecrets, ",") secrets := strings.Split(imagePullSecrets, ",")
if imagePullSecrets != "" && len(secrets) > 0 { if imagePullSecrets != "" && len(secrets) > 0 {
@ -169,8 +172,8 @@ func main() {
// - generate event with retry mechanism // - generate event with retry mechanism
eventGenerator := event.NewEventGenerator( eventGenerator := event.NewEventGenerator(
dynamicClient, dynamicClient,
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
log.Log.WithName("EventGenerator")) log.Log.WithName("EventGenerator"))
// POLICY Report GENERATOR // POLICY Report GENERATOR
@ -178,8 +181,8 @@ func main() {
dynamicClient, dynamicClient,
kyvernoInformer.Kyverno().V1alpha2().ReportChangeRequests(), kyvernoInformer.Kyverno().V1alpha2().ReportChangeRequests(),
kyvernoInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(), kyvernoInformer.Kyverno().V1alpha2().ClusterReportChangeRequests(),
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
log.Log.WithName("ReportChangeRequestGenerator"), log.Log.WithName("ReportChangeRequestGenerator"),
) )
@ -206,8 +209,8 @@ func main() {
kubeInformer.Admissionregistration().V1().MutatingWebhookConfigurations(), kubeInformer.Admissionregistration().V1().MutatingWebhookConfigurations(),
kubeInformer.Admissionregistration().V1().ValidatingWebhookConfigurations(), kubeInformer.Admissionregistration().V1().ValidatingWebhookConfigurations(),
kubeKyvernoInformer.Apps().V1().Deployments(), kubeKyvernoInformer.Apps().V1().Deployments(),
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
serverIP, serverIP,
int32(webhookTimeout), int32(webhookTimeout),
debug, debug,
@ -268,8 +271,8 @@ func main() {
kubeClient, kubeClient,
kyvernoClient, kyvernoClient,
dynamicClient, dynamicClient,
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
configData, configData,
eventGenerator, eventGenerator,
@ -295,8 +298,8 @@ func main() {
kubeClient, kubeClient,
kyvernoClient, kyvernoClient,
dynamicClient, dynamicClient,
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
eventGenerator, eventGenerator,
kubeInformer.Core().V1().Namespaces(), kubeInformer.Core().V1().Namespaces(),
@ -312,8 +315,8 @@ func main() {
kubeClient, kubeClient,
kyvernoClient, kyvernoClient,
dynamicClient, dynamicClient,
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(), kyvernoV1.Policies(),
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
kubeInformer.Core().V1().Namespaces(), kubeInformer.Core().V1().Namespaces(),
log.Log.WithName("GenerateCleanUpController"), log.Log.WithName("GenerateCleanUpController"),
@ -323,11 +326,7 @@ func main() {
os.Exit(1) os.Exit(1)
} }
pCacheController := policycache.NewPolicyCacheController( pCacheController := policycache.NewPolicyCacheController(kyvernoV1.ClusterPolicies(), kyvernoV1.Policies())
kyvernoInformer.Kyverno().V1().ClusterPolicies(),
kyvernoInformer.Kyverno().V1().Policies(),
log.Log.WithName("PolicyCacheController"),
)
auditHandler := webhooks.NewValidateAuditHandler( auditHandler := webhooks.NewValidateAuditHandler(
pCacheController.Cache, pCacheController.Cache,
@ -417,7 +416,7 @@ func main() {
dynamicClient, dynamicClient,
tlsPair, tlsPair,
kyvernoInformer.Kyverno().V1beta1().UpdateRequests(), kyvernoInformer.Kyverno().V1beta1().UpdateRequests(),
kyvernoInformer.Kyverno().V1().ClusterPolicies(), kyvernoV1.ClusterPolicies(),
kubeInformer.Rbac().V1().RoleBindings(), kubeInformer.Rbac().V1().RoleBindings(),
kubeInformer.Rbac().V1().ClusterRoleBindings(), kubeInformer.Rbac().V1().ClusterRoleBindings(),
kubeInformer.Rbac().V1().Roles(), kubeInformer.Rbac().V1().Roles(),

37
pkg/policycache/cache_test.go
View file

@ -10,7 +10,6 @@ import (
lv1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" lv1 "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
"gotest.tools/assert" "gotest.tools/assert"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
"sigs.k8s.io/controller-runtime/pkg/log"
) )
type dummyLister struct { type dummyLister struct {
@ -46,7 +45,7 @@ func (dl dummyNsLister) Get(name string) (*kyverno.Policy, error) {
} }
func Test_All(t *testing.T) { func Test_All(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newPolicy(t) policy := newPolicy(t)
//add //add
pCache.add(policy) pCache.add(policy)
@ -78,7 +77,7 @@ func Test_All(t *testing.T) {
} }
func Test_Add_Duplicate_Policy(t *testing.T) { func Test_Add_Duplicate_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newPolicy(t) policy := newPolicy(t)
pCache.add(policy) pCache.add(policy)
pCache.add(policy) pCache.add(policy)
@ -104,7 +103,7 @@ func Test_Add_Duplicate_Policy(t *testing.T) {
} }
func Test_Add_Validate_Audit(t *testing.T) { func Test_Add_Validate_Audit(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newPolicy(t) policy := newPolicy(t)
pCache.add(policy) pCache.add(policy)
pCache.add(policy) pCache.add(policy)
@ -129,7 +128,7 @@ func Test_Add_Validate_Audit(t *testing.T) {
} }
func Test_Add_Remove(t *testing.T) { func Test_Add_Remove(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newPolicy(t) policy := newPolicy(t)
kind := "Pod" kind := "Pod"
pCache.add(policy) pCache.add(policy)
@ -157,7 +156,7 @@ func Test_Add_Remove(t *testing.T) {
} }
func Test_Add_Remove_Any(t *testing.T) { func Test_Add_Remove_Any(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newAnyPolicy(t) policy := newAnyPolicy(t)
kind := "Pod" kind := "Pod"
pCache.add(policy) pCache.add(policy)
@ -185,7 +184,7 @@ func Test_Add_Remove_Any(t *testing.T) {
} }
func Test_Remove_From_Empty_Cache(t *testing.T) { func Test_Remove_From_Empty_Cache(t *testing.T) {
pCache := newPolicyCache(log.Log, nil, nil) pCache := newPolicyCache(nil, nil)
policy := newPolicy(t) policy := newPolicy(t)
pCache.remove(policy) pCache.remove(policy)
@ -926,7 +925,7 @@ func newValidateEnforcePolicy(t *testing.T) *kyverno.ClusterPolicy {
} }
func Test_Ns_All(t *testing.T) { func Test_Ns_All(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newNsPolicy(t) policy := newNsPolicy(t)
//add //add
pCache.add(policy) pCache.add(policy)
@ -958,7 +957,7 @@ func Test_Ns_All(t *testing.T) {
} }
func Test_Ns_Add_Duplicate_Policy(t *testing.T) { func Test_Ns_Add_Duplicate_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newNsPolicy(t) policy := newNsPolicy(t)
pCache.add(policy) pCache.add(policy)
pCache.add(policy) pCache.add(policy)
@ -985,7 +984,7 @@ func Test_Ns_Add_Duplicate_Policy(t *testing.T) {
} }
func Test_Ns_Add_Validate_Audit(t *testing.T) { func Test_Ns_Add_Validate_Audit(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newNsPolicy(t) policy := newNsPolicy(t)
pCache.add(policy) pCache.add(policy)
pCache.add(policy) pCache.add(policy)
@ -1010,7 +1009,7 @@ func Test_Ns_Add_Validate_Audit(t *testing.T) {
} }
func Test_Ns_Add_Remove(t *testing.T) { func Test_Ns_Add_Remove(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newNsPolicy(t) policy := newNsPolicy(t)
nspace := policy.GetNamespace() nspace := policy.GetNamespace()
kind := "Pod" kind := "Pod"
@ -1028,7 +1027,7 @@ func Test_Ns_Add_Remove(t *testing.T) {
} }
func Test_GVk_Cache(t *testing.T) { func Test_GVk_Cache(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newGVKPolicy(t) policy := newGVKPolicy(t)
//add //add
pCache.add(policy) pCache.add(policy)
@ -1044,7 +1043,7 @@ func Test_GVk_Cache(t *testing.T) {
} }
func Test_GVK_Add_Remove(t *testing.T) { func Test_GVK_Add_Remove(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newGVKPolicy(t) policy := newGVKPolicy(t)
kind := "ClusterRole" kind := "ClusterRole"
pCache.add(policy) pCache.add(policy)
@ -1061,7 +1060,7 @@ func Test_GVK_Add_Remove(t *testing.T) {
} }
func Test_Add_Validate_Enforce(t *testing.T) { func Test_Add_Validate_Enforce(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newUserTestPolicy(t) policy := newUserTestPolicy(t)
nspace := policy.GetNamespace() nspace := policy.GetNamespace()
//add //add
@ -1077,7 +1076,7 @@ func Test_Add_Validate_Enforce(t *testing.T) {
} }
func Test_Ns_Add_Remove_User(t *testing.T) { func Test_Ns_Add_Remove_User(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newUserTestPolicy(t) policy := newUserTestPolicy(t)
nspace := policy.GetNamespace() nspace := policy.GetNamespace()
kind := "Deployment" kind := "Deployment"
@ -1095,7 +1094,7 @@ func Test_Ns_Add_Remove_User(t *testing.T) {
} }
func Test_Mutate_Policy(t *testing.T) { func Test_Mutate_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newMutatePolicy(t) policy := newMutatePolicy(t)
//add //add
pCache.add(policy) pCache.add(policy)
@ -1114,7 +1113,7 @@ func Test_Mutate_Policy(t *testing.T) {
} }
func Test_Generate_Policy(t *testing.T) { func Test_Generate_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newgenratePolicy(t) policy := newgenratePolicy(t)
//add //add
pCache.add(policy) pCache.add(policy)
@ -1131,7 +1130,7 @@ func Test_Generate_Policy(t *testing.T) {
} }
func Test_NsMutate_Policy(t *testing.T) { func Test_NsMutate_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy := newMutatePolicy(t) policy := newMutatePolicy(t)
nspolicy := newNsMutatePolicy(t) nspolicy := newNsMutatePolicy(t)
//add //add
@ -1156,7 +1155,7 @@ func Test_NsMutate_Policy(t *testing.T) {
} }
func Test_Validate_Enforce_Policy(t *testing.T) { func Test_Validate_Enforce_Policy(t *testing.T) {
pCache := newPolicyCache(log.Log, dummyLister{}, dummyNsLister{}) pCache := newPolicyCache(dummyLister{}, dummyNsLister{})
policy1 := newValidateAuditPolicy(t) policy1 := newValidateAuditPolicy(t)
policy2 := newValidateEnforcePolicy(t) policy2 := newValidateEnforcePolicy(t)
pCache.add(policy1) pCache.add(policy1)

13
pkg/policycache/informer.go
View file

@ -5,7 +5,6 @@ import (
"reflect" "reflect"
"sync/atomic" "sync/atomic"
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1" kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
@ -21,22 +20,15 @@ import (
// policies based on types (Mutate/ValidateEnforce/Generate/imageVerify). // policies based on types (Mutate/ValidateEnforce/Generate/imageVerify).
type Controller struct { type Controller struct {
Cache Interface Cache Interface
log logr.Logger
cpolLister kyvernolister.ClusterPolicyLister cpolLister kyvernolister.ClusterPolicyLister
polLister kyvernolister.PolicyLister polLister kyvernolister.PolicyLister
pCounter int64 pCounter int64
} }
// NewPolicyCacheController create a new PolicyController // NewPolicyCacheController create a new PolicyController
func NewPolicyCacheController( func NewPolicyCacheController(pInformer kyvernoinformer.ClusterPolicyInformer, nspInformer kyvernoinformer.PolicyInformer) *Controller {
pInformer kyvernoinformer.ClusterPolicyInformer,
nspInformer kyvernoinformer.PolicyInformer,
log logr.Logger,
) *Controller {
pc := Controller{ pc := Controller{
Cache: newPolicyCache(log, pInformer.Lister(), nspInformer.Lister()), Cache: newPolicyCache(pInformer.Lister(), nspInformer.Lister()),
log: log,
} }
// ClusterPolicy Informer // ClusterPolicy Informer
@ -103,7 +95,6 @@ func (c *Controller) deleteNsPolicy(obj interface{}) {
// CheckPolicySync wait until the internal policy cache is fully loaded // CheckPolicySync wait until the internal policy cache is fully loaded
func (c *Controller) CheckPolicySync(stopCh <-chan struct{}) { func (c *Controller) CheckPolicySync(stopCh <-chan struct{}) {
logger := c.log
logger.Info("starting") logger.Info("starting")
policies := []kyverno.PolicyInterface{} policies := []kyverno.PolicyInterface{}

5
pkg/policycache/log.go Normal file
View file

@ -0,0 +1,5 @@
package policycache
import "sigs.k8s.io/controller-runtime/pkg/log"
var logger = log.Log.WithName("policycache")

13
pkg/policycache/policy_cache.go
View file

@ -1,7 +1,6 @@
package policycache package policycache
import ( import (
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/api/kyverno/v1" kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
"github.com/kyverno/kyverno/pkg/policy" "github.com/kyverno/kyverno/pkg/policy"
@ -29,8 +28,7 @@ type Interface interface {
// policyCache ... // policyCache ...
type policyCache struct { type policyCache struct {
pMap pMap pMap pMap
logger logr.Logger
// list/get cluster policy resource // list/get cluster policy resource
pLister kyvernolister.ClusterPolicyLister pLister kyvernolister.ClusterPolicyLister
@ -40,7 +38,7 @@ type policyCache struct {
} }
// newPolicyCache ... // newPolicyCache ...
func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface { func newPolicyCache(pLister kyvernolister.ClusterPolicyLister, npLister kyvernolister.PolicyLister) Interface {
namesCache := map[PolicyType]map[string]bool{ namesCache := map[PolicyType]map[string]bool{
Mutate: make(map[string]bool), Mutate: make(map[string]bool),
ValidateEnforce: make(map[string]bool), ValidateEnforce: make(map[string]bool),
@ -55,7 +53,6 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister,
nameCacheMap: namesCache, nameCacheMap: namesCache,
kindDataMap: make(map[string]map[PolicyType][]string), kindDataMap: make(map[string]map[PolicyType][]string),
}, },
log,
pLister, pLister,
npLister, npLister,
} }
@ -64,7 +61,7 @@ func newPolicyCache(log logr.Logger, pLister kyvernolister.ClusterPolicyLister,
// Add a policy to cache // Add a policy to cache
func (pc *policyCache) add(policy kyverno.PolicyInterface) { func (pc *policyCache) add(policy kyverno.PolicyInterface) {
pc.pMap.add(policy) pc.pMap.add(policy)
pc.logger.V(4).Info("policy is added to cache", "name", policy.GetName()) logger.V(4).Info("policy is added to cache", "name", policy.GetName())
} }
// Get the list of matched policies // Get the list of matched policies
@ -84,12 +81,12 @@ func (pc *policyCache) GetPolicies(pkey PolicyType, kind, nspace string) []kyver
// Remove a policy from cache // Remove a policy from cache
func (pc *policyCache) remove(p kyverno.PolicyInterface) { func (pc *policyCache) remove(p kyverno.PolicyInterface) {
pc.pMap.remove(p) pc.pMap.remove(p)
pc.logger.V(4).Info("policy is removed from cache", "name", p.GetName()) logger.V(4).Info("policy is removed from cache", "name", p.GetName())
} }
func (pc *policyCache) update(oldP kyverno.PolicyInterface, newP kyverno.PolicyInterface) { func (pc *policyCache) update(oldP kyverno.PolicyInterface, newP kyverno.PolicyInterface) {
pc.pMap.update(oldP, newP) pc.pMap.update(oldP, newP)
pc.logger.V(4).Info("policy is updated from cache", "name", newP.GetName()) logger.V(4).Info("policy is updated from cache", "name", newP.GetName())
} }
func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) { func (pc *policyCache) getPolicyObject(key PolicyType, gvk string, nspace string) (policyObject []kyverno.PolicyInterface) {