- add profiling; - fix CLI

2025-03-31 03:45:17 +00:00 · 2019-11-11 21:23:26 -08:00 · 2019-11-11 21:23:26 -08:00 · 2a14c1f5dc
commit 2a14c1f5dc
parent 546a25d025
4 changed files with 8 additions and 2 deletions
--- a/pkg/engine/mutation.go
+++ b/pkg/engine/mutation.go
@ -42,11 +42,13 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
 			continue
 		}

+		startTime := time.Now()
 		if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
 			glog.V(3).Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
 				rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
 			continue
 		}
+		glog.V(4).Infof("Time: Mutate matchAdmissionInfo %v", time.Since(startTime))

 		// check if the resource satisfies the filter conditions defined in the rule
 		//TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
--- a/pkg/engine/validation.go
+++ b/pkg/engine/validation.go
@ -49,11 +49,13 @@ func Validate(policyContext PolicyContext) (response EngineResponse) {
 			continue
 		}

+		startTime := time.Now()
 		if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
 			glog.V(3).Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
 				rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
 			continue
 		}
+		glog.V(4).Infof("Time: Validate matchAdmissionInfo %v", time.Since(startTime))

 		// check if the resource satisfies the filter conditions defined in the rule
 		// TODO: this needs to be extracted, to filter the resource so that we can avoid passing resources that
--- a/pkg/kyverno/apply/apply.go
+++ b/pkg/kyverno/apply/apply.go
@ -105,7 +105,7 @@ func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *me
 	}
 	//TODO check if the kind information is present resource
 	// Process Mutation
-	engineResponse := engine.Mutate(*policy, *resource)
+	engineResponse := engine.Mutate(engine.PolicyContext{Policy: *policy, Resource: *resource})
 	if !engineResponse.IsSuccesful() {
 		glog.Infof("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)
 		for _, r := range engineResponse.PolicyResponse.Rules {
@ -115,7 +115,7 @@ func applyPolicyOnRaw(policy *kyverno.ClusterPolicy, rawResource []byte, gvk *me
 		glog.Infof("Mutation from policy %s has applied succesfully to %s %s/%s", policy.Name, gvk.Kind, rname, rns)

 		// Process Validation
-		engineResponse := engine.Validate(*policy, *resource)
+		engineResponse := engine.Validate(engine.PolicyContext{Policy: *policy, Resource: *resource})

 		if !engineResponse.IsSuccesful() {
 			glog.Infof("Failed to apply policy %s on resource %s/%s", policy.Name, rname, rns)
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -177,6 +177,7 @@ func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionReques

 	// TODO(shuting): replace containRBACinfo after policy cache lookup is introduced
 	// getRoleRef only if policy has roles/clusterroles defined
+	startTime := time.Now()
 	if containRBACinfo(policies) {
 		roles, clusterRoles, err = userinfo.GetRoleRef(ws.rbLister, ws.crbLister, request)
 		if err != nil {
@ -185,6 +186,7 @@ func (ws *WebhookServer) handleAdmissionRequest(request *v1beta1.AdmissionReques
 				request.Kind.Kind, request.Namespace, request.Name, request.UID, request.Operation, err)
 		}
 	}
+	glog.V(4).Infof("Time: webhook GetRoleRef %v", time.Since(startTime))

 	// MUTATION
 	ok, patches, msg := ws.HandleMutation(request, policies, roles, clusterRoles)