From 2abfff1f06694c858791014e6e0f54fa2a85e68a Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 2 Nov 2020 17:08:35 -0800 Subject: [PATCH] remove violation CRD from manifest --- charts/kyverno/crds/crds.yaml | 144 --------------------------------- cmd/kyverno/main.go | 3 - definitions/crds/crds.yaml | 144 --------------------------------- definitions/install.yaml | 144 --------------------------------- definitions/install_debug.yaml | 144 --------------------------------- pkg/utils/util.go | 19 ++--- 6 files changed, 5 insertions(+), 593 deletions(-) diff --git a/charts/kyverno/crds/crds.yaml b/charts/kyverno/crds/crds.yaml index cb2605cc61..193050cec0 100644 --- a/charts/kyverno/crds/crds.yaml +++ b/charts/kyverno/crds/crds.yaml @@ -608,78 +608,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: clusterpolicyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: ClusterPolicyViolation - plural: clusterpolicyviolations - shortNames: - - cpolv - singular: clusterpolicyviolation - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 @@ -1670,78 +1598,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: policyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: PolicyViolation - plural: policyviolations - shortNames: - - polv - singular: policyviolation - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 84353b5874..347e9c1f14 100755 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -134,9 +134,6 @@ func main() { os.Exit(1) } - // TODO: To be removed for v1.2.0 - utils.CleanupOldCrd(client, log.Log) - kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, resyncPeriod) kubedynamicInformer := client.NewDynamicSharedInformerFactory(resyncPeriod) diff --git a/definitions/crds/crds.yaml b/definitions/crds/crds.yaml index 4efe95fb44..a7e795c1f4 100755 --- a/definitions/crds/crds.yaml +++ b/definitions/crds/crds.yaml @@ -532,150 +532,6 @@ spec: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: clusterpolicyviolations.kyverno.io -spec: - group: kyverno.io - versions: - - name: v1 - served: true - storage: true - scope: Cluster - names: - kind: ClusterPolicyViolation - plural: clusterpolicyviolations - singular: clusterpolicyviolation - shortNames: - - cpolv - subresources: - status: {} - additionalPrinterColumns: - - name: Policy - type: string - description: The policy that resulted in the violation - JSONPath: .spec.policy - - name: ResourceKind - type: string - description: The resource kind that cause the violation - JSONPath: .spec.resource.kind - - name: ResourceName - type: string - description: The resource name that caused the violation - JSONPath: .spec.resource.name - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - validation: - openAPIV3Schema: - properties: - spec: - required: - - policy - - resource - - rules - properties: - policy: - type: string - resource: - type: object - required: - - kind - - name - properties: - kind: - type: string - name: - type: string - rules: - type: array - items: - type: object - required: - - name - - type - - message - properties: - name: - type: string - type: - type: string - message: - type: string ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: policyviolations.kyverno.io -spec: - group: kyverno.io - versions: - - name: v1 - served: true - storage: true - scope: Namespaced - names: - kind: PolicyViolation - plural: policyviolations - singular: policyviolation - shortNames: - - polv - subresources: - status: {} - additionalPrinterColumns: - - name: Policy - type: string - description: The policy that resulted in the violation - JSONPath: .spec.policy - - name: ResourceKind - type: string - description: The resource kind that cause the violation - JSONPath: .spec.resource.kind - - name: ResourceName - type: string - description: The resource name that caused the violation - JSONPath: .spec.resource.name - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - validation: - openAPIV3Schema: - properties: - spec: - required: - - policy - - resource - - rules - properties: - policy: - type: string - resource: - type: object - required: - - kind - - name - properties: - kind: - type: string - name: - type: string - rules: - type: array - items: - type: object - required: - - name - - type - - message - properties: - name: - type: string - type: - type: string - message: - type: string ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: name: generaterequests.kyverno.io spec: diff --git a/definitions/install.yaml b/definitions/install.yaml index 22a40ccac8..176e952efa 100755 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -613,78 +613,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: clusterpolicyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: ClusterPolicyViolation - plural: clusterpolicyviolations - shortNames: - - cpolv - singular: clusterpolicyviolation - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 @@ -1675,78 +1603,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: policyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: PolicyViolation - plural: policyviolations - shortNames: - - polv - singular: policyviolation - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index 76e9eeb72d..d7e3860438 100755 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -613,78 +613,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: clusterpolicyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: ClusterPolicyViolation - plural: clusterpolicyviolations - shortNames: - - cpolv - singular: clusterpolicyviolation - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 @@ -1675,78 +1603,6 @@ status: --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition -metadata: - name: policyviolations.kyverno.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.policy - description: The policy that resulted in the violation - name: Policy - type: string - - JSONPath: .spec.resource.kind - description: The resource kind that cause the violation - name: ResourceKind - type: string - - JSONPath: .spec.resource.name - description: The resource name that caused the violation - name: ResourceName - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: kyverno.io - names: - kind: PolicyViolation - plural: policyviolations - shortNames: - - polv - singular: policyviolation - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - policy: - type: string - resource: - properties: - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - rules: - items: - properties: - message: - type: string - name: - type: string - type: - type: string - required: - - name - - type - - message - type: object - type: array - required: - - policy - - resource - - rules - versions: - - name: v1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.2.5 diff --git a/pkg/utils/util.go b/pkg/utils/util.go index 385fafba34..0d76b287c8 100644 --- a/pkg/utils/util.go +++ b/pkg/utils/util.go @@ -12,7 +12,6 @@ import ( "github.com/go-logr/logr" client "github.com/kyverno/kyverno/pkg/dclient" - dclient "github.com/kyverno/kyverno/pkg/dclient" "github.com/minio/minio/pkg/wildcard" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/kubernetes" @@ -76,22 +75,14 @@ func CRDInstalled(discovery client.IDiscovery, log logr.Logger) bool { logger.Info("CRD found", "kind", kind) return true } - if !check("ClusterPolicy") || !check("ClusterPolicyViolation") || !check("PolicyViolation") { - return false - } - return true -} -//CleanupOldCrd deletes any existing NamespacedPolicyViolation resources in cluster -// If resource violates policy, new Violations will be generated -func CleanupOldCrd(client *dclient.Client, log logr.Logger) { - logger := log.WithName("CleanupOldCrd") - gvr := client.DiscoveryClient.GetGVRFromKind("NamespacedPolicyViolation") - if !reflect.DeepEqual(gvr, (schema.GroupVersionResource{})) { - if err := client.DeleteResource("", "CustomResourceDefinition", "", "namespacedpolicyviolations.kyverno.io", false); err != nil { - logger.Error(err, "Failed to remove prevous CRD", "kind", "namespacedpolicyviolation") + kyvernoCRDs := []string{"ClusterPolicy", "ClusterPolicyReport", "PolicyReport", "ClusterReportChangeRequest", "ReportChangeRequest"} + for _, crd := range kyvernoCRDs { + if !check(crd) { + return false } } + return true } // extracts the new and old resource as unstructured