mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

fix: omit events flag (#9572)

Browse source 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
This commit is contained in:
Charles-Edouard Brétéché 2024-01-31 00:41:13 +01:00 committed by GitHub
parent e969e29eb8
commit 2b824be667
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 13 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
charts/kyverno/templates/_helpers.tpl
View file

@ -52,7 +52,7 @@
{{- end -}} {{- end -}}
{{- with .omitEvents -}} {{- with .omitEvents -}}
{{- with .eventTypes -}} {{- with .eventTypes -}}
{{- $flags = append $flags (print "--omit-events=" (join "," .)) -}} {{- $flags = append $flags (print "--omitEvents=" (join "," .)) -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- with .policyExceptions -}} {{- with .policyExceptions -}}

8
cmd/background-controller/main.go
View file

@ -91,7 +91,7 @@ func main() {
flagset := flag.NewFlagSet("updaterequest-controller", flag.ExitOnError) flagset := flag.NewFlagSet("updaterequest-controller", flag.ExitOnError)
flagset.IntVar(&genWorkers, "genWorkers", 10, "Workers for the background controller.") flagset.IntVar(&genWorkers, "genWorkers", 10, "Workers for the background controller.")
flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.") flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.")
flagset.StringVar(&omitEvents, "omit-events", "", "Set this flag to a comma sperated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omit-events=PolicyApplied,PolicyViolation") flagset.StringVar(&omitEvents, "omitEvents", "", "Set this flag to a comma sperated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omitEvents=PolicyApplied,PolicyViolation")
flagset.Int64Var(&maxAPICallResponseLength, "maxAPICallResponseLength", 2*1000*1000, "Maximum allowed response size from API Calls. A value of 0 bypasses checks (not recommended).") flagset.Int64Var(&maxAPICallResponseLength, "maxAPICallResponseLength", 2*1000*1000, "Maximum allowed response size from API Calls. A value of 0 bypasses checks (not recommended).")
// config // config
appConfig := internal.NewConfiguration( appConfig := internal.NewConfiguration(
@ -130,15 +130,11 @@ func main() {
kyamlopenapi.Schema() kyamlopenapi.Schema()
// informer factories // informer factories
kyvernoInformer := kyvernoinformer.NewSharedInformerFactory(setup.KyvernoClient, resyncPeriod) kyvernoInformer := kyvernoinformer.NewSharedInformerFactory(setup.KyvernoClient, resyncPeriod)
omitEventsValues := strings.Split(omitEvents, ",")
if omitEvents == "" {
omitEventsValues = []string{}
}
var wg sync.WaitGroup var wg sync.WaitGroup
eventGenerator := event.NewEventGenerator( eventGenerator := event.NewEventGenerator(
setup.EventsClient, setup.EventsClient,
logging.WithName("EventGenerator"), logging.WithName("EventGenerator"),
omitEventsValues..., strings.Split(omitEvents, ",")...,
) )
eventController := internal.NewController( eventController := internal.NewController(
event.ControllerName, event.ControllerName,

8
cmd/kyverno/main.go
View file

@ -225,7 +225,7 @@ func main() {
flagset.BoolVar(&dumpPayload, "dumpPayload", false, "Set this flag to activate/deactivate debug mode.") flagset.BoolVar(&dumpPayload, "dumpPayload", false, "Set this flag to activate/deactivate debug mode.")
flagset.IntVar(&webhookTimeout, "webhookTimeout", webhookcontroller.DefaultWebhookTimeout, "Timeout for webhook configurations (number of seconds, integer).") flagset.IntVar(&webhookTimeout, "webhookTimeout", webhookcontroller.DefaultWebhookTimeout, "Timeout for webhook configurations (number of seconds, integer).")
flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.") flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.")
flagset.StringVar(&omitEvents, "omit-events", "", "Set this flag to a comma sperated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omit-events=PolicyApplied,PolicyViolation") flagset.StringVar(&omitEvents, "omitEvents", "", "Set this flag to a comma sperated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omitEvents=PolicyApplied,PolicyViolation")
flagset.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.") flagset.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
flagset.BoolVar(&autoUpdateWebhooks, "autoUpdateWebhooks", true, "Set this flag to 'false' to disable auto-configuration of the webhook.") flagset.BoolVar(&autoUpdateWebhooks, "autoUpdateWebhooks", true, "Set this flag to 'false' to disable auto-configuration of the webhook.")
flagset.DurationVar(&webhookRegistrationTimeout, "webhookRegistrationTimeout", 120*time.Second, "Timeout for webhook registration, e.g., 30s, 1m, 5m.") flagset.DurationVar(&webhookRegistrationTimeout, "webhookRegistrationTimeout", 120*time.Second, "Timeout for webhook registration, e.g., 30s, 1m, 5m.")
@ -317,14 +317,10 @@ func main() {
tlsSecretName, tlsSecretName,
) )
policyCache := policycache.NewCache() policyCache := policycache.NewCache()
omitEventsValues := strings.Split(omitEvents, ",")
if omitEvents == "" {
omitEventsValues = []string{}
}
eventGenerator := event.NewEventGenerator( eventGenerator := event.NewEventGenerator(
setup.EventsClient, setup.EventsClient,
logging.WithName("EventGenerator"), logging.WithName("EventGenerator"),
omitEventsValues..., strings.Split(omitEvents, ",")...,
) )
eventController := internal.NewController( eventController := internal.NewController(
event.ControllerName, event.ControllerName,

8
cmd/reports-controller/main.go
View file

@ -209,7 +209,7 @@ func main() {
flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.") flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.") flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.")
flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.") flagset.IntVar(&maxQueuedEvents, "maxQueuedEvents", 1000, "Maximum events to be queued.")
flagset.StringVar(&omitEvents, "omit-events", "", "Set this flag to a comma separated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omit-events=PolicyApplied,PolicyViolation") flagset.StringVar(&omitEvents, "omitEvents", "", "Set this flag to a comma separated list of PolicyViolation, PolicyApplied, PolicyError, PolicySkipped to disable events, e.g. --omitEvents=PolicyApplied,PolicyViolation")
flagset.BoolVar(&skipResourceFilters, "skipResourceFilters", true, "If true, resource filters wont be considered.") flagset.BoolVar(&skipResourceFilters, "skipResourceFilters", true, "If true, resource filters wont be considered.")
flagset.Int64Var(&maxAPICallResponseLength, "maxAPICallResponseLength", 2*1000*1000, "Maximum allowed response size from API Calls. A value of 0 bypasses checks (not recommended).") flagset.Int64Var(&maxAPICallResponseLength, "maxAPICallResponseLength", 2*1000*1000, "Maximum allowed response size from API Calls. A value of 0 bypasses checks (not recommended).")
// config // config
@ -255,15 +255,11 @@ func main() {
} }
// informer factories // informer factories
kyvernoInformer := kyvernoinformer.NewSharedInformerFactory(setup.KyvernoClient, resyncPeriod) kyvernoInformer := kyvernoinformer.NewSharedInformerFactory(setup.KyvernoClient, resyncPeriod)
omitEventsValues := strings.Split(omitEvents, ",")
if omitEvents == "" {
omitEventsValues = []string{}
}
var wg sync.WaitGroup var wg sync.WaitGroup
eventGenerator := event.NewEventGenerator( eventGenerator := event.NewEventGenerator(
setup.EventsClient, setup.EventsClient,
logging.WithName("EventGenerator"), logging.WithName("EventGenerator"),
omitEventsValues..., strings.Split(omitEvents, ",")...,
) )
eventController := internal.NewController( eventController := internal.NewController(
event.ControllerName, event.ControllerName,

6
config/install-latest-testing.yaml
View file

@ -51521,7 +51521,7 @@ spec:
- --generateValidatingAdmissionPolicy=false - --generateValidatingAdmissionPolicy=false
- --loggingFormat=text - --loggingFormat=text
- --v=2 - --v=2
- --omit-events=PolicyApplied,PolicySkipped - --omitEvents=PolicyApplied,PolicySkipped
- --enablePolicyException=true - --enablePolicyException=true
- --protectManagedResources=false - --protectManagedResources=false
- --allowInsecureRegistry=false - --allowInsecureRegistry=false
@ -51672,7 +51672,7 @@ spec:
- --enableDeferredLoading=true - --enableDeferredLoading=true
- --loggingFormat=text - --loggingFormat=text
- --v=2 - --v=2
- --omit-events=PolicyApplied,PolicySkipped - --omitEvents=PolicyApplied,PolicySkipped
- --enablePolicyException=true - --enablePolicyException=true
env: env:
@ -51919,7 +51919,7 @@ spec:
- --enableDeferredLoading=true - --enableDeferredLoading=true
- --loggingFormat=text - --loggingFormat=text
- --v=2 - --v=2
- --omit-events=PolicyApplied,PolicySkipped - --omitEvents=PolicyApplied,PolicySkipped
- --enablePolicyException=true - --enablePolicyException=true
- --reportsChunkSize=1000 - --reportsChunkSize=1000
- --allowInsecureRegistry=false - --allowInsecureRegistry=false

4
test/conformance/chainsaw/flags/standard/emit-events/README.md
View file

@ -1,6 +1,6 @@
## Description ## Description
This test updates the deployment with flag `--omit-events=PolicyApplied` set This test updates the deployment with flag `--omitEvents=PolicyApplied` set
Then it creates a policy, and a resource. Then it creates a policy, and a resource.
The resource is expected to be accepted. The resource is expected to be accepted.
A `PolicyApplied` event should be created. A `PolicyApplied` event should be created.
@ -9,7 +9,7 @@ A `PolicyViolation` event should not be emitted as the flag does not include tha
## Steps ## Steps
1. Update the deployment of admission controller to add this ar`--omit-events=PolicyApplied`. 1. Update the deployment of admission controller to add this ar`--omitEvents=PolicyApplied`.
2. - Create a policy 2. - Create a policy
- Assert the policy becomes ready - Assert the policy becomes ready
3. - Create a resource, 3. - Create a resource,

2
test/conformance/chainsaw/flags/standard/emit-events/admission-controller.yaml
View file

@ -72,7 +72,7 @@ spec:
image: "ghcr.io/kyverno/kyverno:latest" image: "ghcr.io/kyverno/kyverno:latest"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
args: args:
- --omit-events=PolicyViolation - --omitEvents=PolicyViolation
- --backgroundServiceAccountName=system:serviceaccount:kyverno:kyverno-background-controller - --backgroundServiceAccountName=system:serviceaccount:kyverno:kyverno-background-controller
- --servicePort=443 - --servicePort=443
- --loggingFormat=text - --loggingFormat=text