pr fix

2025-04-09 10:42:22 +00:00 · 2020-05-21 08:29:35 -07:00 · 2020-05-21 08:29:35 -07:00 · 2dda3e2a42
commit 2dda3e2a42
parent 980ad39df8
3 changed files with 6 additions and 30 deletions
--- a/charts/kyverno/templates/clusterrolebinding.yaml
+++ b/charts/kyverno/templates/clusterrolebinding.yaml
@ -66,19 +66,6 @@ subjects:
 ---  
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "kyverno.fullname" . }}:admin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: admin
-subjects:
- kind: ServiceAccount
-  name: {{ template "kyverno.serviceAccountName" . }}
-  namespace: {{ .Release.Namespace }} 
---  
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: {{ template "kyverno.fullname" . }}:edit
 roleRef:
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -702,19 +702,6 @@ rules:
 ---  
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kyverno:admin
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: admin
-subjects:
- kind: ServiceAccount
-  name: kyverno-service-account
-  namespace: kyverno 
---  
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: kyverno:edit
 roleRef:
@ -768,14 +755,16 @@ spec:
      serviceAccountName: kyverno-service-account
      initContainers:
        - name: kyverno-pre
-          image: nirmata/kyvernopre:v1.1.5
+          image: nirmata/kyvernopre:v1.1.6-rc1
      containers:
        - name: kyverno
-          image: nirmata/kyverno:v1.1.5
+          image: registry-v2.nirmata.io/nirmata/kyverno:latest
+          imagePullPolicy: Always
          args:
          - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]"
          # customize webhook timout
          # - "--webhooktimeout=4"
+          - "-v=6"
          ports:
          - containerPort: 443
          env:
--- a/pkg/webhooks/server.go
+++ b/pkg/webhooks/server.go
@ -299,7 +299,7 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
 			}
 		}
 	} else {
-		logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
+		logger.Info("mutate and validate rules are not supported prior to Kubernetes 1.14.0")
 	}

 	// GENERATE
@ -337,7 +337,7 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
 	logger := ws.log.WithName("resourceValidation").WithValues("uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)

 	if ok := utils.HigherThanKubernetesVersion(ws.client, ws.log, 1, 14, 0); !ok {
-		logger.Info("mutate/validate is not supported prior to Kubernetes 1.14.0")
+		logger.Info("mutate and validate rules are not supported prior to Kubernetes 1.14.0")
 		return &v1beta1.AdmissionResponse{
 			Allowed: true,
 			Result: &metav1.Status{