mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 07:57:07 +00:00
Code Activity

- set tag optional in generaterequest; - fix generate controller error log

Browse source
This commit is contained in:
Shuting Zhao 2020-11-13 17:44:34 -08:00
parent 943935ee1b
commit 2ff9d03b3f
8 changed files with 39 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
definitions/crds/kyverno.io_generaterequests.yaml
View file

@ -48,11 +48,13 @@ spec:
send the request send the request
items: items:
type: string type: string
nullable: true
type: array type: array
roles: roles:
description: Roles is a list of possible role send the request description: Roles is a list of possible role send the request
items: items:
type: string type: string
nullable: true
type: array type: array
userInfo: userInfo:
description: UserInfo is the userInfo carried in the admission description: UserInfo is the userInfo carried in the admission
@ -84,10 +86,6 @@ spec:
among all active users. among all active users.
type: string type: string
type: object type: object
required:
- clusterRoles
- roles
- userInfo
type: object type: object
type: object type: object
policy: policy:

8
pkg/api/kyverno/v1/generaterequest_types.go
View file

@ -30,16 +30,24 @@ type GenerateRequestSpec struct {
//GenerateRequestContext stores the context to be shared //GenerateRequestContext stores the context to be shared
type GenerateRequestContext struct { type GenerateRequestContext struct {
// +optional
UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"` UserRequestInfo RequestInfo `json:"userInfo,omitempty" yaml:"userInfo,omitempty"`
} }
// RequestInfo contains permission info carried in an admission request // RequestInfo contains permission info carried in an admission request
type RequestInfo struct { type RequestInfo struct {
// Roles is a list of possible role send the request // Roles is a list of possible role send the request
// +nullable
// +optional
Roles []string `json:"roles" yaml:"roles"` Roles []string `json:"roles" yaml:"roles"`
// ClusterRoles is a list of possible clusterRoles send the request // ClusterRoles is a list of possible clusterRoles send the request
// +nullable
// +optional
ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"` ClusterRoles []string `json:"clusterRoles" yaml:"clusterRoles"`
// UserInfo is the userInfo carried in the admission request // UserInfo is the userInfo carried in the admission request
// +optional
AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"` AdmissionUserInfo authenticationv1.UserInfo `json:"userInfo" yaml:"userInfo"`
} }

8
pkg/generate/cleanup/controller.go
View file

@ -246,6 +246,12 @@ func (c *Controller) handleErr(err error, key interface{}) {
return return
} }
if errors.IsNotFound(err) {
c.queue.Forget(key)
logger.V(4).Info("Dropping generate request from the queue", "key", key, "error", err)
return
}
if c.queue.NumRequeues(key) < maxRetries { if c.queue.NumRequeues(key) < maxRetries {
logger.Error(err, "failed to sync generate request", "key", key) logger.Error(err, "failed to sync generate request", "key", key)
c.queue.AddRateLimited(key) c.queue.AddRateLimited(key)
@ -260,7 +266,7 @@ func (c *Controller) syncGenerateRequest(key string) error {
logger := c.log.WithValues("key", key) logger := c.log.WithValues("key", key)
var err error var err error
startTime := time.Now() startTime := time.Now()
logger.Info("started syncing generate request", "startTime", startTime) logger.V(4).Info("started syncing generate request", "startTime", startTime)
defer func() { defer func() {
logger.V(4).Info("finished syncying generate request", "processingTIme", time.Since(startTime).String()) logger.V(4).Info("finished syncying generate request", "processingTIme", time.Since(startTime).String())
}() }()

15
pkg/generate/controller.go
View file

@ -14,6 +14,7 @@ import (
"github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/event"
"github.com/kyverno/kyverno/pkg/policystatus" "github.com/kyverno/kyverno/pkg/policystatus"
"github.com/kyverno/kyverno/pkg/resourcecache" "github.com/kyverno/kyverno/pkg/resourcecache"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
utilruntime "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -230,7 +231,7 @@ func (c *Controller) deleteGR(obj interface{}) {
} }
} }
} }
logger.Info("deleting generate request", "name", gr.Name) logger.V(3).Info("deleting generate request", "name", gr.Name)
// sync Handler will remove it from the queue // sync Handler will remove it from the queue
c.enqueueGR(gr) c.enqueueGR(gr)
} }
@ -280,6 +281,12 @@ func (c *Controller) handleErr(err error, key interface{}) {
return return
} }
if errors.IsNotFound(err) {
c.queue.Forget(key)
logger.V(4).Info("Dropping generate request from the queue", "key", key, "error", err)
return
}
if c.queue.NumRequeues(key) < maxRetries { if c.queue.NumRequeues(key) < maxRetries {
logger.Error(err, "failed to sync generate request", "key", key) logger.Error(err, "failed to sync generate request", "key", key)
c.queue.AddRateLimited(key) c.queue.AddRateLimited(key)
@ -294,7 +301,7 @@ func (c *Controller) syncGenerateRequest(key string) error {
logger := c.log logger := c.log
var err error var err error
startTime := time.Now() startTime := time.Now()
logger.Info("started sync", "key", key, "startTime", startTime) logger.V(4).Info("started sync", "key", key, "startTime", startTime)
defer func() { defer func() {
logger.V(4).Info("finished sync", "key", key, "processingTime", time.Since(startTime).String()) logger.V(4).Info("finished sync", "key", key, "processingTime", time.Since(startTime).String())
}() }()
@ -305,6 +312,10 @@ func (c *Controller) syncGenerateRequest(key string) error {
gr, err := c.grLister.Get(grName) gr, err := c.grLister.Get(grName)
if err != nil { if err != nil {
if errors.IsNotFound(err) {
return nil
}
logger.Error(err, "failed to list generate requests") logger.Error(err, "failed to list generate requests")
return err return err
} }

7
pkg/generate/generate.go
View file

@ -182,7 +182,6 @@ func (c *Controller) applyGeneratePolicy(log logr.Logger, policyContext engine.P
} }
genResource, err := applyRule(log, c.client, rule, resource, ctx, policy.Name, gr, processExisting) genResource, err := applyRule(log, c.client, rule, resource, ctx, policy.Name, gr, processExisting)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -346,7 +345,7 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
// Failed to create resource // Failed to create resource
return noGenResource, err return noGenResource, err
} }
logger.V(4).Info("created new resource") logger.V(2).Info("created generated resource")
} else if mode == Update { } else if mode == Update {
var isUpdate bool var isUpdate bool
@ -374,7 +373,7 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
logger.Error(err, "updating existing resource") logger.Error(err, "updating existing resource")
return noGenResource, err return noGenResource, err
} }
logger.V(4).Info("updated new resource") logger.V(4).Info("updated generated resource")
} else { } else {
resource := &unstructured.Unstructured{} resource := &unstructured.Unstructured{}
resource.SetUnstructuredContent(rdata) resource.SetUnstructuredContent(rdata)
@ -384,7 +383,7 @@ func applyRule(log logr.Logger, client *dclient.Client, rule kyverno.Rule, resou
logger.Error(err, "updating existing resource") logger.Error(err, "updating existing resource")
return noGenResource, err return noGenResource, err
} }
logger.V(4).Info("updated new resource") logger.V(4).Info("updated geneated resource")
} }
logger.V(4).Info("Synchronize resource is disabled") logger.V(4).Info("Synchronize resource is disabled")

9
pkg/generate/status.go
View file

@ -6,6 +6,7 @@ import (
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1" kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned" kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
"k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log"
) )
@ -28,11 +29,11 @@ func (sc StatusControl) Failed(gr kyverno.GenerateRequest, message string, genRe
// Update Generated Resources // Update Generated Resources
gr.Status.GeneratedResources = genResources gr.Status.GeneratedResources = genResources
_, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{}) _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{})
if err != nil { if err != nil && !errors.IsNotFound(err) {
log.Log.Error(err, "failed to update generate request status", "name", gr.Name) log.Log.Error(err, "failed to update generate request status", "name", gr.Name)
return err return err
} }
log.Log.Info("updated generate request status", "name", gr.Name, "status", string(kyverno.Failed)) log.Log.V(3).Info("updated generate request status", "name", gr.Name, "status", string(kyverno.Failed))
return nil return nil
} }
@ -44,10 +45,10 @@ func (sc StatusControl) Success(gr kyverno.GenerateRequest, genResources []kyver
gr.Status.GeneratedResources = genResources gr.Status.GeneratedResources = genResources
_, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{}) _, err := sc.client.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).UpdateStatus(context.TODO(), &gr, v1.UpdateOptions{})
if err != nil { if err != nil && !errors.IsNotFound(err) {
log.Log.Error(err, "failed to update generate request status", "name", gr.Name) log.Log.Error(err, "failed to update generate request status", "name", gr.Name)
return err return err
} }
log.Log.Info("updated generate request status", "name", gr.Name, "status", string(kyverno.Completed)) log.Log.V(3).Info("updated generate request status", "name", gr.Name, "status", string(kyverno.Completed))
return nil return nil
} }

1
pkg/kyverno/apply/command.go
View file

@ -415,7 +415,6 @@ func createFileOrFolder(mutateLogPath string, mutateLogPathIsDir bool) error {
if len(s) > 1 { if len(s) > 1 {
folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1] folderPath = mutateLogPath[:len(mutateLogPath)-len(s[len(s)-1])-1]
_, err := os.Stat(folderPath) _, err := os.Stat(folderPath)
fmt.Println(err)
if os.IsNotExist(err) { if os.IsNotExist(err) {
errDir := os.MkdirAll(folderPath, 0755) errDir := os.MkdirAll(folderPath, 0755)
if errDir != nil { if errDir != nil {

2
pkg/policy/controller.go
View file

@ -419,7 +419,7 @@ func (pc *PolicyController) syncPolicy(key string) error {
for _, v := range grList { for _, v := range grList {
if key == v.Spec.Policy { if key == v.Spec.Policy {
err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{}) err := pc.kyvernoClient.KyvernoV1().GenerateRequests(config.KubePolicyNamespace).Delete(context.TODO(), v.GetName(), metav1.DeleteOptions{})
if err != nil { if err != nil && !errors.IsNotFound(err) {
logger.Error(err, "failed to delete gr") logger.Error(err, "failed to delete gr")
} }
} }