fix(reports-controller): add a flag to disable reports sanity checks (#11867)

* fix(reports-controller): remove crd sanity check Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com> * feat: add a flag to disable reports sanity checks Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> * feat: add changelog Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> --------- Signed-off-by: Raffael Sahli <raffael.sahli@doodle.com> Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: Vishal Choudhary <vishal.choudhary@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-06 07:57:07 +00:00 · 2025-01-09 10:03:23 +01:00 · 2025-01-09 10:03:23 +01:00 · 306a2e47d9
commit 306a2e47d9
parent 0e5ac8bd49
6 changed files with 15 additions and 3 deletions
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -37,6 +37,8 @@ annotations:
      description: fix validation error in validate.yaml
    - kind: fixed
      description: fixed global image registry config by introducing *.image.defaultRegistry.
+    - kind: added
+      description: added a new option .reportsController.sanityChecks to disable checks for policy reports crds
 dependencies:
  - name: grafana
    version: v0.0.0
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -702,6 +702,7 @@ The chart values are organised per component.
 | reportsController.profiling.port | int | `6060` | Profiling endpoint port |
 | reportsController.profiling.serviceType | string | `"ClusterIP"` | Service type. |
 | reportsController.profiling.nodePort | string | `nil` | Service node port. Only used if `type` is `NodePort`. |
+| reportsController.sanityChecks | bool | `true` | Enable sanity check for reports CRDs |

 ### Grafana

--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@ -140,10 +140,13 @@ spec:
            - --{{ $key }}={{ $value }}
            {{- end }}
            {{- end }}
-            {{ if .Values.reportsController.profiling.enabled }}
+            {{- if .Values.reportsController.profiling.enabled }}
            - --profile=true
            - --profilePort={{ .Values.reportsController.profiling.port }}
            {{- end }}
+            {{- if not .Values.reportsController.sanityChecks }}
+            - --reportsCRDsSanityChecks=false
+            {{- end }}
          env:
          - name: KYVERNO_SERVICEACCOUNT_NAME
            value: {{ template "kyverno.reports-controller.serviceAccountName" . }}
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -2061,3 +2061,6 @@ reportsController:
    # -- Service node port.
    # Only used if `type` is `NodePort`.
    nodePort:
+
+  # -- Enable sanity check for reports CRDs
+  sanityChecks: true
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@ -196,6 +196,7 @@ func main() {
 		aggregateReports                 bool
 		policyReports                    bool
 		validatingAdmissionPolicyReports bool
+		reportsCRDsSanityChecks          bool
 		backgroundScanWorkers            int
 		backgroundScanInterval           time.Duration
 		aggregationWorkers               int
@ -219,6 +220,7 @@ func main() {
 	flagset.BoolVar(&skipResourceFilters, "skipResourceFilters", true, "If true, resource filters wont be considered.")
 	flagset.Int64Var(&maxAPICallResponseLength, "maxAPICallResponseLength", 2*1000*1000, "Maximum allowed response size from API Calls. A value of 0 bypasses checks (not recommended).")
 	flagset.IntVar(&maxBackgroundReports, "maxBackgroundReports", 10000, "Maximum number of ephemeralreports created for the background policies before we stop creating new ones")
+	flagset.BoolVar(&reportsCRDsSanityChecks, "reportsCRDsSanityChecks", true, "Enable or disable sanity checks for policy reports and ephemeral reports CRDs.")
 	// config
 	appConfig := internal.NewConfiguration(
 		internal.WithProfiling(),
@ -257,7 +259,9 @@ func main() {
 		kyamlopenapi.Schema()
 		if err := sanityChecks(setup.ApiServerClient); err != nil {
 			setup.Logger.Error(err, "sanity checks failed")
-			os.Exit(1)
+			if reportsCRDsSanityChecks {
+				os.Exit(1)
+			}
 		}
 		setup.Logger.Info("background scan interval", "duration", backgroundScanInterval.String())
 		// check if validating admission policies are registered in the API server
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -52241,7 +52241,6 @@ spec:
            - --allowInsecureRegistry=false
            - --registryCredentialHelpers=default,google,amazon,azure,github
            - --enableReporting=validate,mutate,mutateExisting,imageVerify,generate
-            
          env:
          - name: KYVERNO_SERVICEACCOUNT_NAME
            value: kyverno-reports-controller