diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 65482a4257..1cd78a8cdb 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -70,7 +70,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} - - uses: J12934/helm-gh-pages-action@master name: Run Helm Publish with: diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 5e1320943a..5f98ffed90 100755 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -4,6 +4,7 @@ import ( "context" "flag" "fmt" + "github.com/nirmata/kyverno/pkg/common" "net/http" _ "net/http/pprof" "os" @@ -54,7 +55,7 @@ var ( excludeUsername string // User FQDN as CSR CN fqdncn bool - policyReport string + policyReport bool setupLog = log.Log.WithName("setup") ) @@ -70,7 +71,7 @@ func main() { flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.") flag.StringVar(&runValidationInMutatingWebhook, "runValidationInMutatingWebhook", "", "Validation will also be done using the mutation webhook, set to 'true' to enable. Older kubernetes versions do not work properly when a validation webhook is registered.") flag.BoolVar(&profile, "profile", false, "Set this flag to 'true', to enable profiling.") - flag.StringVar(&policyReport, "policyreport", "policyviolation", "Report Type") + flag.BoolVar(&policyReport, "policyreport", false, "Set this flag for enabling policy report") if err := flag.Set("v", "2"); err != nil { setupLog.Error(err, "failed to set log level") os.Exit(1) @@ -83,11 +84,10 @@ func main() { if profile { go http.ListenAndServe("localhost:6060", nil) } - os.Setenv("POLICY-TYPE", "POLICYVIOLATION") - if policyReport == "policyreport" { - os.Setenv("POLICY-TYPE", "POLICYREPORT") + os.Setenv("POLICY-TYPE", common.PolicyViolation) + if policyReport { + os.Setenv("POLICY-TYPE", common.PolicyReport) } - setupLog.Info(os.Getenv("POLICY-TYPE")) version.PrintVersionInfo(log.Log) cleanUp := make(chan struct{}) stopCh := signal.SetupSignalHandler() @@ -341,11 +341,9 @@ func main() { go grgen.Run(1) go rWebhookWatcher.Run(stopCh) go configData.Run(stopCh) - if os.Getenv("POLICY-TYPE") != "POLICYREPORT" { - go policyCtrl.Run(3, stopCh) - } else { - go policyCtrl.Run(1, stopCh) - } + + go policyCtrl.Run(3, stopCh) + go eventGenerator.Run(3, stopCh) go grc.Run(1, stopCh) diff --git a/pkg/common/common.go b/pkg/common/common.go index 0c59b26f75..bda1bc4be2 100644 --- a/pkg/common/common.go +++ b/pkg/common/common.go @@ -5,3 +5,9 @@ const ( Enforce = "enforce" // blocks the request on failure Audit = "audit" // dont block the request on failure, but report failiures as policy violations ) + +// Policy Reporting Types +const ( + PolicyViolation = "POLICYVIOLATION" + PolicyReport = "POLICYREPORT" +) \ No newline at end of file diff --git a/pkg/kyverno/report/cluster.go b/pkg/kyverno/report/cluster.go index e18f62a128..ba4b440c04 100644 --- a/pkg/kyverno/report/cluster.go +++ b/pkg/kyverno/report/cluster.go @@ -17,7 +17,7 @@ func ClusterCommand() *cobra.Command { Short: "generate report", Example: fmt.Sprintf("To create a cluster report from background scan:\nkyverno report cluster --namespace=defaults \n kyverno report cluster"), RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", "POLICYREPORT") + os.Setenv("POLICY-TYPE", common.PolicyReport) logger := log.Log.WithName("Report") restConfig, err := kubernetesConfig.ToRESTConfig() if err != nil { diff --git a/pkg/kyverno/report/helm.go b/pkg/kyverno/report/helm.go index 767a185c8e..fe5ba26973 100644 --- a/pkg/kyverno/report/helm.go +++ b/pkg/kyverno/report/helm.go @@ -23,7 +23,7 @@ func HelmCommand() *cobra.Command { Short: "generate report", Example: fmt.Sprintf("To create a helm report from background scan:\nkyverno report helm --namespace=defaults \n kyverno report helm"), RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", "POLICYREPORT") + os.Setenv("POLICY-TYPE", common.PolicyReport) logger := log.Log.WithName("Report") restConfig, err := kubernetesConfig.ToRESTConfig() if err != nil { diff --git a/pkg/kyverno/report/namespace.go b/pkg/kyverno/report/namespace.go index 76b4d8cd1e..73c42e0e9e 100644 --- a/pkg/kyverno/report/namespace.go +++ b/pkg/kyverno/report/namespace.go @@ -22,7 +22,7 @@ func NamespaceCommand() *cobra.Command { Short: "generate report", Example: fmt.Sprintf("To create a namespace report from background scan:\nkyverno report namespace --namespace=defaults \n kyverno report namespace"), RunE: func(cmd *cobra.Command, args []string) (err error) { - os.Setenv("POLICY-TYPE", "POLICYREPORT") + os.Setenv("POLICY-TYPE", common.PolicyReport) logger := log.Log.WithName("Report") restConfig, err := kubernetesConfig.ToRESTConfig() if err != nil { diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go index c19ca475f2..b9dd9b9b45 100644 --- a/pkg/policy/controller.go +++ b/pkg/policy/controller.go @@ -157,7 +157,7 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, pc.pvControl = RealPVControl{Client: kyvernoClient, Recorder: pc.eventRecorder} - if os.Getenv("POLICY-TYPE") != "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") != common.PolicyReport { cpvInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: pc.addClusterPolicyViolation, UpdateFunc: pc.updateClusterPolicyViolation, @@ -206,7 +206,7 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, // rebuild after 300 seconds/ 5 mins //TODO: pass the time in seconds instead of converting it internally pc.rm = NewResourceManager(30) - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { go func(pc PolicyController) { for k := range time.Tick(60 * time.Second) { pc.log.V(2).Info("Policy Background sync at", "time", k.String()) @@ -354,7 +354,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) { logger.Info("starting") defer logger.Info("shutting down") - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { if !cache.WaitForCacheSync(stopCh, pc.pListerSynced, pc.nsListerSynced) { logger.Info("failed to sync informer cache") return @@ -448,7 +448,7 @@ func (pc *PolicyController) syncPolicy(key string) error { } } } - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { pc.policySync.mux.Lock() pc.policySync.policy = append(pc.policySync.policy, key) pc.policySync.mux.Unlock() @@ -474,7 +474,7 @@ func (pc *PolicyController) syncPolicy(key string) error { } } - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { pc.policySync.mux.Lock() pc.policySync.policy = append(pc.policySync.policy, key) pc.policySync.mux.Unlock() diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go index 6be2a422b0..3961d40f4b 100755 --- a/pkg/policyreport/builder.go +++ b/pkg/policyreport/builder.go @@ -18,7 +18,7 @@ func GeneratePRsFromEngineResponse(ers []response.EngineResponse, log logr.Logge continue } // skip when response succeed - if os.Getenv("POLICY-TYPE") != "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") != common.PolicyReport { if er.IsSuccessful() { continue } @@ -85,7 +85,7 @@ func buildPVInfo(er response.EngineResponse) Info { func buildViolatedRules(er response.EngineResponse) []kyverno.ViolatedRule { var violatedRules []kyverno.ViolatedRule for _, rule := range er.PolicyResponse.Rules { - if os.Getenv("POLICY-TYPE") != "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") != common.PolicyReport { if rule.Success { continue } diff --git a/pkg/policyviolation/builder.go b/pkg/policyviolation/builder.go index 50645d4c3b..c2cf0d7c1c 100755 --- a/pkg/policyviolation/builder.go +++ b/pkg/policyviolation/builder.go @@ -17,7 +17,7 @@ func GeneratePVsFromEngineResponse(ers []response.EngineResponse, log logr.Logge continue } // skip when response succeed - if os.Getenv("POLICY-TYPE") != "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") != common.PolicyReport { if er.IsSuccessful() { continue } diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go index c2b360b44b..cf06a07ca1 100755 --- a/pkg/policyviolation/generator.go +++ b/pkg/policyviolation/generator.go @@ -134,7 +134,7 @@ func NewPVGenerator(client *kyvernoclient.Clientset, job: job, policyStatusListener: policyStatus, } - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { gen.prgen = policyreport.NewPRGenerator(client, dclient, prInformer, @@ -253,7 +253,7 @@ func (gen *Generator) processNextWorkItem() bool { func (gen *Generator) syncHandler(info Info) error { logger := gen.log - if os.Getenv("POLICY-TYPE") == "POLICYREPORT" { + if os.Getenv("POLICY-TYPE") == common.PolicyReport { gen.prgen.Add(policyreport.Info(info)) return nil }