mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

- update json tag of report summary; - update definition manifests; - fix dclient creation

Browse source
This commit is contained in:
Shuting Zhao 2020-10-26 16:08:25 -07:00
parent 954d12c119
commit 32d834ea26
21 changed files with 357 additions and 343 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
charts/kyverno/crds/crds.yaml
View file

@ -288,19 +288,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -572,32 +572,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -701,19 +701,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -982,32 +982,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1362,19 +1362,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -1645,32 +1645,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1774,19 +1774,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -2055,32 +2055,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1

29
cmd/kyverno/main.go
View file

@ -191,20 +191,6 @@ func main() {
pInformer.Kyverno().V1().ClusterPolicies().Lister(),
pInformer.Kyverno().V1().Policies().Lister())
// POLICY VIOLATION GENERATOR
// -- generate policy violation
var pvgen *policyviolation.Generator
pvgen = policyviolation.NewPVGenerator(pclient,
client,
pInformer.Kyverno().V1().ClusterPolicyViolations(),
pInformer.Kyverno().V1().PolicyViolations(),
pInformer.Policy().V1alpha1().ClusterPolicyReports(),
pInformer.Policy().V1alpha1().PolicyReports(),
statusSync.Listener,
log.Log.WithName("PolicyViolationGenerator"),
stopCh,
)
// POLICY Report GENERATOR
// -- generate policy report
var prgen *policyreport.Generator
@ -218,6 +204,21 @@ func main() {
)
}
// POLICY VIOLATION GENERATOR
// -- generate policy violation
var pvgen *policyviolation.Generator
pvgen = policyviolation.NewPVGenerator(pclient,
client,
pInformer.Kyverno().V1().ClusterPolicyViolations(),
pInformer.Kyverno().V1().PolicyViolations(),
pInformer.Policy().V1alpha1().ClusterPolicyReports(),
pInformer.Policy().V1alpha1().PolicyReports(),
statusSync.Listener,
prgen,
log.Log.WithName("PolicyViolationGenerator"),
stopCh,
)
// POLICY CONTROLLER
// - reconciliation policy and policy violation
// - process policy on existing resources

30
definitions/crds/policy.kubernetes.io_clusterpolicyreports.yaml
View file

@ -17,19 +17,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -301,32 +301,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1

30
definitions/crds/policy.kubernetes.io_clusterreportrequests.yaml
View file

@ -17,19 +17,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -298,32 +298,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1

30
definitions/crds/policy.kubernetes.io_policyreports.yaml
View file

@ -17,19 +17,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -300,32 +300,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1

30
definitions/crds/policy.kubernetes.io_reportrequests.yaml
View file

@ -17,19 +17,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -298,32 +298,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1

128
definitions/install.yaml
View file

@ -293,19 +293,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -577,32 +577,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -706,19 +706,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -987,32 +987,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1367,19 +1367,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -1650,32 +1650,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1779,19 +1779,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -2060,32 +2060,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -2128,6 +2128,10 @@ rules:
- policyviolations/status
- generaterequests
- generaterequests/status
- reportrequests
- reportrequests/status
- clusterreportrequests
- clusterreportrequests/status
verbs:
- create
- delete
@ -2482,7 +2486,7 @@ subjects:
apiVersion: v1
data:
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportRequest,*,*][ClusterReportRequest,*,*]'
kind: ConfigMap
metadata:
name: init-config
@ -2521,7 +2525,7 @@ spec:
spec:
containers:
- args:
- --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]
- --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportRequest,*,*][ClusterReportRequest,*,*]
- -v=2
env:
- name: INIT_CONFIG

126
definitions/install_debug.yaml
View file

@ -293,19 +293,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -577,32 +577,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -706,19 +706,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -987,32 +987,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1367,19 +1367,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -1650,32 +1650,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -1779,19 +1779,19 @@ spec:
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
- JSONPath: .summary.Pass
name: Pass
type: integer
- JSONPath: .summary.fail
- JSONPath: .summary.Fail
name: Fail
type: integer
- JSONPath: .summary.warn
- JSONPath: .summary.Warn
name: Warn
type: integer
- JSONPath: .summary.error
- JSONPath: .summary.Error
name: Error
type: integer
- JSONPath: .summary.skip
- JSONPath: .summary.Skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
@ -2060,32 +2060,32 @@ spec:
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
Error:
description: Error provides the count of policies that could not be
evaluated
type: integer
fail:
Fail:
description: Fail provides the count of policies whose requirements
were not met
type: integer
pass:
Pass:
description: Pass provides the count of policies whose requirements
were met
type: integer
skip:
Skip:
description: Skip indicates the count of policies that were not selected
for evaluation
type: integer
warn:
Warn:
description: Warn provides the count of unscored policies whose requirements
were not met
type: integer
required:
- error
- fail
- pass
- skip
- warn
- Error
- Fail
- Pass
- Skip
- Warn
type: object
type: object
version: v1alpha1
@ -2128,6 +2128,10 @@ rules:
- policyviolations/status
- generaterequests
- generaterequests/status
- reportrequests
- reportrequests/status
- clusterreportrequests
- clusterreportrequests/status
verbs:
- create
- delete
@ -2482,7 +2486,7 @@ subjects:
apiVersion: v1
data:
excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportRequest,*,*][ClusterReportRequest,*,*]'
kind: ConfigMap
metadata:
name: init-config

2
definitions/k8s-resource/configmap.yaml
View file

@ -1,6 +1,6 @@
apiVersion: v1
data:
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]'
resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportRequest,*,*][ClusterReportRequest,*,*]'
excludeGroupRole: 'system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler'
kind: ConfigMap
metadata:

4
definitions/k8s-resource/rbac.yaml
View file

@ -186,6 +186,10 @@ rules:
- policyviolations/status
- generaterequests
- generaterequests/status
- reportrequests
- reportrequests/status
- clusterreportrequests
- clusterreportrequests/status
verbs:
- create
- delete

2
definitions/manifest/deployment.yaml
View file

@ -37,7 +37,7 @@ spec:
image: nirmata/kyverno:latest
imagePullPolicy: Always
args:
- "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]"
- "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportRequest,*,*][ClusterReportRequest,*,*]"
# customize webhook timeout
#- "--webhooktimeout=4"
# enable profiling

10
pkg/api/policyreport/v1alpha1/clusterpolicyreport_types.go
View file

@ -30,11 +30,11 @@ import (
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.Pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.Fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.Warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.Error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.Skip`
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:shortName=cpolr

10
pkg/api/policyreport/v1alpha1/clusterreportrequest_types.go
View file

@ -30,11 +30,11 @@ import (
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.Pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.Fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.Warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.Error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.Skip`
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// ClusterReportRequest is the Schema for the reportrequests API

24
pkg/api/policyreport/v1alpha1/policyreport_types.go
View file

@ -22,27 +22,27 @@ import (
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
const (
StatusPass = "pass"
StatusFail = "fail"
StatusPass = "Pass"
StatusFail = "Fail"
)
// PolicyReportSummary provides a status count summary
type PolicyReportSummary struct {
// Pass provides the count of policies whose requirements were met
Pass int `json:"pass"`
Pass int `json:"Pass"`
// Fail provides the count of policies whose requirements were not met
Fail int `json:"fail"`
Fail int `json:"Fail"`
// Warn provides the count of unscored policies whose requirements were not met
Warn int `json:"warn"`
Warn int `json:"Warn"`
// Error provides the count of policies that could not be evaluated
Error int `json:"error"`
Error int `json:"Error"`
// Skip indicates the count of policies that were not selected for evaluation
Skip int `json:"skip"`
Skip int `json:"Skip"`
}
// PolicyStatus has one of the following values:
@ -109,11 +109,11 @@ type PolicyReportResult struct {
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.Pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.Fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.Warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.Error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.Skip`
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:resource:shortName=polr

10
pkg/api/policyreport/v1alpha1/reportrequest_types.go
View file

@ -29,11 +29,11 @@ import (
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=`.scope.kind`,priority=1
// +kubebuilder:printcolumn:name="Name",type=string,JSONPath=`.scope.name`,priority=1
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.skip`
// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=`.summary.Pass`
// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=`.summary.Fail`
// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=`.summary.Warn`
// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=`.summary.Error`
// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=`.summary.Skip`
// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
// ReportRequest is the Schema for the reportrequests API

30
pkg/api/policyreport/v1alpha1/zz_generated.deepcopy.go
View file

@ -1,27 +1,11 @@
// +build !ignore_autogenerated
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by deepcopy-gen. DO NOT EDIT.
// Code generated by controller-gen. DO NOT EDIT.
package v1alpha1
import (
v1 "k8s.io/api/core/v1"
"k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
)
@ -53,7 +37,6 @@ func (in *ClusterPolicyReport) DeepCopyInto(out *ClusterPolicyReport) {
}
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReport.
@ -86,7 +69,6 @@ func (in *ClusterPolicyReportList) DeepCopyInto(out *ClusterPolicyReportList) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReportList.
@ -134,7 +116,6 @@ func (in *ClusterReportRequest) DeepCopyInto(out *ClusterReportRequest) {
}
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportRequest.
@ -167,7 +148,6 @@ func (in *ClusterReportRequestList) DeepCopyInto(out *ClusterReportRequestList)
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterReportRequestList.
@ -215,7 +195,6 @@ func (in *PolicyReport) DeepCopyInto(out *PolicyReport) {
}
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReport.
@ -248,7 +227,6 @@ func (in *PolicyReportList) DeepCopyInto(out *PolicyReportList) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportList.
@ -295,7 +273,6 @@ func (in *PolicyReportResult) DeepCopyInto(out *PolicyReportResult) {
(*out)[key] = val
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportResult.
@ -311,7 +288,6 @@ func (in *PolicyReportResult) DeepCopy() *PolicyReportResult {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PolicyReportSummary) DeepCopyInto(out *PolicyReportSummary) {
*out = *in
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReportSummary.
@ -351,7 +327,6 @@ func (in *ReportRequest) DeepCopyInto(out *ReportRequest) {
}
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportRequest.
@ -384,7 +359,6 @@ func (in *ReportRequestList) DeepCopyInto(out *ReportRequestList) {
(*in)[i].DeepCopyInto(&(*out)[i])
}
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReportRequestList.

4
pkg/policy/controller.go
View file

@ -453,7 +453,9 @@ func (pc *PolicyController) syncPolicy(key string) error {
pc.resourceWebhookWatcher.RegisterResourceWebhook()
engineResponses := pc.processExistingResources(policy)
pc.cleanupAndReport(engineResponses)
if os.Getenv("POLICY-TYPE") == common.PolicyViolation {
pc.cleanupAndReport(engineResponses)
}
return nil
}

17
pkg/policyreport/builder.go
View file

@ -87,8 +87,7 @@ func (pvb *requestBuilder) build(info Info) (*unstructured.Unstructured, error)
}
req := &unstructured.Unstructured{Object: obj}
kind, apiversion := rr.GetObjectKind().GroupVersionKind().ToAPIVersionAndKind()
set(req, kind, apiversion, fmt.Sprintf("reportrequest-%s-%s", info.PolicyName, info.Resource.GetName()), info)
set(req, fmt.Sprintf("reportrequest-%s-%s", info.PolicyName, info.Resource.GetName()), info)
return req, nil
}
@ -102,17 +101,20 @@ func (pvb *requestBuilder) build(info Info) (*unstructured.Unstructured, error)
return nil, err
}
req := &unstructured.Unstructured{Object: obj}
kind, apiversion := rr.GetObjectKind().GroupVersionKind().ToAPIVersionAndKind()
set(req, kind, apiversion, fmt.Sprintf("%s-%s", clusterreportrequest, info.Resource.GetName()), info)
set(req, fmt.Sprintf("%s-%s", clusterreportrequest, info.Resource.GetName()), info)
return req, nil
}
func set(obj *unstructured.Unstructured, kind, apiversion, name string, info Info) {
func set(obj *unstructured.Unstructured, name string, info Info) {
resource := info.Resource
obj.SetName(name)
obj.SetNamespace(resource.GetNamespace())
obj.SetKind(kind)
obj.SetAPIVersion(apiversion)
obj.SetAPIVersion("policy.kubernetes.io/v1alpha1")
if resource.GetNamespace() == "" {
obj.SetKind("ClusterReportRequest")
} else {
obj.SetKind("ReportRequest")
}
obj.SetLabels(map[string]string{
"policy": info.PolicyName,
@ -127,6 +129,7 @@ func set(obj *unstructured.Unstructured, kind, apiversion, name string, info Inf
controllerFlag := true
blockOwnerDeletionFlag := true
obj.SetOwnerReferences([]metav1.OwnerReference{
{
APIVersion: resource.GetAPIVersion(),

51
pkg/policyreport/reportrequest.go
View file

@ -19,6 +19,7 @@ import (
dclient "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/policystatus"
apierrors "k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
unstructured "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -27,7 +28,7 @@ import (
"k8s.io/client-go/util/workqueue"
)
const workQueueName = "policy-violation-controller"
const workQueueName = "report-request-controller"
const workQueueRetryLimit = 3
// Generator creates report request
@ -75,7 +76,7 @@ func NewReportRequestGenerator(client *policyreportclient.Clientset,
return &gen
}
//NewDataStore returns an instance of data store
// NewDataStore returns an instance of data store
func newDataStore() *dataStore {
ds := dataStore{
data: make(map[string]Info),
@ -126,12 +127,7 @@ func (i Info) toKey() string {
return strings.Join(keys, "/")
}
type PVEvent struct {
Namespace map[string][]Info
Cluster map[string][]Info
}
//GeneratorInterface provides API to create PVs
// GeneratorInterface provides API to create PVs
type GeneratorInterface interface {
Add(infos ...Info)
}
@ -142,7 +138,7 @@ func (gen *Generator) enqueue(info Info) {
gen.queue.Add(keyHash)
}
//Add queues a policy violation create request
// Add queues a policy violation create request
func (gen *Generator) Add(infos ...Info) {
for _, info := range infos {
gen.enqueue(info)
@ -252,52 +248,69 @@ func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) erro
}
}()
logger := gen.log.WithName("reportRequestGenerator")
reportReq.SetCreationTimestamp(v1.Now())
if reportReq.GetNamespace() == "" {
old, err := gen.clusterReportRequestLister.Get(reportReq.GetName())
if err != nil {
if apierrors.IsNotFound(err) {
return updateReportRequest(gen.dclient, old, reportReq)
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false); err != nil {
return fmt.Errorf("failed to create clusterReportRequest: %v", err)
}
logger.V(3).Info("successfully created clusterReportRequest", "namespace", reportReq.GetNamespace, "name", reportReq.GetName())
return nil
}
return fmt.Errorf("unable to get clusterReportRequest: %v", err)
return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
}
_, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false)
return fmt.Errorf("failed to create clusterReportRequest: %v", err)
return updateReportRequest(gen.dclient, old, reportReq, logger)
}
old, err := gen.reportRequestLister.ReportRequests(reportReq.GetNamespace()).Get(reportReq.GetName())
if err != nil {
if apierrors.IsNotFound(err) {
return updateReportRequest(gen.dclient, old, reportReq)
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false); err != nil {
return fmt.Errorf("failed to create %s: %v", reportReq.GetKind(), err)
}
logger.V(3).Info("successfully created reportRequest", "namespace", reportReq.GetNamespace, "name", reportReq.GetName())
return nil
}
return fmt.Errorf("unable to get existing reportRequest %v", err)
}
_, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), reportReq.GetNamespace(), reportReq, false)
return fmt.Errorf("failed to create reportRequest: %v", err)
return updateReportRequest(gen.dclient, old, reportReq, logger)
}
func updateReportRequest(dClient *client.Client, old interface{}, new *unstructured.Unstructured) (err error) {
func updateReportRequest(dClient *client.Client, old interface{}, new *unstructured.Unstructured, log logr.Logger) (err error) {
oldUnstructed := make(map[string]interface{})
if oldTyped, ok := old.(*report.ReportRequest); ok {
if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
return fmt.Errorf("unable to convert reportRequest: %v", err)
}
new.SetResourceVersion(oldTyped.GetResourceVersion())
new.SetUID(oldTyped.GetUID())
} else {
oldTyped := old.(*report.ClusterReportRequest)
if oldUnstructed, err = runtime.DefaultUnstructuredConverter.ToUnstructured(oldTyped); err != nil {
return fmt.Errorf("unable to convert clusterReportRequest: %v", err)
}
new.SetUID(oldTyped.GetUID())
new.SetResourceVersion(oldTyped.GetResourceVersion())
}
if !hasResultsChanged(oldUnstructed, new.UnstructuredContent()) {
log.V(4).Info("unchanged report request", "namespace", new.GetNamespace(), "name", new.GetName())
return nil
}
// TODO(shuting): set annotation / label
_, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false)
return fmt.Errorf("failed to update report request: %v", err)
if _, err = dClient.UpdateResource(new.GetAPIVersion(), new.GetKind(), new.GetNamespace(), new, false); err != nil {
return fmt.Errorf("failed to update report request: %v", err)
}
log.V(4).Info("successfully updated report request", "kind", new.GetKind(), "namespace", new.GetNamespace(), "name", new.GetName())
return
}
func hasResultsChanged(old, new map[string]interface{}) bool {

11
pkg/policyviolation/builder.go
View file

@ -6,6 +6,7 @@ import (
"github.com/go-logr/logr"
kyverno "github.com/kyverno/kyverno/pkg/api/kyverno/v1"
report "github.com/kyverno/kyverno/pkg/api/policyreport/v1alpha1"
"github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/engine/response"
)
@ -87,14 +88,20 @@ func buildPVInfo(er response.EngineResponse) Info {
func buildViolatedRules(er response.EngineResponse) []kyverno.ViolatedRule {
var violatedRules []kyverno.ViolatedRule
for _, rule := range er.PolicyResponse.Rules {
if rule.Success {
continue
if os.Getenv("POLICY-TYPE") != common.PolicyReport {
if rule.Success {
continue
}
}
vrule := kyverno.ViolatedRule{
Name: rule.Name,
Type: rule.Type,
Message: rule.Message,
}
vrule.Check = report.StatusFail
if rule.Success {
vrule.Check = report.StatusPass
}
violatedRules = append(violatedRules, vrule)
}
return violatedRules

2
pkg/policyviolation/generator.go
View file

@ -115,6 +115,7 @@ func NewPVGenerator(client *kyvernoclient.Clientset,
prInformer policyreportinformer.ClusterPolicyReportInformer,
nsprInformer policyreportinformer.PolicyReportInformer,
policyStatus policystatus.Listener,
prgen *policyreport.Generator,
log logr.Logger,
stopChna <-chan struct{}) *Generator {
gen := Generator{
@ -126,6 +127,7 @@ func NewPVGenerator(client *kyvernoclient.Clientset,
nspvSynced: nspvInformer.Informer().HasSynced,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
dataStore: newDataStore(),
prgen: prgen,
log: log,
policyStatusListener: policyStatus,
}