Reduce throttling requests for Kyverno managed resources (#3016)

* remove resoureCache from the event controller Signed-off-by: ShutingZhao <shuting@nirmata.com> * create rcr using typed client to reduce PUT throttling request Signed-off-by: ShutingZhao <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2022-01-21 18:36:05 +08:00 · 2022-01-21 18:36:05 +08:00 · 376a8d3b22
commit 376a8d3b22
parent ccb33a08f6
4 changed files with 60 additions and 28 deletions
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -204,7 +204,6 @@ func main() {
 		client,
 		pInformer.Kyverno().V1().ClusterPolicies(),
 		pInformer.Kyverno().V1().Policies(),
-		rCache,
 		log.Log.WithName("EventGenerator"))

 	// POLICY Report GENERATOR
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@ -8,10 +8,8 @@ import (
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
 	client "github.com/kyverno/kyverno/pkg/dclient"
-	"github.com/kyverno/kyverno/pkg/resourcecache"
 	v1 "k8s.io/api/core/v1"
 	errors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
@ -41,7 +39,6 @@ type Generator struct {
 	admissionCtrRecorder record.EventRecorder
 	// events generated at namespaced policy controller to process 'generate' rule
 	genPolicyRecorder record.EventRecorder
-	resCache          resourcecache.ResourceCache
 	log               logr.Logger
 }

@ -51,7 +48,7 @@ type Interface interface {
 }

 //NewEventGenerator to generate a new event controller
-func NewEventGenerator(client *client.Client, cpInformer kyvernoinformer.ClusterPolicyInformer, pInformer kyvernoinformer.PolicyInformer, resCache resourcecache.ResourceCache, log logr.Logger) *Generator {
+func NewEventGenerator(client *client.Client, cpInformer kyvernoinformer.ClusterPolicyInformer, pInformer kyvernoinformer.PolicyInformer, log logr.Logger) *Generator {

 	gen := Generator{
 		client:               client,
@ -63,7 +60,6 @@ func NewEventGenerator(client *client.Client, cpInformer kyvernoinformer.Cluster
 		policyCtrRecorder:    initRecorder(client, PolicyController, log),
 		admissionCtrRecorder: initRecorder(client, AdmissionController, log),
 		genPolicyRecorder:    initRecorder(client, GeneratePolicyController, log),
-		resCache:             resCache,
 		log:                  log,
 	}
 	return &gen
@ -200,7 +196,7 @@ func (gen *Generator) syncHandler(key Info) error {
 			return err
 		}
 	default:
-		robj, err = gen.getResource(key)
+		robj, err = gen.client.GetResource("", key.Kind, key.Namespace, key.Name)
 		if err != nil {
 			if !errors.IsNotFound(err) {
 				logger.Error(err, "failed to get resource", "kind", key.Kind, "name", key.Name, "namespace", key.Namespace)
@ -229,21 +225,6 @@ func (gen *Generator) syncHandler(key Info) error {
 	return nil
 }

-func (gen *Generator) getResource(key Info) (obj *unstructured.Unstructured, err error) {
-	lister, ok := gen.resCache.GetGVRCache(key.Kind)
-	if !ok {
-		if lister, err = gen.resCache.CreateGVKInformer(key.Kind); err != nil {
-			return nil, err
-		}
-	}
-
-	if key.Namespace == "" {
-		return lister.Lister().Get(key.Name)
-	}
-
-	return lister.Lister().Namespace(key.Namespace).Get(key.Name)
-}
-
 //NewEvent builds a event creation request
 func NewEvent(
 	log logr.Logger,
--- a/pkg/policyreport/changerequestcreator.go
+++ b/pkg/policyreport/changerequestcreator.go
@ -1,17 +1,22 @@
 package policyreport

 import (
+	"context"
 	"crypto/rand"
+	"encoding/json"
 	"math/big"
 	"reflect"
 	"sync"
 	"time"

 	"github.com/go-logr/logr"
+	report "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	policyreportclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	"github.com/kyverno/kyverno/pkg/config"
-	dclient "github.com/kyverno/kyverno/pkg/dclient"
 	"github.com/patrickmn/go-cache"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 )

 // creator is an interface that buffers report change requests
@ -23,7 +28,7 @@ type creator interface {
 }

 type changeRequestCreator struct {
-	dclient *dclient.Client
+	client *policyreportclient.Clientset

 	// addCache preserves requests that are to be added to report
 	RCRCache *cache.Cache
@ -39,9 +44,9 @@ type changeRequestCreator struct {
 	log logr.Logger
 }

-func newChangeRequestCreator(client *dclient.Client, tickerInterval time.Duration, log logr.Logger) creator {
+func newChangeRequestCreator(client *policyreportclient.Clientset, tickerInterval time.Duration, log logr.Logger) creator {
 	return &changeRequestCreator{
-		dclient:        client,
+		client:         client,
 		RCRCache:       cache.New(0, 24*time.Hour),
 		CRCRCache:      cache.New(0, 24*time.Hour),
 		queue:          []string{},
@ -86,8 +91,21 @@ func (c *changeRequestCreator) create(request *unstructured.Unstructured) error
 	ns := ""
 	if request.GetKind() == "ReportChangeRequest" {
 		ns = config.KyvernoNamespace
+		rcr, err := convertToRCR(request)
+		if err != nil {
+			return err
+		}
+
+		_, err = c.client.KyvernoV1alpha2().ReportChangeRequests(ns).Create(context.TODO(), rcr, metav1.CreateOptions{})
+		return err
 	}
-	_, err := c.dclient.CreateResource(request.GetAPIVersion(), request.GetKind(), ns, request, false)
+
+	crcr, err := convertToCRCR(request)
+	if err != nil {
+		return err
+	}
+
+	_, err = c.client.KyvernoV1alpha2().ClusterReportChangeRequests().Create(context.TODO(), crcr, metav1.CreateOptions{})
 	return err
 }

@ -263,3 +281,37 @@ func isDeleteRequest(request *unstructured.Unstructured) bool {

 	return false
 }
+
+func convertToRCR(request *unstructured.Unstructured) (*report.ReportChangeRequest, error) {
+	rcr := report.ReportChangeRequest{}
+	raw, err := request.MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(raw, &rcr)
+	rcr.SetGroupVersionKind(schema.GroupVersionKind{
+		Group:   report.SchemeGroupVersion.Group,
+		Version: report.SchemeGroupVersion.Version,
+		Kind:    "ReportChangeRequest",
+	})
+
+	return &rcr, err
+}
+
+func convertToCRCR(request *unstructured.Unstructured) (*report.ClusterReportChangeRequest, error) {
+	rcr := report.ClusterReportChangeRequest{}
+	raw, err := request.MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(raw, &rcr)
+	rcr.SetGroupVersionKind(schema.GroupVersionKind{
+		Group:   report.SchemeGroupVersion.Group,
+		Version: report.SchemeGroupVersion.Version,
+		Kind:    "ClusterReportChangeRequest",
+	})
+
+	return &rcr, err
+}
--- a/pkg/policyreport/reportrequest.go
+++ b/pkg/policyreport/reportrequest.go
@ -80,7 +80,7 @@ func NewReportChangeRequestGenerator(client *policyreportclient.Clientset,
 		polListerSynced:                  polInformer.Informer().HasSynced,
 		queue:                            workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), workQueueName),
 		dataStore:                        newDataStore(),
-		requestCreator:                   newChangeRequestCreator(dclient, 3*time.Second, log.WithName("requestCreator")),
+		requestCreator:                   newChangeRequestCreator(client, 3*time.Second, log.WithName("requestCreator")),
 		log:                              log,
 	}