Rename filterK8Resources to filterK8sResources (#1452)

* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources

charts/kyverno/values.yaml

@@ -40,7 +40,6 @@ nodeSelector: {}
 tolerations: []
 
 extraArgs: []
-# - --fqdn-as-cn
 # - --webhooktimeout=4
 
 resources:

cmd/kyverno/main.go

@@ -40,7 +40,7 @@ const resyncPeriod = 15 * time.Minute
 var (
 	//TODO: this has been added to backward support command line arguments
 	// will be removed in future and the configuration will be set only via configmaps
-	filterK8Resources              string
+	filterK8sResources             string
 	kubeconfig                     string
 	serverIP                       string
 	runValidationInMutatingWebhook string
@@ -58,7 +58,7 @@ var (
 func main() {
 	klog.InitFlags(nil)
 	log.SetLogger(klogr.New())
-	flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
+	flag.StringVar(&filterK8sResources, "filterK8sResources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
 	flag.StringVar(&excludeGroupRole, "excludeGroupRole", "", "")
 	flag.StringVar(&excludeUsername, "excludeUsername", "", "")
 	flag.IntVar(&webhookTimeout, "webhooktimeout", 3, "timeout for webhook configurations")
@@ -161,7 +161,7 @@ func main() {
 	configData := config.NewConfigData(
 		kubeClient,
 		kubeInformer.Core().V1().ConfigMaps(),
-		filterK8Resources,
+		filterK8sResources,
 		excludeGroupRole,
 		excludeUsername,
 		log.Log.WithName("ConfigData"),

definitions/manifest/deployment.yaml

@@ -37,7 +37,7 @@ spec:
           image: ghcr.io/kyverno/kyverno:latest
           imagePullPolicy: Always
           args:
-          - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
+          - "--filterK8sResources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
           # customize webhook timeout
           #- "--webhooktimeout=4"
           # enable profiling

pkg/config/dynamicconfig.go

@@ -83,7 +83,7 @@ type Interface interface {
 }
 
 // NewConfigData ...
-func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8Resources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
+func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8sResources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
 	// environment var is read at start only
 	if cmNameEnv == "" {
 		log.Info("ConfigMap name not defined in env:INIT_CONFIG: loading no default configuration")
@@ -100,9 +100,9 @@ func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapI
 
 	//TODO: this has been added to backward support command line arguments
 	// will be removed in future and the configuration will be set only via configmaps
-	if filterK8Resources != "" {
-		cd.log.Info("init configuration from commandline arguments for filterK8Resources")
-		cd.initFilters(filterK8Resources)
+	if filterK8sResources != "" {
+		cd.log.Info("init configuration from commandline arguments for filterK8sResources")
+		cd.initFilters(filterK8sResources)
 	}
 
 	if excludeGroupRole != "" {

pkg/policyreport/reportrequest.go

@@ -279,6 +279,8 @@ func (gen *Generator) syncHandler(info Info) error {
 
 func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) error {
 	logger := gen.log.WithName("sync report change request")
+	defer logger.V(3).Info("successfully reconciled report change request", "kind", reportReq.GetKind(), "key", info.ToKey())
+
 	reportReq.SetCreationTimestamp(v1.Now())
 	if reportReq.GetKind() == "ClusterReportChangeRequest" {
 		return gen.syncClusterReportChangeRequest(reportReq, logger)
@@ -295,7 +297,6 @@ func (gen *Generator) syncClusterReportChangeRequest(reportReq *unstructured.Uns
 				return fmt.Errorf("failed to create clusterReportChangeRequest: %v", err)
 			}
 
-			logger.V(3).Info("successfully created clusterReportChangeRequest", "name", reportReq.GetName())
 			return nil
 		}
 		return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
@@ -309,12 +310,9 @@ func (gen *Generator) syncReportChangeRequest(reportReq *unstructured.Unstructur
 	if err != nil {
 		if apierrors.IsNotFound(err) {
 			if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), config.KyvernoNamespace, reportReq, false); err != nil {
-				if !apierrors.IsNotFound(err) {
-					return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
-				}
+				return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
 			}
 
-			logger.V(3).Info("successfully created reportChangeRequest", "name", reportReq.GetName())
 			return nil
 		}
 		return fmt.Errorf("unable to get existing reportChangeRequest %v", err)