1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 07:26:55 +00:00

Rename filterK8Resources to filterK8sResources (#1452)

* Remove lock embedded in CRD controller, use concurrent map to store shcemas

* delete rcr info from data store

* skip policy validation on status update

* - remove status check in policy mutation; - fix test

* Remove fqdncn flag

* add flag profiling port

* skip policy mutation & validation on status update

* sync policy status every minute

* update log messages

* rename filterK8Resources to filterK8sResources
This commit is contained in:
shuting 2021-01-07 11:27:50 -08:00 committed by GitHub
parent fab777cdd5
commit 3908808e7a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 14 deletions

View file

@ -40,7 +40,6 @@ nodeSelector: {}
tolerations: []
extraArgs: []
# - --fqdn-as-cn
# - --webhooktimeout=4
resources:

View file

@ -40,7 +40,7 @@ const resyncPeriod = 15 * time.Minute
var (
//TODO: this has been added to backward support command line arguments
// will be removed in future and the configuration will be set only via configmaps
filterK8Resources string
filterK8sResources string
kubeconfig string
serverIP string
runValidationInMutatingWebhook string
@ -58,7 +58,7 @@ var (
func main() {
klog.InitFlags(nil)
log.SetLogger(klogr.New())
flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
flag.StringVar(&filterK8sResources, "filterK8sResources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
flag.StringVar(&excludeGroupRole, "excludeGroupRole", "", "")
flag.StringVar(&excludeUsername, "excludeUsername", "", "")
flag.IntVar(&webhookTimeout, "webhooktimeout", 3, "timeout for webhook configurations")
@ -161,7 +161,7 @@ func main() {
configData := config.NewConfigData(
kubeClient,
kubeInformer.Core().V1().ConfigMaps(),
filterK8Resources,
filterK8sResources,
excludeGroupRole,
excludeUsername,
log.Log.WithName("ConfigData"),

View file

@ -37,7 +37,7 @@ spec:
image: ghcr.io/kyverno/kyverno:latest
imagePullPolicy: Always
args:
- "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
- "--filterK8sResources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
# customize webhook timeout
#- "--webhooktimeout=4"
# enable profiling

View file

@ -83,7 +83,7 @@ type Interface interface {
}
// NewConfigData ...
func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8Resources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8sResources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
// environment var is read at start only
if cmNameEnv == "" {
log.Info("ConfigMap name not defined in env:INIT_CONFIG: loading no default configuration")
@ -100,9 +100,9 @@ func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapI
//TODO: this has been added to backward support command line arguments
// will be removed in future and the configuration will be set only via configmaps
if filterK8Resources != "" {
cd.log.Info("init configuration from commandline arguments for filterK8Resources")
cd.initFilters(filterK8Resources)
if filterK8sResources != "" {
cd.log.Info("init configuration from commandline arguments for filterK8sResources")
cd.initFilters(filterK8sResources)
}
if excludeGroupRole != "" {

View file

@ -279,6 +279,8 @@ func (gen *Generator) syncHandler(info Info) error {
func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) error {
logger := gen.log.WithName("sync report change request")
defer logger.V(3).Info("successfully reconciled report change request", "kind", reportReq.GetKind(), "key", info.ToKey())
reportReq.SetCreationTimestamp(v1.Now())
if reportReq.GetKind() == "ClusterReportChangeRequest" {
return gen.syncClusterReportChangeRequest(reportReq, logger)
@ -295,7 +297,6 @@ func (gen *Generator) syncClusterReportChangeRequest(reportReq *unstructured.Uns
return fmt.Errorf("failed to create clusterReportChangeRequest: %v", err)
}
logger.V(3).Info("successfully created clusterReportChangeRequest", "name", reportReq.GetName())
return nil
}
return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
@ -309,12 +310,9 @@ func (gen *Generator) syncReportChangeRequest(reportReq *unstructured.Unstructur
if err != nil {
if apierrors.IsNotFound(err) {
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), config.KyvernoNamespace, reportReq, false); err != nil {
if !apierrors.IsNotFound(err) {
return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
}
return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
}
logger.V(3).Info("successfully created reportChangeRequest", "name", reportReq.GetName())
return nil
}
return fmt.Errorf("unable to get existing reportChangeRequest %v", err)