mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 07:26:55 +00:00
Rename filterK8Resources to filterK8sResources (#1452)
* Remove lock embedded in CRD controller, use concurrent map to store shcemas * delete rcr info from data store * skip policy validation on status update * - remove status check in policy mutation; - fix test * Remove fqdncn flag * add flag profiling port * skip policy mutation & validation on status update * sync policy status every minute * update log messages * rename filterK8Resources to filterK8sResources
This commit is contained in:
parent
fab777cdd5
commit
3908808e7a
5 changed files with 11 additions and 14 deletions
|
@ -40,7 +40,6 @@ nodeSelector: {}
|
|||
tolerations: []
|
||||
|
||||
extraArgs: []
|
||||
# - --fqdn-as-cn
|
||||
# - --webhooktimeout=4
|
||||
|
||||
resources:
|
||||
|
|
|
@ -40,7 +40,7 @@ const resyncPeriod = 15 * time.Minute
|
|||
var (
|
||||
//TODO: this has been added to backward support command line arguments
|
||||
// will be removed in future and the configuration will be set only via configmaps
|
||||
filterK8Resources string
|
||||
filterK8sResources string
|
||||
kubeconfig string
|
||||
serverIP string
|
||||
runValidationInMutatingWebhook string
|
||||
|
@ -58,7 +58,7 @@ var (
|
|||
func main() {
|
||||
klog.InitFlags(nil)
|
||||
log.SetLogger(klogr.New())
|
||||
flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
|
||||
flag.StringVar(&filterK8sResources, "filterK8sResources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
|
||||
flag.StringVar(&excludeGroupRole, "excludeGroupRole", "", "")
|
||||
flag.StringVar(&excludeUsername, "excludeUsername", "", "")
|
||||
flag.IntVar(&webhookTimeout, "webhooktimeout", 3, "timeout for webhook configurations")
|
||||
|
@ -161,7 +161,7 @@ func main() {
|
|||
configData := config.NewConfigData(
|
||||
kubeClient,
|
||||
kubeInformer.Core().V1().ConfigMaps(),
|
||||
filterK8Resources,
|
||||
filterK8sResources,
|
||||
excludeGroupRole,
|
||||
excludeUsername,
|
||||
log.Log.WithName("ConfigData"),
|
||||
|
|
|
@ -37,7 +37,7 @@ spec:
|
|||
image: ghcr.io/kyverno/kyverno:latest
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
|
||||
- "--filterK8sResources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]"
|
||||
# customize webhook timeout
|
||||
#- "--webhooktimeout=4"
|
||||
# enable profiling
|
||||
|
|
|
@ -83,7 +83,7 @@ type Interface interface {
|
|||
}
|
||||
|
||||
// NewConfigData ...
|
||||
func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8Resources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
|
||||
func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapInformer, filterK8sResources, excludeGroupRole, excludeUsername string, log logr.Logger) *ConfigData {
|
||||
// environment var is read at start only
|
||||
if cmNameEnv == "" {
|
||||
log.Info("ConfigMap name not defined in env:INIT_CONFIG: loading no default configuration")
|
||||
|
@ -100,9 +100,9 @@ func NewConfigData(rclient kubernetes.Interface, cmInformer informers.ConfigMapI
|
|||
|
||||
//TODO: this has been added to backward support command line arguments
|
||||
// will be removed in future and the configuration will be set only via configmaps
|
||||
if filterK8Resources != "" {
|
||||
cd.log.Info("init configuration from commandline arguments for filterK8Resources")
|
||||
cd.initFilters(filterK8Resources)
|
||||
if filterK8sResources != "" {
|
||||
cd.log.Info("init configuration from commandline arguments for filterK8sResources")
|
||||
cd.initFilters(filterK8sResources)
|
||||
}
|
||||
|
||||
if excludeGroupRole != "" {
|
||||
|
|
|
@ -279,6 +279,8 @@ func (gen *Generator) syncHandler(info Info) error {
|
|||
|
||||
func (gen *Generator) sync(reportReq *unstructured.Unstructured, info Info) error {
|
||||
logger := gen.log.WithName("sync report change request")
|
||||
defer logger.V(3).Info("successfully reconciled report change request", "kind", reportReq.GetKind(), "key", info.ToKey())
|
||||
|
||||
reportReq.SetCreationTimestamp(v1.Now())
|
||||
if reportReq.GetKind() == "ClusterReportChangeRequest" {
|
||||
return gen.syncClusterReportChangeRequest(reportReq, logger)
|
||||
|
@ -295,7 +297,6 @@ func (gen *Generator) syncClusterReportChangeRequest(reportReq *unstructured.Uns
|
|||
return fmt.Errorf("failed to create clusterReportChangeRequest: %v", err)
|
||||
}
|
||||
|
||||
logger.V(3).Info("successfully created clusterReportChangeRequest", "name", reportReq.GetName())
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("unable to get %s: %v", reportReq.GetKind(), err)
|
||||
|
@ -309,12 +310,9 @@ func (gen *Generator) syncReportChangeRequest(reportReq *unstructured.Unstructur
|
|||
if err != nil {
|
||||
if apierrors.IsNotFound(err) {
|
||||
if _, err = gen.dclient.CreateResource(reportReq.GetAPIVersion(), reportReq.GetKind(), config.KyvernoNamespace, reportReq, false); err != nil {
|
||||
if !apierrors.IsNotFound(err) {
|
||||
return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
|
||||
}
|
||||
return fmt.Errorf("failed to create ReportChangeRequest: %v", err)
|
||||
}
|
||||
|
||||
logger.V(3).Info("successfully created reportChangeRequest", "name", reportReq.GetName())
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("unable to get existing reportChangeRequest %v", err)
|
||||
|
|
Loading…
Add table
Reference in a new issue