add group policy

2025-03-31 03:45:17 +00:00 · 2020-07-16 05:20:37 -07:00 · 2020-07-16 05:20:37 -07:00 · 3dc72b3b8e
commit 3dc72b3b8e
parent 629267c40a af5bc53081
5 changed files with 20 additions and 12 deletions
--- a/.krew.yaml
+++ b/.krew.yaml
@ -10,7 +10,7 @@ spec:
        matchLabels:
          os: linux
          arch: amd64
-      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_linux_x86_64.tar.gz" .TagName }}
+      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_linux_x86_64.tar.gz" .TagName | indent 6 }}
      files:
        - from: kyverno
          to: .
@ -21,7 +21,7 @@ spec:
        matchLabels:
          os: darwin
          arch: amd64
-      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_darwin_x86_64.tar.gz" .TagName }}
+      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_darwin_x86_64.tar.gz" .TagName | indent 6 }}
      files:
        - from: kyverno
          to: .
@ -32,7 +32,7 @@ spec:
        matchLabels:
          os: windows
          arch: amd64
-      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_windows_x86_64.zip" .TagName }}
+      {{addURIAndSha "https://github.com/nirmata/kyverno/releases/download/{{ .TagName }}/kyverno-cli_{{ .TagName }}_windows_x86_64.zip" .TagName | indent 6 }}
      files:
        - from: kyverno.exe
          to: .
--- a/.travis.yml
+++ b/.travis.yml
@ -37,6 +37,8 @@ after_success:
 - |
   if [ $TRAVIS_PULL_REQUEST == 'false' ]
   then
+    git checkout -f
+
    docker login -u $DOCKER_USER -p $DOCKER_PASSWORD || travis_terminate 1
    
    echo "pushing Kyverno image"
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@ -1,7 +1,7 @@
 apiVersion: v1
 name: kyverno
-version: 1.1.7-rc4
-appVersion: v1.1.7-rc4
+version: 1.1.7
+appVersion: v1.1.7
 description: Kubernetes Native Policy Management
 keywords:
  - kubernetes
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -775,7 +775,7 @@ spec:
              fieldPath: metadata.namespace
        - name: KYVERNO_SVC
          value: kyverno-svc
-        image: nirmata/kyverno:v1.1.7-rc4
+        image: nirmata/kyverno:v1.1.7
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 4
@ -807,6 +807,6 @@ spec:
            cpu: 100m
            memory: 50Mi
      initContainers:
-      - image: nirmata/kyvernopre:v1.1.7-rc4
+      - image: nirmata/kyvernopre:v1.1.7
        name: kyverno-pre
      serviceAccountName: kyverno-service-account
--- a/pkg/generate/generate.go
+++ b/pkg/generate/generate.go
@ -47,11 +47,17 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
 	policy, err := c.pLister.Get(gr.Spec.Policy)
 	if err != nil {
 		if apierrors.IsNotFound(err) {
-			labels := resource.GetLabels()
-			if labels["policy.kyverno.io/synchronize"] == "enable" {
-				if err := c.client.DeleteResource(gr.Spec.Resource.Kind, gr.Spec.Resource.Namespace, gr.Spec.Resource.Name, false); err != nil {
-					logger.V(4).Info("Generated resource is deleted")
-					return nil, err
+			for _,e := range gr.Status.GeneratedResources {
+				resp, err := c.client.GetResource(e.Kind,e.Namespace,e.Name);
+				if err != nil {
+					logger.Error(err,"Generated resource failed to get","Resource",e.Name)
+				}
+
+				labels := resp.GetLabels()
+				if labels["policy.kyverno.io/synchronize"] == "enable" {
+					if err := c.client.DeleteResource(resp.GetKind(), resp.GetNamespace(), resp.GetName(), false); err != nil {
+						logger.Error(err,"Generated resource is not deleted","Resource",e.Name)
+					}
 				}
 			}
 			return nil, nil