From 8047ed68d3c3ed0a89becd9782d9382af20029c2 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 28 Oct 2019 11:44:48 -0700 Subject: [PATCH 1/3] remove required mark for managedresource "kind" --- definitions/install.yaml | 4 +--- definitions/install_debug.yaml | 4 +--- pkg/api/kyverno/v1alpha1/types.go | 10 +++++----- pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go | 8 ++++---- pkg/policyviolation/controller.go | 2 +- pkg/policyviolation/helpers.go | 2 +- 6 files changed, 13 insertions(+), 17 deletions(-) diff --git a/definitions/install.yaml b/definitions/install.yaml index 2c02576544..fca32f7c52 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -232,15 +232,13 @@ spec: type: string managedResource: type: object - required: - - kind properties: kind: type: string namespace: type: string creationBlocked: - type: bool + type: boolean --- kind: Namespace apiVersion: v1 diff --git a/definitions/install_debug.yaml b/definitions/install_debug.yaml index be2c2aec34..999b160399 100644 --- a/definitions/install_debug.yaml +++ b/definitions/install_debug.yaml @@ -232,12 +232,10 @@ spec: type: string managedResource: type: object - required: - - kind properties: kind: type: string namespace: type: string creationBlocked: - type: bool \ No newline at end of file + type: boolean \ No newline at end of file diff --git a/pkg/api/kyverno/v1alpha1/types.go b/pkg/api/kyverno/v1alpha1/types.go index 7766612876..2d6a31e9a2 100644 --- a/pkg/api/kyverno/v1alpha1/types.go +++ b/pkg/api/kyverno/v1alpha1/types.go @@ -173,13 +173,13 @@ type ResourceSpec struct { // ViolatedRule stores the information regarding the rule type ViolatedRule struct { - Name string `json:"name"` - Type string `json:"type"` - Message string `json:"message"` - ManagedResource ManagedResource `json:"managedResource,omitempty"` + Name string `json:"name"` + Type string `json:"type"` + Message string `json:"message"` + ManagedResource ManagedResourceSpec `json:"managedResource,omitempty"` } -type ManagedResource struct { +type ManagedResourceSpec struct { Kind string `json:"kind,omitempty"` Namespace string `json:"namespace,omitempty"` CreationBlocked bool `json:"creationBlocked,omitempty"` diff --git a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go index ba06870ad8..debd1e0789 100644 --- a/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/api/kyverno/v1alpha1/zz_generated.deepcopy.go @@ -191,17 +191,17 @@ func (in *Generation) DeepCopy() *Generation { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ManagedResource) DeepCopyInto(out *ManagedResource) { +func (in *ManagedResourceSpec) DeepCopyInto(out *ManagedResourceSpec) { *out = *in return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResource. -func (in *ManagedResource) DeepCopy() *ManagedResource { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceSpec. +func (in *ManagedResourceSpec) DeepCopy() *ManagedResourceSpec { if in == nil { return nil } - out := new(ManagedResource) + out := new(ManagedResourceSpec) in.DeepCopyInto(out) return out } diff --git a/pkg/policyviolation/controller.go b/pkg/policyviolation/controller.go index 0175b64dd3..deeee4d5f1 100644 --- a/pkg/policyviolation/controller.go +++ b/pkg/policyviolation/controller.go @@ -259,7 +259,7 @@ func (pvc *PolicyViolationController) syncActiveResource(curPv *kyverno.ClusterP // when rejected resource created in the cluster func (pvc *PolicyViolationController) syncBlockedResource(curPv *kyverno.ClusterPolicyViolation) error { for _, violatedRule := range curPv.Spec.ViolatedRules { - if reflect.DeepEqual(violatedRule.ManagedResource, kyverno.ManagedResource{}) { + if reflect.DeepEqual(violatedRule.ManagedResource, kyverno.ManagedResourceSpec{}) { continue } diff --git a/pkg/policyviolation/helpers.go b/pkg/policyviolation/helpers.go index c41a737cac..4191686a97 100644 --- a/pkg/policyviolation/helpers.go +++ b/pkg/policyviolation/helpers.go @@ -248,7 +248,7 @@ func getOwners(dclient *dclient.Client, unstr unstructured.Unstructured) []pvRes func newViolatedRules(er engine.EngineResponse, msg string) (violatedRules []kyverno.ViolatedRule) { unstr := er.PatchedResource - dependant := kyverno.ManagedResource{ + dependant := kyverno.ManagedResourceSpec{ Kind: unstr.GetKind(), Namespace: unstr.GetNamespace(), CreationBlocked: true, From a7b8041feb7421436d3c6f72f9aac7df5f8b4569 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 28 Oct 2019 12:04:16 -0700 Subject: [PATCH 2/3] retag 0.10.0 --- definitions/install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/definitions/install.yaml b/definitions/install.yaml index fca32f7c52..ee7b10e125 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -298,7 +298,7 @@ spec: serviceAccountName: kyverno-service-account containers: - name: kyverno - image: nirmata/kyverno:latest + image: nirmata/kyverno:v0.10.0 args: - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]" # customize webhook timout From da31a2c6aaca6d605a350639f2fe9ae87ea6cfa3 Mon Sep 17 00:00:00 2001 From: Shuting Zhao Date: Mon, 28 Oct 2019 12:15:39 -0700 Subject: [PATCH 3/3] update tag to latest --- definitions/install.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/definitions/install.yaml b/definitions/install.yaml index ee7b10e125..fca32f7c52 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -298,7 +298,7 @@ spec: serviceAccountName: kyverno-service-account containers: - name: kyverno - image: nirmata/kyverno:v0.10.0 + image: nirmata/kyverno:latest args: - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]" # customize webhook timout