mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
refactor: use BackgroundProcessingEnabled method (#3544)
Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
This commit is contained in:
parent
a93ac45586
commit
4b3de26433
8 changed files with 26 additions and 15 deletions
13
Makefile
13
Makefile
|
@ -466,3 +466,16 @@ verify-helm: gen-helm ## Check Helm charts are up to date
|
||||||
.PHONY: help
|
.PHONY: help
|
||||||
help: ## Shows the available commands
|
help: ## Shows the available commands
|
||||||
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
|
||||||
|
|
||||||
|
|
||||||
|
.PHONY: kind-deploy
|
||||||
|
kind-deploy: docker-build-initContainer-local docker-build-kyverno-local
|
||||||
|
kind load docker-image $(REPO)/$(INITC_IMAGE):$(IMAGE_TAG_DEV)
|
||||||
|
kind load docker-image $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV)
|
||||||
|
helm upgrade --install kyverno --namespace kyverno --create-namespace ./charts/kyverno \
|
||||||
|
--set image.repository=$(REPO)/$(KYVERNO_IMAGE) \
|
||||||
|
--set image.tag=$(IMAGE_TAG_DEV) \
|
||||||
|
--set initImage.repository=$(REPO)/$(INITC_IMAGE) \
|
||||||
|
--set initImage.tag=$(IMAGE_TAG_DEV) \
|
||||||
|
--set extraArgs={--autogenInternals=true}
|
||||||
|
helm upgrade --install kyverno-policies --namespace kyverno --create-namespace ./charts/kyverno-policies
|
||||||
|
|
|
@ -18,11 +18,10 @@ func ParsePolicyValidationMode(validationFailureAction kyverno.ValidationFailure
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func ParsePolicyBackgroundMode(backgroundMode *bool) PolicyBackgroundMode {
|
func ParsePolicyBackgroundMode(policy kyverno.PolicyInterface) PolicyBackgroundMode {
|
||||||
if backgroundMode == nil || *backgroundMode {
|
if policy.BackgroundProcessingEnabled() {
|
||||||
return BackgroundTrue
|
return BackgroundTrue
|
||||||
}
|
}
|
||||||
|
|
||||||
return BackgroundFalse
|
return BackgroundFalse
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ func (pc PromConfig) RegisterPolicy(policy interface{}, policyChangeType PolicyC
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Cluster
|
policyType := metrics.Cluster
|
||||||
policyNamespace := "" // doesn't matter for cluster policy
|
policyNamespace := "" // doesn't matter for cluster policy
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
@ -59,7 +59,7 @@ func (pc PromConfig) RegisterPolicy(policy interface{}, policyChangeType PolicyC
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Namespaced
|
policyType := metrics.Namespaced
|
||||||
policyNamespace := inputPolicy.GetNamespace()
|
policyNamespace := inputPolicy.GetNamespace()
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
|
|
@ -60,13 +60,12 @@ func (pc PromConfig) registerPolicyExecutionDurationMetric(
|
||||||
//policy - policy related data
|
//policy - policy related data
|
||||||
//engineResponse - resource and rule related data
|
//engineResponse - resource and rule related data
|
||||||
func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error {
|
func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engineResponse response.EngineResponse, executionCause metrics.RuleExecutionCause, generateRuleLatencyType string, resourceRequestOperation metrics.ResourceRequestOperation) error {
|
||||||
|
|
||||||
policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.GetSpec().GetValidationFailureAction())
|
policyValidationMode, err := metrics.ParsePolicyValidationMode(policy.GetSpec().GetValidationFailureAction())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyType := metrics.Namespaced
|
policyType := metrics.Namespaced
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.GetSpec().Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy)
|
||||||
policyNamespace := policy.GetNamespace()
|
policyNamespace := policy.GetNamespace()
|
||||||
if policyNamespace == "" {
|
if policyNamespace == "" {
|
||||||
policyNamespace = "-"
|
policyNamespace = "-"
|
||||||
|
|
|
@ -59,7 +59,7 @@ func (pc PromConfig) ProcessEngineResponse(policy kyverno.PolicyInterface, engin
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyType := metrics.Namespaced
|
policyType := metrics.Namespaced
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy.GetSpec().Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(policy)
|
||||||
policyNamespace := policy.GetNamespace()
|
policyNamespace := policy.GetNamespace()
|
||||||
if policyNamespace == "" {
|
if policyNamespace == "" {
|
||||||
policyNamespace = "-"
|
policyNamespace = "-"
|
||||||
|
|
|
@ -69,7 +69,7 @@ func (pc PromConfig) AddPolicy(policy interface{}) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Cluster
|
policyType := metrics.Cluster
|
||||||
policyNamespace := "" // doesn't matter for cluster policy
|
policyNamespace := "" // doesn't matter for cluster policy
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
@ -89,7 +89,7 @@ func (pc PromConfig) AddPolicy(policy interface{}) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Namespaced
|
policyType := metrics.Namespaced
|
||||||
policyNamespace := inputPolicy.GetNamespace()
|
policyNamespace := inputPolicy.GetNamespace()
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
@ -117,7 +117,7 @@ func (pc PromConfig) RemovePolicy(policy interface{}) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Cluster
|
policyType := metrics.Cluster
|
||||||
policyNamespace := "" // doesn't matter for cluster policy
|
policyNamespace := "" // doesn't matter for cluster policy
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
@ -136,7 +136,7 @@ func (pc PromConfig) RemovePolicy(policy interface{}) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy.Spec.Background)
|
policyBackgroundMode := metrics.ParsePolicyBackgroundMode(inputPolicy)
|
||||||
policyType := metrics.Namespaced
|
policyType := metrics.Namespaced
|
||||||
policyNamespace := inputPolicy.GetNamespace()
|
policyNamespace := inputPolicy.GetNamespace()
|
||||||
policyName := inputPolicy.GetName()
|
policyName := inputPolicy.GetName()
|
||||||
|
|
|
@ -54,7 +54,7 @@ func (pc *PolicyController) registerPolicyChangesMetricUpdatePolicy(logger logr.
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", oldP.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", oldP.GetName())
|
||||||
}
|
}
|
||||||
// curP will require a new kyverno_policy_changes_total metric if the above update involved change in the following fields:
|
// curP will require a new kyverno_policy_changes_total metric if the above update involved change in the following fields:
|
||||||
if curSpec.Background != oldSpec.Background || curSpec.GetValidationFailureAction() != oldSpec.GetValidationFailureAction() {
|
if curSpec.BackgroundProcessingEnabled() != oldSpec.BackgroundProcessingEnabled() || curSpec.GetValidationFailureAction() != oldSpec.GetValidationFailureAction() {
|
||||||
err = policyChangesMetric.ParsePromConfig(*pc.promConfig).RegisterPolicy(curP, policyChangesMetric.PolicyUpdated)
|
err = policyChangesMetric.ParsePromConfig(*pc.promConfig).RegisterPolicy(curP, policyChangesMetric.PolicyUpdated)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", curP.GetName())
|
logger.Error(err, "error occurred while registering kyverno_policy_changes_total metrics for the above policy's updation", "name", curP.GetName())
|
||||||
|
|
|
@ -81,7 +81,7 @@ func validateJSONPatchPathForForwardSlash(patch string) error {
|
||||||
func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) {
|
func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) {
|
||||||
namespaced := policy.IsNamespaced()
|
namespaced := policy.IsNamespaced()
|
||||||
spec := policy.GetSpec()
|
spec := policy.GetSpec()
|
||||||
background := spec.Background == nil || *spec.Background
|
background := spec.BackgroundProcessingEnabled()
|
||||||
|
|
||||||
var errs field.ErrorList
|
var errs field.ErrorList
|
||||||
specPath := field.NewPath("spec")
|
specPath := field.NewPath("spec")
|
||||||
|
@ -176,7 +176,7 @@ func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if utils.ContainsString(rule.MatchResources.Kinds, "*") && (spec.Background == nil || *spec.Background) {
|
if utils.ContainsString(rule.MatchResources.Kinds, "*") && spec.BackgroundProcessingEnabled() {
|
||||||
return nil, fmt.Errorf("wildcard policy not allowed in background mode. Set spec.background=false to disable background mode for this policy rule ")
|
return nil, fmt.Errorf("wildcard policy not allowed in background mode. Set spec.background=false to disable background mode for this policy rule ")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue