From cc4fa3777ebeba380b4197db99a7396e90cb74df Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 16:57:26 -0700
Subject: [PATCH 01/12] Add crd 1.16+ spec

---
 Makefile                   |  2 +-
 pkg/openapi/crdSync.go     | 69 ++++++++++++++++++++++++++++----------
 pkg/webhooks/mutation.go   |  2 +-
 pkg/webhooks/validation.go |  2 +-
 4 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/Makefile b/Makefile
index 824f8b92e4..337e4fef43 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ TIMESTAMP := $(shell date '+%Y-%m-%d_%I:%M:%S%p')
 
 REGISTRY=index.docker.io
 REPO=$(REGISTRY)/nirmata/kyverno
-IMAGE_TAG=$(GIT_VERSION)
+IMAGE_TAG?=$(GIT_VERSION)
 GOOS ?= $(shell go env GOOS)
 PACKAGE ?=github.com/nirmata/kyverno
 LD_FLAGS="-s -w -X $(PACKAGE)/pkg/version.BuildVersion=$(GIT_VERSION) -X $(PACKAGE)/pkg/version.BuildHash=$(GIT_HASH) -X $(PACKAGE)/pkg/version.BuildTime=$(TIMESTAMP)"
diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index 01ccab88bb..c7bed83bf9 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -28,6 +28,36 @@ type crdSync struct {
 	controller *Controller
 }
 
+// crdDefinitionPrior represents CRD's version prior to 1.16
+var crdDefinitionPrior struct {
+	Spec struct {
+		Names struct {
+			Kind string `json:"kind"`
+		} `json:"names"`
+		Validation struct {
+			OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
+		} `json:"validation"`
+	} `json:"spec"`
+}
+
+// crdDefinitionNew represents CRD in version 1.16+
+var crdDefinitionNew struct {
+	Spec struct {
+		Names struct {
+			Kind string `json:"kind"`
+		} `json:"names"`
+		Versions []struct {
+			Schema struct {
+				OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
+			} `json:"schema"`
+			Storage bool `json:"storage"`
+		} `json:"versions"`
+	} `json:"spec"`
+}
+
+var crdVersion struct {
+}
+
 func NewCRDSync(client *client.Client, controller *Controller) *crdSync {
 	if controller == nil {
 		panic(fmt.Errorf("nil controller sent into crd sync"))
@@ -54,7 +84,7 @@ func (c *crdSync) Run(workers int, stopCh <-chan struct{}) {
 	c.sync()
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.sync, time.Second*25, stopCh)
+		go wait.Until(c.sync, 10*time.Minute, stopCh)
 	}
 }
 
@@ -90,39 +120,42 @@ func (o *Controller) deleteCRDFromPreviousSync() {
 
 func (o *Controller) parseCRD(crd unstructured.Unstructured) {
 	var err error
-	var crdDefinition struct {
-		Spec struct {
-			Names struct {
-				Kind string `json:"kind"`
-			} `json:"names"`
-			Validation struct {
-				OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
-			} `json:"validation"`
-		} `json:"spec"`
-	}
 
 	crdRaw, _ := json.Marshal(crd.Object)
-	_ = json.Unmarshal(crdRaw, &crdDefinition)
+	_ = json.Unmarshal(crdRaw, &crdDefinitionPrior)
 
-	crdName := crdDefinition.Spec.Names.Kind
+	openV3schema := crdDefinitionPrior.Spec.Validation.OpenAPIV3Schema
+	crdName := crdDefinitionPrior.Spec.Names.Kind
 
-	var schema yaml.MapSlice
-	schemaRaw, _ := json.Marshal(crdDefinition.Spec.Validation.OpenAPIV3Schema)
+	if openV3schema == nil {
+		_ = json.Unmarshal(crdRaw, &crdDefinitionNew)
+		for _, crdVersion := range crdDefinitionNew.Spec.Versions {
+			if crdVersion.Storage {
+				openV3schema = crdVersion.Schema.OpenAPIV3Schema
+				crdName = crdDefinitionNew.Spec.Names.Kind
+				break
+			}
+		}
+	}
+
+	schemaRaw, _ := json.Marshal(openV3schema)
 	if len(schemaRaw) < 1 {
-		log.Log.V(4).Info("could not parse crd schema")
+		log.Log.V(3).Info("could not parse crd schema", "name", crdName)
 		return
 	}
 
 	schemaRaw, err = addingDefaultFieldsToSchema(schemaRaw)
 	if err != nil {
-		log.Log.Error(err, "could not parse crd schema:")
+		log.Log.Error(err, "could not parse crd schema", "name", crdName)
 		return
 	}
+
+	var schema yaml.MapSlice
 	_ = yaml.Unmarshal(schemaRaw, &schema)
 
 	parsedSchema, err := openapi_v2.NewSchema(schema, compiler.NewContext("schema", nil))
 	if err != nil {
-		log.Log.Error(err, "could not parse crd schema:")
+		log.Log.Error(err, "could not parse crd schema", "name", crdName)
 		return
 	}
 
diff --git a/pkg/webhooks/mutation.go b/pkg/webhooks/mutation.go
index 0afdefa90a..2a6120bb04 100644
--- a/pkg/webhooks/mutation.go
+++ b/pkg/webhooks/mutation.go
@@ -55,7 +55,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resou
 	}
 
 	for _, policy := range policies {
-		logger.V(2).Info("evaluating policy", "policy", policy.Name)
+		logger.V(3).Info("evaluating policy", "policy", policy.Name)
 
 		policyContext.Policy = policy
 		engineResponse := engine.Mutate(policyContext)
diff --git a/pkg/webhooks/validation.go b/pkg/webhooks/validation.go
index d0b49347ad..048b27d140 100644
--- a/pkg/webhooks/validation.go
+++ b/pkg/webhooks/validation.go
@@ -58,7 +58,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, pol
 	}
 	var engineResponses []response.EngineResponse
 	for _, policy := range policies {
-		logger.V(2).Info("evaluating policy", "policy", policy.Name)
+		logger.V(3).Info("evaluating policy", "policy", policy.Name)
 		policyContext.Policy = policy
 		engineResponse := engine.Validate(policyContext)
 		if reflect.DeepEqual(engineResponse, response.EngineResponse{}) {

From a1957bee4a3bdb641da4f9cc4e806328b727ac3f Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:33:52 -0700
Subject: [PATCH 02/12] suppress log

---
 pkg/event/controller.go | 2 +-
 pkg/policy/apply.go     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/event/controller.go b/pkg/event/controller.go
index a33e50f756..848dad3911 100644
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@@ -67,7 +67,7 @@ func initRecorder(client *client.Client, eventSource Source, log logr.Logger) re
 		return nil
 	}
 	eventBroadcaster := record.NewBroadcaster()
-	eventBroadcaster.StartLogging(klog.Infof)
+	eventBroadcaster.StartLogging(klog.V(5).Infof)
 	eventInterface, err := client.GetEventsInterface()
 	if err != nil {
 		log.Error(err, "failed to get event interface for logging")
diff --git a/pkg/policy/apply.go b/pkg/policy/apply.go
index ad60ad5d6d..d8bca269c3 100644
--- a/pkg/policy/apply.go
+++ b/pkg/policy/apply.go
@@ -22,9 +22,9 @@ import (
 func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, logger logr.Logger) (responses []response.EngineResponse) {
 	startTime := time.Now()
 
-	logger.Info("start applying policy", "startTime", startTime)
+	logger.V(3).Info("start applying policy", "startTime", startTime)
 	defer func() {
-		logger.Info("finisnhed applying policy", "processingTime", time.Since(startTime))
+		logger.V(3).Info("finisnhed applying policy", "processingTime", time.Since(startTime))
 	}()
 
 	var engineResponses []response.EngineResponse

From 126fcd738414108669d8283bcc119b986f81bb3f Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:51:45 -0700
Subject: [PATCH 03/12] fix error "failed to list resources"

---
 pkg/policy/existing.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/policy/existing.go b/pkg/policy/existing.go
index af8dfc09c6..49dfe8019f 100644
--- a/pkg/policy/existing.go
+++ b/pkg/policy/existing.go
@@ -83,9 +83,14 @@ func getResourcesPerNamespace(kind string, client *client.Client, namespace stri
 	//	ls := mergeLabelSectors(rule.MatchResources.Selector, rule.ExcludeResources.Selector)
 	// list resources
 	log.V(4).Info("list resources to be processed")
+
+	if kind == "Namespace" {
+		namespace = ""
+	}
+
 	list, err := client.ListResource(kind, namespace, ls)
 	if err != nil {
-		log.Error(err, "failed to list resources", "kind", kind)
+		log.Error(err, "failed to list resources", "kind", kind, "namespace", namespace)
 		return nil
 	}
 	// filter based on name

From ddc9a8389b208caccf96ce0bb5fd4f3fd09f5fec Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:54:31 -0700
Subject: [PATCH 04/12] increase background sync period to 5 mins

---
 pkg/policyviolation/generator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
index ed3ffe76a2..0a40b9dad4 100644
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@@ -153,7 +153,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, time.Second, stopCh)
+		go wait.Until(gen.runWorker, 5*time.Minute, stopCh)
 	}
 	<-stopCh
 }

From ee1f0f286c24e7ca9950b2e98ab1c41eaa7d09fa Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Sat, 16 May 2020 22:15:09 -0700
Subject: [PATCH 05/12] extract controller resync period to a constant file

---
 pkg/event/controller.go            | 5 ++---
 pkg/generate/cleanup/controller.go | 3 ++-
 pkg/generate/controller.go         | 3 ++-
 pkg/openapi/crdSync.go             | 4 ++--
 pkg/policy/controller.go           | 3 ++-
 pkg/policyviolation/generator.go   | 4 ++--
 pkg/webhooks/generate/generate.go  | 3 ++-
 7 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/pkg/event/controller.go b/pkg/event/controller.go
index 848dad3911..db39f1d9d6 100644
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@@ -1,13 +1,12 @@
 package event
 
 import (
-	"time"
-
 	"github.com/go-logr/logr"
 
 	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -109,7 +108,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, time.Second, stopCh)
+		go wait.Until(gen.runWorker, constant.EventControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/generate/cleanup/controller.go b/pkg/generate/cleanup/controller.go
index 2c31254219..a232dd4813 100644
--- a/pkg/generate/cleanup/controller.go
+++ b/pkg/generate/cleanup/controller.go
@@ -8,6 +8,7 @@ import (
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -199,7 +200,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) {
 		return
 	}
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.worker, time.Second, stopCh)
+		go wait.Until(c.worker, constant.GenerateRequestControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/generate/controller.go b/pkg/generate/controller.go
index b848609177..a03dfe2734 100644
--- a/pkg/generate/controller.go
+++ b/pkg/generate/controller.go
@@ -8,6 +8,7 @@ import (
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/policystatus"
@@ -219,7 +220,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) {
 		return
 	}
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.worker, time.Second, stopCh)
+		go wait.Until(c.worker, constant.GenerateControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index c7bed83bf9..6edfc03ad1 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"time"
 
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -19,6 +18,7 @@ import (
 	openapi_v2 "github.com/googleapis/gnostic/OpenAPIv2"
 	log "sigs.k8s.io/controller-runtime/pkg/log"
 
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/util/wait"
 )
@@ -84,7 +84,7 @@ func (c *crdSync) Run(workers int, stopCh <-chan struct{}) {
 	c.sync()
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.sync, 10*time.Minute, stopCh)
+		go wait.Until(c.sync, constant.CRDControllerResync, stopCh)
 	}
 }
 
diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go
index 2a471a37fe..ce7504e6c2 100644
--- a/pkg/policy/controller.go
+++ b/pkg/policy/controller.go
@@ -10,6 +10,7 @@ import (
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/config"
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/policystore"
@@ -261,7 +262,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(pc.worker, time.Second, stopCh)
+		go wait.Until(pc.worker, constant.PolicyControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
index 0a40b9dad4..e25ae23c6f 100644
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@@ -6,7 +6,6 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
@@ -14,6 +13,7 @@ import (
 	kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	"github.com/nirmata/kyverno/pkg/policystatus"
 
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
@@ -153,7 +153,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, 5*time.Minute, stopCh)
+		go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/webhooks/generate/generate.go b/pkg/webhooks/generate/generate.go
index 3631845541..3e1ded7530 100644
--- a/pkg/webhooks/generate/generate.go
+++ b/pkg/webhooks/generate/generate.go
@@ -8,6 +8,7 @@ import (
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
+	"github.com/nirmata/kyverno/pkg/constant"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 )
@@ -60,7 +61,7 @@ func (g *Generator) Run(workers int) {
 		logger.V(4).Info("shutting down")
 	}()
 	for i := 0; i < workers; i++ {
-		go wait.Until(g.process, time.Second, g.stopCh)
+		go wait.Until(g.process, constant.GenerateControllerResync, g.stopCh)
 	}
 	<-g.stopCh
 }

From 231bfade735e5b8de169672430a9c907a9bf0a6a Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Sat, 16 May 2020 23:27:54 -0700
Subject: [PATCH 06/12] add constant.go

---
 pkg/constant/constant.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 pkg/constant/constant.go

diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
new file mode 100644
index 0000000000..055a4b092e
--- /dev/null
+++ b/pkg/constant/constant.go
@@ -0,0 +1,12 @@
+package constant
+
+import "time"
+
+const (
+	CRDControllerResync             = 10 * time.Minute
+	PolicyViolationControllerResync = 5 * time.Minute
+	PolicyControllerResync          = time.Second
+	EventControllerResync           = time.Second
+	GenerateControllerResync        = time.Second
+	GenerateRequestControllerResync = time.Second
+)

From 57e9aaea5f6b6de6a775740b6e040f428afff9c3 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 16:57:26 -0700
Subject: [PATCH 07/12] Add crd 1.16+ spec

---
 pkg/openapi/crdSync.go | 69 +++++++++++++++++++++++++++++++-----------
 1 file changed, 51 insertions(+), 18 deletions(-)

diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index 01ccab88bb..c7bed83bf9 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -28,6 +28,36 @@ type crdSync struct {
 	controller *Controller
 }
 
+// crdDefinitionPrior represents CRD's version prior to 1.16
+var crdDefinitionPrior struct {
+	Spec struct {
+		Names struct {
+			Kind string `json:"kind"`
+		} `json:"names"`
+		Validation struct {
+			OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
+		} `json:"validation"`
+	} `json:"spec"`
+}
+
+// crdDefinitionNew represents CRD in version 1.16+
+var crdDefinitionNew struct {
+	Spec struct {
+		Names struct {
+			Kind string `json:"kind"`
+		} `json:"names"`
+		Versions []struct {
+			Schema struct {
+				OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
+			} `json:"schema"`
+			Storage bool `json:"storage"`
+		} `json:"versions"`
+	} `json:"spec"`
+}
+
+var crdVersion struct {
+}
+
 func NewCRDSync(client *client.Client, controller *Controller) *crdSync {
 	if controller == nil {
 		panic(fmt.Errorf("nil controller sent into crd sync"))
@@ -54,7 +84,7 @@ func (c *crdSync) Run(workers int, stopCh <-chan struct{}) {
 	c.sync()
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.sync, time.Second*25, stopCh)
+		go wait.Until(c.sync, 10*time.Minute, stopCh)
 	}
 }
 
@@ -90,39 +120,42 @@ func (o *Controller) deleteCRDFromPreviousSync() {
 
 func (o *Controller) parseCRD(crd unstructured.Unstructured) {
 	var err error
-	var crdDefinition struct {
-		Spec struct {
-			Names struct {
-				Kind string `json:"kind"`
-			} `json:"names"`
-			Validation struct {
-				OpenAPIV3Schema interface{} `json:"openAPIV3Schema"`
-			} `json:"validation"`
-		} `json:"spec"`
-	}
 
 	crdRaw, _ := json.Marshal(crd.Object)
-	_ = json.Unmarshal(crdRaw, &crdDefinition)
+	_ = json.Unmarshal(crdRaw, &crdDefinitionPrior)
 
-	crdName := crdDefinition.Spec.Names.Kind
+	openV3schema := crdDefinitionPrior.Spec.Validation.OpenAPIV3Schema
+	crdName := crdDefinitionPrior.Spec.Names.Kind
 
-	var schema yaml.MapSlice
-	schemaRaw, _ := json.Marshal(crdDefinition.Spec.Validation.OpenAPIV3Schema)
+	if openV3schema == nil {
+		_ = json.Unmarshal(crdRaw, &crdDefinitionNew)
+		for _, crdVersion := range crdDefinitionNew.Spec.Versions {
+			if crdVersion.Storage {
+				openV3schema = crdVersion.Schema.OpenAPIV3Schema
+				crdName = crdDefinitionNew.Spec.Names.Kind
+				break
+			}
+		}
+	}
+
+	schemaRaw, _ := json.Marshal(openV3schema)
 	if len(schemaRaw) < 1 {
-		log.Log.V(4).Info("could not parse crd schema")
+		log.Log.V(3).Info("could not parse crd schema", "name", crdName)
 		return
 	}
 
 	schemaRaw, err = addingDefaultFieldsToSchema(schemaRaw)
 	if err != nil {
-		log.Log.Error(err, "could not parse crd schema:")
+		log.Log.Error(err, "could not parse crd schema", "name", crdName)
 		return
 	}
+
+	var schema yaml.MapSlice
 	_ = yaml.Unmarshal(schemaRaw, &schema)
 
 	parsedSchema, err := openapi_v2.NewSchema(schema, compiler.NewContext("schema", nil))
 	if err != nil {
-		log.Log.Error(err, "could not parse crd schema:")
+		log.Log.Error(err, "could not parse crd schema", "name", crdName)
 		return
 	}
 

From 5128a00e9147c67627ceeb5a4897b6c4fc3cef15 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:33:52 -0700
Subject: [PATCH 08/12] suppress log

---
 pkg/event/controller.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/event/controller.go b/pkg/event/controller.go
index a33e50f756..848dad3911 100644
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@@ -67,7 +67,7 @@ func initRecorder(client *client.Client, eventSource Source, log logr.Logger) re
 		return nil
 	}
 	eventBroadcaster := record.NewBroadcaster()
-	eventBroadcaster.StartLogging(klog.Infof)
+	eventBroadcaster.StartLogging(klog.V(5).Infof)
 	eventInterface, err := client.GetEventsInterface()
 	if err != nil {
 		log.Error(err, "failed to get event interface for logging")

From b9d38d2fd32424ac856a188c953ada8267d9a44f Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:51:45 -0700
Subject: [PATCH 09/12] fix error "failed to list resources"

---
 pkg/policy/existing.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/policy/existing.go b/pkg/policy/existing.go
index 5f6fe09c67..44850b4df0 100644
--- a/pkg/policy/existing.go
+++ b/pkg/policy/existing.go
@@ -97,9 +97,14 @@ func getResourcesPerNamespace(kind string, client *client.Client, namespace stri
 	//	ls := mergeLabelSectors(rule.MatchResources.Selector, rule.ExcludeResources.Selector)
 	// list resources
 	log.V(4).Info("list resources to be processed")
+
+	if kind == "Namespace" {
+		namespace = ""
+	}
+
 	list, err := client.ListResource(kind, namespace, ls)
 	if err != nil {
-		log.Error(err, "failed to list resources", "kind", kind)
+		log.Error(err, "failed to list resources", "kind", kind, "namespace", namespace)
 		return nil
 	}
 	// filter based on name

From c79f166dd352e1831c48ac1c7b96799f29a498f6 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Fri, 15 May 2020 18:54:31 -0700
Subject: [PATCH 10/12] increase background sync period to 5 mins

---
 pkg/policyviolation/generator.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
index ed3ffe76a2..0a40b9dad4 100644
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@@ -153,7 +153,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, time.Second, stopCh)
+		go wait.Until(gen.runWorker, 5*time.Minute, stopCh)
 	}
 	<-stopCh
 }

From f97c202d52678cec63a857d3bb3af8c42934f8c1 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Sat, 16 May 2020 22:15:09 -0700
Subject: [PATCH 11/12] extract controller resync period to a constant file

---
 pkg/event/controller.go            | 5 ++---
 pkg/generate/cleanup/controller.go | 3 ++-
 pkg/generate/controller.go         | 3 ++-
 pkg/openapi/crdSync.go             | 4 ++--
 pkg/policy/controller.go           | 3 ++-
 pkg/policyviolation/generator.go   | 4 ++--
 pkg/webhooks/generate/generate.go  | 3 ++-
 7 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/pkg/event/controller.go b/pkg/event/controller.go
index 848dad3911..db39f1d9d6 100644
--- a/pkg/event/controller.go
+++ b/pkg/event/controller.go
@@ -1,13 +1,12 @@
 package event
 
 import (
-	"time"
-
 	"github.com/go-logr/logr"
 
 	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -109,7 +108,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, time.Second, stopCh)
+		go wait.Until(gen.runWorker, constant.EventControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/generate/cleanup/controller.go b/pkg/generate/cleanup/controller.go
index 2c31254219..a232dd4813 100644
--- a/pkg/generate/cleanup/controller.go
+++ b/pkg/generate/cleanup/controller.go
@@ -8,6 +8,7 @@ import (
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -199,7 +200,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) {
 		return
 	}
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.worker, time.Second, stopCh)
+		go wait.Until(c.worker, constant.GenerateRequestControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/generate/controller.go b/pkg/generate/controller.go
index b848609177..a03dfe2734 100644
--- a/pkg/generate/controller.go
+++ b/pkg/generate/controller.go
@@ -8,6 +8,7 @@ import (
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/policystatus"
@@ -219,7 +220,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) {
 		return
 	}
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.worker, time.Second, stopCh)
+		go wait.Until(c.worker, constant.GenerateControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/openapi/crdSync.go b/pkg/openapi/crdSync.go
index c7bed83bf9..6edfc03ad1 100644
--- a/pkg/openapi/crdSync.go
+++ b/pkg/openapi/crdSync.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"time"
 
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -19,6 +18,7 @@ import (
 	openapi_v2 "github.com/googleapis/gnostic/OpenAPIv2"
 	log "sigs.k8s.io/controller-runtime/pkg/log"
 
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/util/wait"
 )
@@ -84,7 +84,7 @@ func (c *crdSync) Run(workers int, stopCh <-chan struct{}) {
 	c.sync()
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(c.sync, 10*time.Minute, stopCh)
+		go wait.Until(c.sync, constant.CRDControllerResync, stopCh)
 	}
 }
 
diff --git a/pkg/policy/controller.go b/pkg/policy/controller.go
index a0d3934be3..250aab5fe4 100644
--- a/pkg/policy/controller.go
+++ b/pkg/policy/controller.go
@@ -10,6 +10,7 @@ import (
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/nirmata/kyverno/pkg/config"
+	"github.com/nirmata/kyverno/pkg/constant"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/policystore"
@@ -264,7 +265,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(pc.worker, time.Second, stopCh)
+		go wait.Until(pc.worker, constant.PolicyControllerResync, stopCh)
 	}
 
 	<-stopCh
diff --git a/pkg/policyviolation/generator.go b/pkg/policyviolation/generator.go
index 0a40b9dad4..e25ae23c6f 100644
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@@ -6,7 +6,6 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"time"
 
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
@@ -14,6 +13,7 @@ import (
 	kyvernov1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1"
+	"github.com/nirmata/kyverno/pkg/constant"
 	"github.com/nirmata/kyverno/pkg/policystatus"
 
 	dclient "github.com/nirmata/kyverno/pkg/dclient"
@@ -153,7 +153,7 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
 	}
 
 	for i := 0; i < workers; i++ {
-		go wait.Until(gen.runWorker, 5*time.Minute, stopCh)
+		go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
 	}
 	<-stopCh
 }
diff --git a/pkg/webhooks/generate/generate.go b/pkg/webhooks/generate/generate.go
index 3631845541..3e1ded7530 100644
--- a/pkg/webhooks/generate/generate.go
+++ b/pkg/webhooks/generate/generate.go
@@ -8,6 +8,7 @@ import (
 	"github.com/go-logr/logr"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1"
 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
+	"github.com/nirmata/kyverno/pkg/constant"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 )
@@ -60,7 +61,7 @@ func (g *Generator) Run(workers int) {
 		logger.V(4).Info("shutting down")
 	}()
 	for i := 0; i < workers; i++ {
-		go wait.Until(g.process, time.Second, g.stopCh)
+		go wait.Until(g.process, constant.GenerateControllerResync, g.stopCh)
 	}
 	<-g.stopCh
 }

From df59b97bc7f933b0470a9f2b18c9d8ec57dfce89 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Sat, 16 May 2020 23:27:54 -0700
Subject: [PATCH 12/12] add constant.go

---
 pkg/constant/constant.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 pkg/constant/constant.go

diff --git a/pkg/constant/constant.go b/pkg/constant/constant.go
new file mode 100644
index 0000000000..055a4b092e
--- /dev/null
+++ b/pkg/constant/constant.go
@@ -0,0 +1,12 @@
+package constant
+
+import "time"
+
+const (
+	CRDControllerResync             = 10 * time.Minute
+	PolicyViolationControllerResync = 5 * time.Minute
+	PolicyControllerResync          = time.Second
+	EventControllerResync           = time.Second
+	GenerateControllerResync        = time.Second
+	GenerateRequestControllerResync = time.Second
+)