Merge pull request #589 from nirmata/add_testscenario

Fixes

cmd/kyverno/main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"flag"
+	"reflect"
 	"time"
 
 	"github.com/golang/glog"
@@ -21,6 +22,7 @@ import (
 	"github.com/nirmata/kyverno/pkg/version"
 	"github.com/nirmata/kyverno/pkg/webhookconfig"
 	"github.com/nirmata/kyverno/pkg/webhooks"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	kubeinformers "k8s.io/client-go/informers"
 )
 
@@ -76,6 +78,9 @@ func main() {
 		glog.Fatalf("Error creating kubernetes client: %v\n", err)
 	}
 
+	// TODO(shuting): To be removed for v1.2.0
+	cleanupOldCrd(client)
+
 	// KUBERNETES RESOURCES INFORMER
 	// watches namespace resource
 	// - cache resync time: 10 seconds
@@ -246,3 +251,12 @@ func init() {
 	config.LogDefaultFlags()
 	flag.Parse()
 }
+
+func cleanupOldCrd(client *dclient.Client) {
+	gvr := client.DiscoveryClient.GetGVRFromKind("NamespacedPolicyViolation")
+	if !reflect.DeepEqual(gvr, (schema.GroupVersionResource{})) {
+		if err := client.DeleteResource("CustomResourceDefinition", "", "namespacedpolicyviolations.kyverno.io", false); err != nil {
+			glog.Infof("Failed to remove previous CRD namespacedpolicyviolations: %v", err)
+		}
+	}
+}

pkg/policy/controller.go

@@ -227,6 +227,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
 		glog.Error("failed to sync informer cache")
 		return
 	}
+
 	for i := 0; i < workers; i++ {
 		go wait.Until(pc.worker, time.Second, stopCh)
 	}
@@ -244,6 +245,11 @@ func (pc *PolicyController) worker() {
 }
 
 func (pc *PolicyController) processNextWorkItem() bool {
+	// if policies exist before Kyverno get created, resource webhook configuration
+	// could not be registered as clusterpolicy.spec.background=false by default
+	// the policy controller would starts only when the first incoming policy is queued
+	pc.registerResourceWebhookConfiguration()
+
 	key, quit := pc.queue.Get()
 	if quit {
 		return false

pkg/policy/webhookregistration.go

@@ -29,6 +29,18 @@ func (pc *PolicyController) removeResourceWebhookConfiguration() error {
 	return nil
 }
 
+func (pc *PolicyController) registerResourceWebhookConfiguration() {
+	policies, err := pc.pLister.List(labels.NewSelector())
+	if err != nil {
+		glog.Errorf("failed to register resource webhook configuration, error listing policies: %v", err)
+	}
+
+	if hasMutateOrValidatePolicies(policies) {
+		glog.V(4).Info("Found existing policy, registering resource webhook configuration")
+		pc.resourceWebhookWatcher.RegisterResourceWebhook()
+	}
+}
+
 func hasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool {
 	for _, policy := range policies {
 		if (*policy).HasMutateOrValidate() {

pkg/policyviolation/generator.go

@@ -133,6 +133,7 @@ func (gen *Generator) enqueue(info Info) {
 func (gen *Generator) Add(infos ...Info) {
 	for _, info := range infos {
 		gen.enqueue(info)
+		glog.V(3).Infof("Added policy violation: %s", info.toKey())
 	}
 }
 
@@ -234,9 +235,13 @@ func (gen *Generator) syncHandler(info Info) error {
 	pvs := builder.generate(info)
 	for _, pv := range pvs {
 		// Create Policy Violations
+		glog.V(3).Infof("Creating policy violation: %s", info.toKey())
 		err := handler.create(pv)
 		if err != nil {
 			failure = true
+			glog.V(3).Infof("Failed to create policy violation: %v", err)
+		} else {
+			glog.V(3).Infof("Policy violation created: %s", info.toKey())
 		}
 	}
 	if failure {

pkg/utils/util.go

@@ -68,7 +68,7 @@ func CRDInstalled(discovery client.IDiscovery) bool {
 		glog.Infof("CRD %s found ", kind)
 		return true
 	}
-	if !check("ClusterPolicy") || !check("ClusterPolicyViolation") {
+	if !check("ClusterPolicy") || !check("ClusterPolicyViolation") || !check("PolicyViolation") {
 		return false
 	}
 	return true