mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix patches annotation
This commit is contained in:
Shuting Zhao
parent
02fd1227be
commit
6c8f4f90da
4 changed files with 25 additions and 11 deletions
|
|
@ -44,7 +44,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
|
if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
|
||||||
glog.Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
|
glog.V(3).Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
|
||||||
rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
|
rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
policyAnnotation = "policies.kyverno.io/patches"
|
policyAnnotation = "policies.kyverno.patches"
|
||||||
)
|
)
|
||||||
|
|
||||||
type policyPatch struct {
|
type policyPatch struct {
|
||||||
|
|
@ -30,7 +30,12 @@ type response struct {
|
||||||
Value interface{} `json:"value"`
|
Value interface{} `json:"value"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateAnnotationPatches(annotations map[string]string, engineResponses []engine.EngineResponse) []byte {
|
func generateAnnotationPatches(engineResponses []engine.EngineResponse) []byte {
|
||||||
|
var annotations map[string]string
|
||||||
|
if len(engineResponses) > 0 {
|
||||||
|
annotations = engineResponses[0].PatchedResource.GetAnnotations()
|
||||||
|
}
|
||||||
|
|
||||||
if annotations == nil {
|
if annotations == nil {
|
||||||
annotations = make(map[string]string)
|
annotations = make(map[string]string)
|
||||||
}
|
}
|
||||||
|
|
@ -50,12 +55,21 @@ func generateAnnotationPatches(annotations map[string]string, engineResponses []
|
||||||
Value: string(value),
|
Value: string(value),
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// insert 'policies.kyverno.io' entry in annotation map
|
// mutate rule has annotation patches
|
||||||
annotations[policyAnnotation] = string(value)
|
if len(annotations) > 0 {
|
||||||
patchResponse = response{
|
patchResponse = response{
|
||||||
Op: "add",
|
Op: "add",
|
||||||
Path: "/metadata/annotations",
|
Path: "/metadata/annotations/" + policyAnnotation,
|
||||||
Value: annotations,
|
Value: string(value),
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// insert 'policies.kyverno.patches' entry in annotation map
|
||||||
|
annotations[policyAnnotation] = string(value)
|
||||||
|
patchResponse = response{
|
||||||
|
Op: "add",
|
||||||
|
Path: "/metadata/annotations",
|
||||||
|
Value: annotations,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -99,7 +99,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest,
|
||||||
}
|
}
|
||||||
|
|
||||||
// generate annotations
|
// generate annotations
|
||||||
if annPatches := generateAnnotationPatches(resource.GetAnnotations(), engineResponses); annPatches != nil {
|
if annPatches := generateAnnotationPatches(engineResponses); annPatches != nil {
|
||||||
patches = append(patches, annPatches)
|
patches = append(patches, annPatches)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ spec:
|
||||||
overlay:
|
overlay:
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
+(cluster-autoscaler.kubernetes.io/safe-to-evict): true
|
+(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
|
||||||
spec:
|
spec:
|
||||||
volumes:
|
volumes:
|
||||||
- (emptyDir): {}
|
- (emptyDir): {}
|
||||||
Loading…
Reference in a new issue