mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
fix patches annotation
This commit is contained in:
parent
02fd1227be
commit
6c8f4f90da
4 changed files with 25 additions and 11 deletions
|
@ -44,7 +44,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
|
|||
}
|
||||
|
||||
if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
|
||||
glog.Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
|
||||
glog.V(3).Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
|
||||
rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
policyAnnotation = "policies.kyverno.io/patches"
|
||||
policyAnnotation = "policies.kyverno.patches"
|
||||
)
|
||||
|
||||
type policyPatch struct {
|
||||
|
@ -30,7 +30,12 @@ type response struct {
|
|||
Value interface{} `json:"value"`
|
||||
}
|
||||
|
||||
func generateAnnotationPatches(annotations map[string]string, engineResponses []engine.EngineResponse) []byte {
|
||||
func generateAnnotationPatches(engineResponses []engine.EngineResponse) []byte {
|
||||
var annotations map[string]string
|
||||
if len(engineResponses) > 0 {
|
||||
annotations = engineResponses[0].PatchedResource.GetAnnotations()
|
||||
}
|
||||
|
||||
if annotations == nil {
|
||||
annotations = make(map[string]string)
|
||||
}
|
||||
|
@ -50,7 +55,15 @@ func generateAnnotationPatches(annotations map[string]string, engineResponses []
|
|||
Value: string(value),
|
||||
}
|
||||
} else {
|
||||
// insert 'policies.kyverno.io' entry in annotation map
|
||||
// mutate rule has annotation patches
|
||||
if len(annotations) > 0 {
|
||||
patchResponse = response{
|
||||
Op: "add",
|
||||
Path: "/metadata/annotations/" + policyAnnotation,
|
||||
Value: string(value),
|
||||
}
|
||||
} else {
|
||||
// insert 'policies.kyverno.patches' entry in annotation map
|
||||
annotations[policyAnnotation] = string(value)
|
||||
patchResponse = response{
|
||||
Op: "add",
|
||||
|
@ -58,6 +71,7 @@ func generateAnnotationPatches(annotations map[string]string, engineResponses []
|
|||
Value: annotations,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
patchByte, _ := json.Marshal(patchResponse)
|
||||
|
||||
|
|
|
@ -99,7 +99,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest,
|
|||
}
|
||||
|
||||
// generate annotations
|
||||
if annPatches := generateAnnotationPatches(resource.GetAnnotations(), engineResponses); annPatches != nil {
|
||||
if annPatches := generateAnnotationPatches(engineResponses); annPatches != nil {
|
||||
patches = append(patches, annPatches)
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ spec:
|
|||
overlay:
|
||||
metadata:
|
||||
annotations:
|
||||
+(cluster-autoscaler.kubernetes.io/safe-to-evict): true
|
||||
+(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
|
||||
spec:
|
||||
volumes:
|
||||
- (emptyDir): {}
|
Loading…
Reference in a new issue