1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00

fix patches annotation

This commit is contained in:
Shuting Zhao 2019-11-11 18:52:26 -08:00
parent 02fd1227be
commit 6c8f4f90da
4 changed files with 25 additions and 11 deletions

View file

@ -44,7 +44,7 @@ func Mutate(policyContext PolicyContext) (response EngineResponse) {
}
if !matchAdmissionInfo(rule, policyContext.AdmissionInfo) {
glog.Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
glog.V(3).Infof("rule '%s' cannot be applied on %s/%s/%s, admission permission: %v",
rule.Name, resource.GetKind(), resource.GetNamespace(), resource.GetName(), policyContext.AdmissionInfo)
continue
}

View file

@ -10,7 +10,7 @@ import (
)
const (
policyAnnotation = "policies.kyverno.io/patches"
policyAnnotation = "policies.kyverno.patches"
)
type policyPatch struct {
@ -30,7 +30,12 @@ type response struct {
Value interface{} `json:"value"`
}
func generateAnnotationPatches(annotations map[string]string, engineResponses []engine.EngineResponse) []byte {
func generateAnnotationPatches(engineResponses []engine.EngineResponse) []byte {
var annotations map[string]string
if len(engineResponses) > 0 {
annotations = engineResponses[0].PatchedResource.GetAnnotations()
}
if annotations == nil {
annotations = make(map[string]string)
}
@ -50,7 +55,15 @@ func generateAnnotationPatches(annotations map[string]string, engineResponses []
Value: string(value),
}
} else {
// insert 'policies.kyverno.io' entry in annotation map
// mutate rule has annotation patches
if len(annotations) > 0 {
patchResponse = response{
Op: "add",
Path: "/metadata/annotations/" + policyAnnotation,
Value: string(value),
}
} else {
// insert 'policies.kyverno.patches' entry in annotation map
annotations[policyAnnotation] = string(value)
patchResponse = response{
Op: "add",
@ -58,6 +71,7 @@ func generateAnnotationPatches(annotations map[string]string, engineResponses []
Value: annotations,
}
}
}
patchByte, _ := json.Marshal(patchResponse)

View file

@ -99,7 +99,7 @@ func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest,
}
// generate annotations
if annPatches := generateAnnotationPatches(resource.GetAnnotations(), engineResponses); annPatches != nil {
if annPatches := generateAnnotationPatches(engineResponses); annPatches != nil {
patches = append(patches, annPatches)
}

View file

@ -16,7 +16,7 @@ spec:
overlay:
metadata:
annotations:
+(cluster-autoscaler.kubernetes.io/safe-to-evict): true
+(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
spec:
volumes:
- (emptyDir): {}