fix https://github.com/kyverno/kyverno/issues/1324

2025-03-29 10:55:05 +00:00 · 2020-11-30 12:54:48 -08:00 · 2020-11-30 12:54:48 -08:00 · 6e1be1c901
commit 6e1be1c901
parent 2344b2c305
3 changed files with 30 additions and 11 deletions
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -111,14 +111,12 @@ func main() {
 		os.Exit(1)
 	}

-	// ======================= resource cache ====================
 	rCache, err := resourcecache.NewResourceCache(log.Log, clientConfig, client, []string{"configmaps"}, []string{})
 	if err != nil {
-		setupLog.Error(err, "Failed to create resource cache")
-		os.Exit(1)
+		setupLog.Error(err, "ConfigMap lookup disabled: failed to create resource cache")
+	} else {
+		rCache.RunAllInformers(log.Log)
 	}
-	rCache.RunAllInformers(log.Log)
-	// ===========================================================

 	// CRD CHECK
 	// - verify if Kyverno CRDs are available
--- a/pkg/policy/apply.go
+++ b/pkg/policy/apply.go
@ -54,6 +54,7 @@ func applyPolicy(policy kyverno.ClusterPolicy, resource unstructured.Unstructure
 	//TODO: GENERATION
 	return engineResponses
 }
+
 func mutation(policy kyverno.ClusterPolicy, resource unstructured.Unstructured, ctx context.EvalInterface, log logr.Logger, resCache resourcecache.ResourceCacheIface, jsonContext *context.Context) (response.EngineResponse, error) {

 	engineResponse := engine.Mutate(engine.PolicyContext{Policy: policy, NewResource: resource, Context: ctx, ResourceCache: resCache, JSONContext: jsonContext})
--- a/pkg/resourcecache/main.go
+++ b/pkg/resourcecache/main.go
@ -1,8 +1,6 @@
 package resourcecache

 import (
-	// "fmt"
-	// "time"
 	"github.com/go-logr/logr"
 	dclient "github.com/kyverno/kyverno/pkg/dclient"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@ -47,19 +45,40 @@ func NewResourceCache(log logr.Logger, config *rest.Config, dclient *dclient.Cli

 	resCache := &ResourceCache{GVRCacheData: cacheData, dinformer: dInformer, match: match, exclude: exclude}

-	err := udateGVRCache(logger, resCache, discoveryIface)
-	if err != nil {
-		logger.Error(err, "error in udateGVRCache function")
-		return nil, err
+	if resCache.matchGVRKey("configmaps") {
+		_, ok := resCache.GVRCacheData["configmaps"]
+		if !ok {
+			updateGVRCacheForConfigMap(resCache)
+		}
+	} else {
+		err := udateGVRCache(logger, resCache, discoveryIface)
+		if err != nil {
+			logger.Error(err, "error in udateGVRCache function")
+			return nil, err
+		}
 	}
+
 	return resCache, nil
 }

+func updateGVRCacheForConfigMap(resc *ResourceCache) {
+	gvrc := &GVRCache{
+		GVR: schema.GroupVersionResource{
+			Version:  "v1",
+			Resource: "configmaps",
+		},
+		Namespaced: true,
+	}
+
+	resc.GVRCacheData["configmaps"] = gvrc
+}
+
 func udateGVRCache(log logr.Logger, resc *ResourceCache, discoveryIface discovery.CachedDiscoveryInterface) error {
 	serverResources, err := discoveryIface.ServerPreferredResources()
 	if err != nil {
 		return err
 	}
+
 	for _, serverResource := range serverResources {
 		groupVersion := serverResource.GroupVersion
 		for _, resource := range serverResource.APIResources {
@ -82,5 +101,6 @@ func udateGVRCache(log logr.Logger, resc *ResourceCache, discoveryIface discover
 			}
 		}
 	}
+
 	return nil
 }