Merge branch 'feature_redesign' into policy_status

.gitignore

@@ -1,7 +1,6 @@
 certs
 Gopkg.lock
 .vscode
-kyverno
 gh-pages/public
 _output
 coverage.txt

main.go

@@ -15,7 +15,7 @@ import (
 	"github.com/nirmata/kyverno/pkg/policyviolation"
 	"github.com/nirmata/kyverno/pkg/utils"
 	"github.com/nirmata/kyverno/pkg/webhooks"
-	kubeinformers "k8s.io/client-go/informers"
+	kubeinformer "k8s.io/client-go/informers"
 	"k8s.io/sample-controller/pkg/signals"
 )
 
@@ -28,6 +28,9 @@ var (
 	webhookTimeout    int
 )
 
+// TODO: tune resync time differently for each informer
+const defaultReSyncTime = 10 * time.Second
+
 func main() {
 	defer glog.Flush()
 	printVersionInfo()
@@ -69,6 +72,11 @@ func main() {
 	// - cache resync time: 10 seconds
 	pInformer := kyvernoinformer.NewSharedInformerFactoryWithOptions(pclient, 10*time.Second)
 
+  // KUBERNETES RESOURCES INFORMER
+	// watches namespace resource
+	// - cache resync time: 10 seconds
+	kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, 10*time.Second)
+
 	// EVENT GENERATOR
 	// - generate event with retry mechanism
 	egen := event.NewEventGenerator(client, pInformer.Kyverno().V1alpha1().Policies())
@@ -78,7 +86,7 @@ func main() {
 	// - process policy on existing resources
 	// - status aggregator: recieves stats when a policy is applied
 	//					    & updates the policy status
-	pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), egen)
+	pc, err := policy.NewPolicyController(pclient, client, pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), egen, kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(), webhookRegistrationClient)
 	if err != nil {
 		glog.Fatalf("error creating policy controller: %v\n", err)
 	}
@@ -91,11 +99,6 @@ func main() {
 		glog.Fatalf("error creating policy violation controller: %v\n", err)
 	}
 
-	// KUBERNETES RESOURCES INFORMER
-	// watches namespace resource
-	// - cache resync time: 10 seconds
-	kubeInformer := kubeinformers.NewSharedInformerFactoryWithOptions(kubeClient, 10*time.Second)
-
 	// GENERATE CONTROLLER
 	// - watches for Namespace resource and generates resource based on the policy generate rule
 	nsc := namespace.NewNamespaceController(pclient, client, kubeInformer.Core().V1().Namespaces(), pInformer.Kyverno().V1alpha1().Policies(), pInformer.Kyverno().V1alpha1().PolicyViolations(), pc.GetPolicyStatusAggregator(), egen)
@@ -111,6 +114,7 @@ func main() {
 	if err != nil {
 		glog.Fatalf("Unable to register admission webhooks on cluster: %v\n", err)
 	}
+  
 	// WEBHOOK REGISTRATION
 	// - validationwebhookconfiguration (Policy)
 	// - mutatingwebhookconfiguration (All resources)

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1alpha1

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_kyverno_client.go

@@ -0,0 +1,44 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/client/clientset/versioned/typed/kyverno/v1alpha1"
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+)
+
+type FakeKyvernoV1alpha1 struct {
+	*testing.Fake
+}
+
+func (c *FakeKyvernoV1alpha1) Policies() v1alpha1.PolicyInterface {
+	return &FakePolicies{c}
+}
+
+func (c *FakeKyvernoV1alpha1) PolicyViolations() v1alpha1.PolicyViolationInterface {
+	return &FakePolicyViolations{c}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeKyvernoV1alpha1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policy.go

@@ -0,0 +1,131 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakePolicies implements PolicyInterface
+type FakePolicies struct {
+	Fake *FakeKyvernoV1alpha1
+}
+
+var policiesResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policies"}
+
+var policiesKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "Policy"}
+
+// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
+func (c *FakePolicies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(policiesResource, name), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// List takes label and field selectors, and returns the list of Policies that match those selectors.
+func (c *FakePolicies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(policiesResource, policiesKind, opts), &v1alpha1.PolicyList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PolicyList{ListMeta: obj.(*v1alpha1.PolicyList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PolicyList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policies.
+func (c *FakePolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(policiesResource, opts))
+}
+
+// Create takes the representation of a policy and creates it.  Returns the server's representation of the policy, and an error, if there is any.
+func (c *FakePolicies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(policiesResource, policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
+func (c *FakePolicies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(policiesResource, policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakePolicies) UpdateStatus(policy *v1alpha1.Policy) (*v1alpha1.Policy, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(policiesResource, "status", policy), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}
+
+// Delete takes name of the policy and deletes it. Returns an error if one occurs.
+func (c *FakePolicies) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteAction(policiesResource, name), &v1alpha1.Policy{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(policiesResource, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PolicyList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policy.
+func (c *FakePolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(policiesResource, name, pt, data, subresources...), &v1alpha1.Policy{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.Policy), err
+}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/fake/fake_policyviolation.go

@@ -0,0 +1,131 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	schema "k8s.io/apimachinery/pkg/runtime/schema"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakePolicyViolations implements PolicyViolationInterface
+type FakePolicyViolations struct {
+	Fake *FakeKyvernoV1alpha1
+}
+
+var policyviolationsResource = schema.GroupVersionResource{Group: "kyverno.io", Version: "v1alpha1", Resource: "policyviolations"}
+
+var policyviolationsKind = schema.GroupVersionKind{Group: "kyverno.io", Version: "v1alpha1", Kind: "PolicyViolation"}
+
+// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
+func (c *FakePolicyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
+func (c *FakePolicyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(policyviolationsResource, policyviolationsKind, opts), &v1alpha1.PolicyViolationList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1alpha1.PolicyViolationList{ListMeta: obj.(*v1alpha1.PolicyViolationList).ListMeta}
+	for _, item := range obj.(*v1alpha1.PolicyViolationList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested policyViolations.
+func (c *FakePolicyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(policyviolationsResource, opts))
+}
+
+// Create takes the representation of a policyViolation and creates it.  Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *FakePolicyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *FakePolicyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(policyviolationsResource, policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakePolicyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateSubresourceAction(policyviolationsResource, "status", policyViolation), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}
+
+// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
+func (c *FakePolicyViolations) Delete(name string, options *v1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteAction(policyviolationsResource, name), &v1alpha1.PolicyViolation{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakePolicyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(policyviolationsResource, listOptions)
+
+	_, err := c.Fake.Invokes(action, &v1alpha1.PolicyViolationList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched policyViolation.
+func (c *FakePolicyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(policyviolationsResource, name, pt, data, subresources...), &v1alpha1.PolicyViolation{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1alpha1.PolicyViolation), err
+}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/generated_expansion.go

@@ -0,0 +1,23 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+type PolicyExpansion interface{}
+
+type PolicyViolationExpansion interface{}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/kyverno_client.go

@@ -0,0 +1,95 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
+	serializer "k8s.io/apimachinery/pkg/runtime/serializer"
+	rest "k8s.io/client-go/rest"
+)
+
+type KyvernoV1alpha1Interface interface {
+	RESTClient() rest.Interface
+	PoliciesGetter
+	PolicyViolationsGetter
+}
+
+// KyvernoV1alpha1Client is used to interact with features provided by the kyverno.io group.
+type KyvernoV1alpha1Client struct {
+	restClient rest.Interface
+}
+
+func (c *KyvernoV1alpha1Client) Policies() PolicyInterface {
+	return newPolicies(c)
+}
+
+func (c *KyvernoV1alpha1Client) PolicyViolations() PolicyViolationInterface {
+	return newPolicyViolations(c)
+}
+
+// NewForConfig creates a new KyvernoV1alpha1Client for the given config.
+func NewForConfig(c *rest.Config) (*KyvernoV1alpha1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return &KyvernoV1alpha1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new KyvernoV1alpha1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *KyvernoV1alpha1Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new KyvernoV1alpha1Client for the given RESTClient.
+func New(c rest.Interface) *KyvernoV1alpha1Client {
+	return &KyvernoV1alpha1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1alpha1.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs}
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *KyvernoV1alpha1Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/policy.go

@@ -0,0 +1,180 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// PoliciesGetter has a method to return a PolicyInterface.
+// A group's client should implement this interface.
+type PoliciesGetter interface {
+	Policies() PolicyInterface
+}
+
+// PolicyInterface has methods to work with Policy resources.
+type PolicyInterface interface {
+	Create(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	Update(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	UpdateStatus(*v1alpha1.Policy) (*v1alpha1.Policy, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error)
+	List(opts v1.ListOptions) (*v1alpha1.PolicyList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error)
+	PolicyExpansion
+}
+
+// policies implements PolicyInterface
+type policies struct {
+	client rest.Interface
+}
+
+// newPolicies returns a Policies
+func newPolicies(c *KyvernoV1alpha1Client) *policies {
+	return &policies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any.
+func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Get().
+		Resource("policies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of Policies that match those selectors.
+func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.PolicyList{}
+	err = c.client.Get().
+		Resource("policies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policies.
+func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("policies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a policy and creates it.  Returns the server's representation of the policy, and an error, if there is any.
+func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Post().
+		Resource("policies").
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any.
+func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Put().
+		Resource("policies").
+		Name(policy.Name).
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *policies) UpdateStatus(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Put().
+		Resource("policies").
+		Name(policy.Name).
+		SubResource("status").
+		Body(policy).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the policy and deletes it. Returns an error if one occurs.
+func (c *policies) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("policies").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("policies").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched policy.
+func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) {
+	result = &v1alpha1.Policy{}
+	err = c.client.Patch(pt).
+		Resource("policies").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/kyverno/v1alpha1/policyviolation.go

@@ -0,0 +1,180 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	"time"
+
+	v1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	scheme "github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// PolicyViolationsGetter has a method to return a PolicyViolationInterface.
+// A group's client should implement this interface.
+type PolicyViolationsGetter interface {
+	PolicyViolations() PolicyViolationInterface
+}
+
+// PolicyViolationInterface has methods to work with PolicyViolation resources.
+type PolicyViolationInterface interface {
+	Create(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	Update(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	UpdateStatus(*v1alpha1.PolicyViolation) (*v1alpha1.PolicyViolation, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1alpha1.PolicyViolation, error)
+	List(opts v1.ListOptions) (*v1alpha1.PolicyViolationList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error)
+	PolicyViolationExpansion
+}
+
+// policyViolations implements PolicyViolationInterface
+type policyViolations struct {
+	client rest.Interface
+}
+
+// newPolicyViolations returns a PolicyViolations
+func newPolicyViolations(c *KyvernoV1alpha1Client) *policyViolations {
+	return &policyViolations{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the policyViolation, and returns the corresponding policyViolation object, and an error if there is any.
+func (c *policyViolations) Get(name string, options v1.GetOptions) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Get().
+		Resource("policyviolations").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PolicyViolations that match those selectors.
+func (c *policyViolations) List(opts v1.ListOptions) (result *v1alpha1.PolicyViolationList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1alpha1.PolicyViolationList{}
+	err = c.client.Get().
+		Resource("policyviolations").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested policyViolations.
+func (c *policyViolations) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("policyviolations").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch()
+}
+
+// Create takes the representation of a policyViolation and creates it.  Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *policyViolations) Create(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Post().
+		Resource("policyviolations").
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a policyViolation and updates it. Returns the server's representation of the policyViolation, and an error, if there is any.
+func (c *policyViolations) Update(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Put().
+		Resource("policyviolations").
+		Name(policyViolation.Name).
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+
+func (c *policyViolations) UpdateStatus(policyViolation *v1alpha1.PolicyViolation) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Put().
+		Resource("policyviolations").
+		Name(policyViolation.Name).
+		SubResource("status").
+		Body(policyViolation).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the policyViolation and deletes it. Returns an error if one occurs.
+func (c *policyViolations) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("policyviolations").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *policyViolations) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	var timeout time.Duration
+	if listOptions.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOptions.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("policyviolations").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched policyViolation.
+func (c *policyViolations) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.PolicyViolation, err error) {
+	result = &v1alpha1.PolicyViolation{}
+	err = c.client.Patch(pt).
+		Resource("policyviolations").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}

pkg/client/informers/externalversions/kyverno/interface.go

@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package kyverno
+
+import (
+	internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+	// V1alpha1 provides access to shared informers for resources in V1alpha1.
+	V1alpha1() v1alpha1.Interface
+}
+
+type group struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1alpha1 returns a new v1alpha1.Interface.
+func (g *group) V1alpha1() v1alpha1.Interface {
+	return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions)
+}

pkg/client/informers/externalversions/kyverno/v1alpha1/interface.go

@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// Policies returns a PolicyInformer.
+	Policies() PolicyInformer
+	// PolicyViolations returns a PolicyViolationInformer.
+	PolicyViolations() PolicyViolationInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// Policies returns a PolicyInformer.
+func (v *version) Policies() PolicyInformer {
+	return &policyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// PolicyViolations returns a PolicyViolationInformer.
+func (v *version) PolicyViolations() PolicyViolationInformer {
+	return &policyViolationInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}

pkg/client/informers/externalversions/kyverno/v1alpha1/policy.go

@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// PolicyInformer provides access to a shared informer and lister for
+// Policies.
+type PolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.PolicyLister
+}
+
+type policyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPolicyInformer constructs a new informer for Policy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyInformer constructs a new informer for Policy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().Policies().List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().Policies().Watch(options)
+			},
+		},
+		&kyvernov1alpha1.Policy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov1alpha1.Policy{}, f.defaultInformer)
+}
+
+func (f *policyInformer) Lister() v1alpha1.PolicyLister {
+	return v1alpha1.NewPolicyLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/kyverno/v1alpha1/policyviolation.go

@@ -0,0 +1,88 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+	time "time"
+
+	kyvernov1alpha1 "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
+	versioned "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/nirmata/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1alpha1 "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// PolicyViolationInformer provides access to a shared informer and lister for
+// PolicyViolations.
+type PolicyViolationInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1alpha1.PolicyViolationLister
+}
+
+type policyViolationInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPolicyViolationInformer constructs a new informer for PolicyViolation type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPolicyViolationInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPolicyViolationInformer constructs a new informer for PolicyViolation type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPolicyViolationInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().PolicyViolations().List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.KyvernoV1alpha1().PolicyViolations().Watch(options)
+			},
+		},
+		&kyvernov1alpha1.PolicyViolation{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *policyViolationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPolicyViolationInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *policyViolationInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&kyvernov1alpha1.PolicyViolation{}, f.defaultInformer)
+}
+
+func (f *policyViolationInformer) Lister() v1alpha1.PolicyViolationLister {
+	return v1alpha1.NewPolicyViolationLister(f.Informer().GetIndexer())
+}

pkg/dclient/client_test.go

@@ -3,7 +3,7 @@ package client
 import (
 	"testing"
 
-	policytypes "github.com/nirmata/kyverno/pkg/apis/policy/v1alpha1"
+	policytypes "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 
 	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -130,7 +130,7 @@ func TestGenerateResource(t *testing.T) {
 	}
 	gen := policytypes.Generation{Kind: "TheKind",
 		Name:  "gen-kind",
-		Clone: &policytypes.CloneFrom{Namespace: "ns-foo", Name: "name-foo"}}
+		Clone: policytypes.CloneFrom{Namespace: "ns-foo", Name: "name-foo"}}
 	err = f.client.GenerateResource(gen, ns.GetName(), false)
 	if err != nil {
 		t.Errorf("GenerateResource not working: %s", err)

pkg/policy/controller.go

@@ -13,9 +13,11 @@ import (
 	"github.com/nirmata/kyverno/pkg/client/clientset/versioned/scheme"
 	kyvernoinformer "github.com/nirmata/kyverno/pkg/client/informers/externalversions/kyverno/v1alpha1"
 	kyvernolister "github.com/nirmata/kyverno/pkg/client/listers/kyverno/v1alpha1"
+	"github.com/nirmata/kyverno/pkg/config"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/utils"
+	"github.com/nirmata/kyverno/pkg/webhooks"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -25,7 +27,9 @@ import (
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
+	webhookinformer "k8s.io/client-go/informers/admissionregistration/v1beta1"
 	typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
+	webhooklister "k8s.io/client-go/listers/admissionregistration/v1beta1"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/workqueue"
@@ -62,8 +66,12 @@ type PolicyController struct {
 	pvLister kyvernolister.PolicyViolationLister
 	// pListerSynced returns true if the Policy store has been synced at least once
 	pListerSynced cache.InformerSynced
-	// pvListerSynced retrns true if the Policy store has been synced at least once
+	// pvListerSynced returns true if the Policy store has been synced at least once
 	pvListerSynced cache.InformerSynced
+	// mutationwebhookLister can list/get mutatingwebhookconfigurations
+	mutationwebhookLister webhooklister.MutatingWebhookConfigurationLister
+	// WebhookRegistrationClient
+	webhookRegistrationClient *webhooks.WebhookRegistrationClient
 	// Resource manager, manages the mapping for already processed resource
 	rm resourceManager
 	// filter the resources defined in the list
@@ -73,7 +81,8 @@ type PolicyController struct {
 }
 
 // NewPolicyController create a new PolicyController
-func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer, eventGen event.Interface) (*PolicyController, error) {
+func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.Client, pInformer kyvernoinformer.PolicyInformer, pvInformer kyvernoinformer.PolicyViolationInformer,
+	eventGen event.Interface, webhookInformer webhookinformer.MutatingWebhookConfigurationInformer, webhookRegistrationClient *webhooks.WebhookRegistrationClient) (*PolicyController, error) {
 	// Event broad caster
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartLogging(glog.Infof)
@@ -84,11 +93,12 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.
 	eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: eventInterface})
 
 	pc := PolicyController{
-		client:        client,
-		kyvernoClient: kyvernoClient,
-		eventGen:      eventGen,
-		eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "policy_controller"}),
-		queue:         workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
+		client:                    client,
+		kyvernoClient:             kyvernoClient,
+		eventGen:                  eventGen,
+		eventRecorder:             eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "policy_controller"}),
+		queue:                     workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
+		webhookRegistrationClient: webhookRegistrationClient,
 	}
 
 	pc.pvControl = RealPVControl{Client: kyvernoClient, Recorder: pc.eventRecorder}
@@ -113,6 +123,8 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset, client *client.
 	pc.pListerSynced = pInformer.Informer().HasSynced
 	pc.pvListerSynced = pInformer.Informer().HasSynced
 
+	pc.mutationwebhookLister = webhookInformer.Lister()
+
 	// resource manager
 	// rebuild after 300 seconds/ 5 mins
 	//TODO: pass the time in seconds instead of converting it internally
@@ -393,8 +405,13 @@ func (pc *PolicyController) syncPolicy(key string) error {
 	policy, err := pc.pLister.Get(key)
 	if errors.IsNotFound(err) {
 		glog.V(2).Infof("Policy %v has been deleted", key)
-		// remove the recorded stats for the policy
+		
+    // remove the recorded stats for the policy
 		pc.statusAggregator.RemovePolicyStats(key)
+    // remove webhook configurations if there are not policies
+    if err := pc.handleWebhookRegistration(true, nil); err != nil {
+			glog.Errorln(err)
+		}
 		return nil
 	}
 
@@ -402,6 +419,10 @@ func (pc *PolicyController) syncPolicy(key string) error {
 		return err
 	}
 
+	if err := pc.handleWebhookRegistration(false, policy); err != nil {
+		glog.Errorln(err)
+	}
+
 	// Deep-copy otherwise we are mutating our cache.
 	// TODO: Deep-copy only when needed.
 	p := policy.DeepCopy()
@@ -419,6 +440,47 @@ func (pc *PolicyController) syncPolicy(key string) error {
 	return pc.syncStatusOnly(p, pvList)
 }
 
+// TODO: here checks mutatingwebhook only
+// as 'kubectl scale' is not funtional with validatingwebhook
+// refer to https://github.com/nirmata/kyverno/issues/250
+func (pc *PolicyController) handleWebhookRegistration(delete bool, policy *kyverno.Policy) error {
+	policies, _ := pc.pLister.List(labels.NewSelector())
+	selector := &metav1.LabelSelector{MatchLabels: config.KubePolicyAppLabels}
+	webhookSelector, err := metav1.LabelSelectorAsSelector(selector)
+	if err != nil {
+		return fmt.Errorf("invalid label selector: %v", err)
+	}
+
+	webhookList, err := pc.mutationwebhookLister.List(webhookSelector)
+	if err != nil {
+		return fmt.Errorf("failed to list mutatingwebhookconfigurations, err %v", err)
+	}
+
+	if delete {
+		if webhookList == nil {
+			return nil
+		}
+
+		// webhook exist, deregister webhookconfigurations on condition
+		// check empty policy first, then rule type in terms of O(time)
+		if policies == nil {
+			glog.V(3).Infoln("No policy found in the cluster, deregistering webhook")
+			pc.webhookRegistrationClient.DeregisterMutatingWebhook()
+		} else if !webhooks.HasMutateOrValidatePolicies(policies) {
+			glog.V(3).Infoln("No muatate/validate policy found in the cluster, deregistering webhook")
+			pc.webhookRegistrationClient.DeregisterMutatingWebhook()
+		}
+		return nil
+	}
+
+	if webhookList == nil && webhooks.HasMutateOrValidate(*policy) {
+		glog.V(3).Infoln("Found policy without mutatingwebhook, registering webhook")
+		pc.webhookRegistrationClient.RegisterMutatingWebhook()
+	}
+
+	return nil
+}
+
 //syncStatusOnly updates the policy status subresource
 // status:
 // 		- violations : (count of the resources that violate this policy )

pkg/webhooks/registration.go

@@ -108,7 +108,7 @@ func (wrc *WebhookRegistrationClient) RegisterPolicyValidatingWebhook() error {
 // This function does not fail on error:
 // Register will fail if the config exists, so there is no need to fail on error
 func (wrc *WebhookRegistrationClient) DeregisterAll() {
-	wrc.deregisterMutatingWebhook()
+	wrc.DeregisterMutatingWebhook()
 	wrc.deregisterValidatingWebhook()
 
 	if wrc.serverIP != "" {
@@ -124,11 +124,11 @@ func (wrc *WebhookRegistrationClient) DeregisterAll() {
 }
 
 func (wrc *WebhookRegistrationClient) deregister() {
-	wrc.deregisterMutatingWebhook()
+	wrc.DeregisterMutatingWebhook()
 	wrc.deregisterValidatingWebhook()
 }
 
-func (wrc *WebhookRegistrationClient) deregisterMutatingWebhook() {
+func (wrc *WebhookRegistrationClient) DeregisterMutatingWebhook() {
 	if wrc.serverIP != "" {
 		err := wrc.registrationClient.MutatingWebhookConfigurations().Delete(config.MutatingWebhookConfigurationDebug, &v1.DeleteOptions{})
 		if err != nil && !errorsapi.IsNotFound(err) {

pkg/webhooks/webhookManager.go

@@ -1,6 +1,8 @@
 package webhooks
 
 import (
+	"reflect"
+
 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
 	v1beta1 "k8s.io/api/admission/v1beta1"
@@ -26,6 +28,10 @@ func (ws *WebhookServer) manageWebhookConfigurations(policy kyverno.Policy, op v
 }
 
 func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) error {
+	if !HasMutateOrValidate(policy) {
+		return nil
+	}
+
 	if !ws.webhookRegistrationClient.MutationRegistered.IsSet() {
 		if err := ws.webhookRegistrationClient.RegisterMutatingWebhook(); err != nil {
 			return err
@@ -39,11 +45,30 @@ func (ws *WebhookServer) registerWebhookConfigurations(policy kyverno.Policy) er
 func (ws *WebhookServer) deregisterWebhookConfigurations(policy kyverno.Policy) error {
 	policies, _ := ws.pLister.List(labels.NewSelector())
 
-	// deregister webhook if no policy found in cluster
-	if len(policies) == 1 {
-		ws.webhookRegistrationClient.deregisterMutatingWebhook()
+	// deregister webhook if no mutate/validate policy found in cluster
+	if !HasMutateOrValidatePolicies(policies) {
+		ws.webhookRegistrationClient.DeregisterMutatingWebhook()
 		glog.Infoln("Mutating webhook deregistered")
 	}
 
 	return nil
 }
+
+func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool {
+	for _, policy := range policies {
+		if HasMutateOrValidate(*policy) {
+			return true
+		}
+	}
+	return false
+}
+
+func HasMutateOrValidate(policy kyverno.Policy) bool {
+	for _, rule := range policy.Spec.Rules {
+		if !reflect.DeepEqual(rule.Mutation, kyverno.Mutation{}) || !reflect.DeepEqual(rule.Validation, kyverno.Validation{}) {
+			glog.Infoln(rule.Name)
+			return true
+		}
+	}
+	return false
+}