add profiling flags

.gitignore

@@ -4,3 +4,4 @@ Gopkg.lock
 kyverno
 gh-pages/public
 _output
+coverage.txt

init.go

@@ -2,6 +2,10 @@ package main
 
 import (
 	"fmt"
+	"math/rand"
+	"time"
+
+	"github.com/pkg/profile"
 
 	"github.com/golang/glog"
 	client "github.com/nirmata/kyverno/pkg/dclient"
@@ -51,3 +55,48 @@ func initTLSPemPair(configuration *rest.Config, client *client.Client) (*tls.Tls
 	glog.Infoln("Using existing TLS key/certificate pair")
 	return tlsPair, nil
 }
+
+var prof interface {
+	Stop()
+}
+
+func enableProfiling(cpu, memory bool) interface {
+	Stop()
+} {
+
+	file := "/opt/nirmata/kyverno/" + randomString(6)
+	if cpu {
+		glog.Infof("Enable cpu profiling ...")
+		prof = profile.Start(profile.CPUProfile, profile.ProfilePath(file))
+	} else if memory {
+		glog.Infof("Enable memory profiling ...")
+		prof = profile.Start(profile.MemProfile, profile.ProfilePath(file))
+	}
+
+	return prof
+}
+
+func disableProfiling(p interface{ Stop() }) {
+	if p != nil {
+		p.Stop()
+	}
+}
+
+// generate random string
+const charset = "abcdefghijklmnopqrstuvwxyz" +
+	"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+
+var seededRand *rand.Rand = rand.New(
+	rand.NewSource(time.Now().UnixNano()))
+
+func stringWithCharset(length int, charset string) string {
+	b := make([]byte, length)
+	for i := range b {
+		b[i] = charset[seededRand.Intn(len(charset))]
+	}
+	return string(b)
+}
+
+func randomString(length int) string {
+	return stringWithCharset(length, charset)
+}

main.go

@@ -21,11 +21,15 @@ var (
 	kubeconfig        string
 	serverIP          string
 	filterK8Resources string
+	cpu               bool
+	memory            bool
 )
 
 func main() {
 	defer glog.Flush()
 	printVersionInfo()
+	prof = enableProfiling(cpu, memory)
+
 	clientConfig, err := createClientConfig(kubeconfig)
 	if err != nil {
 		glog.Fatalf("Error building kubeconfig: %v\n", err)
@@ -83,15 +87,24 @@ func main() {
 	}
 
 	server.RunAsync()
+
 	<-stopCh
-	server.Stop()
 	genControler.Stop()
 	eventController.Stop()
 	annotationsController.Stop()
 	policyController.Stop()
+	disableProfiling(prof)
+	server.Stop()
 }
 
 func init() {
+	// profiling feature gate
+	// cpu and memory profiling cannot be enabled at same time
+	// if both cpu and memory are enabled
+	// by default is to profile cpu
+	flag.BoolVar(&cpu, "cpu", false, "cpu profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time")
+	flag.BoolVar(&memory, "memory", false, "memory profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time")
+
 	flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
 	flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
 	flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")

pkg/webhooks/validation.go

@@ -101,7 +101,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
 	// If Validation fails then reject the request
 	ok, msg := isAdmSuccesful(policyInfos)
 	// violations are created if "audit" flag is set
-	// and if there are any then we dont bock the resource creation
+	// and if there are any then we dont block the resource creation
 	// Even if one the policy being applied
 
 	if !ok && toBlock(policyInfos) {

scripts/compile-image.sh

@@ -18,7 +18,7 @@ dep ensure -v || exit 2
 echo "# Building executable ${project_name}..."
 chmod +x scripts/update-codegen.sh
 scripts/update-codegen.sh
-CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ${project_name} . || exit 3
+make build || exit 3
 
 echo "# Building docker image ${hub_user_name}/${project_name}:${version}"
 cat <<EOF > Dockerfile