mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 12:17:56 +00:00
add profiling flags
This commit is contained in:
parent
4d684fca51
commit
80d1d926ca
5 changed files with 66 additions and 3 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -4,3 +4,4 @@ Gopkg.lock
|
||||||
kyverno
|
kyverno
|
||||||
gh-pages/public
|
gh-pages/public
|
||||||
_output
|
_output
|
||||||
|
coverage.txt
|
||||||
|
|
49
init.go
49
init.go
|
@ -2,6 +2,10 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"math/rand"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"github.com/pkg/profile"
|
||||||
|
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
client "github.com/nirmata/kyverno/pkg/dclient"
|
client "github.com/nirmata/kyverno/pkg/dclient"
|
||||||
|
@ -51,3 +55,48 @@ func initTLSPemPair(configuration *rest.Config, client *client.Client) (*tls.Tls
|
||||||
glog.Infoln("Using existing TLS key/certificate pair")
|
glog.Infoln("Using existing TLS key/certificate pair")
|
||||||
return tlsPair, nil
|
return tlsPair, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var prof interface {
|
||||||
|
Stop()
|
||||||
|
}
|
||||||
|
|
||||||
|
func enableProfiling(cpu, memory bool) interface {
|
||||||
|
Stop()
|
||||||
|
} {
|
||||||
|
|
||||||
|
file := "/opt/nirmata/kyverno/" + randomString(6)
|
||||||
|
if cpu {
|
||||||
|
glog.Infof("Enable cpu profiling ...")
|
||||||
|
prof = profile.Start(profile.CPUProfile, profile.ProfilePath(file))
|
||||||
|
} else if memory {
|
||||||
|
glog.Infof("Enable memory profiling ...")
|
||||||
|
prof = profile.Start(profile.MemProfile, profile.ProfilePath(file))
|
||||||
|
}
|
||||||
|
|
||||||
|
return prof
|
||||||
|
}
|
||||||
|
|
||||||
|
func disableProfiling(p interface{ Stop() }) {
|
||||||
|
if p != nil {
|
||||||
|
p.Stop()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// generate random string
|
||||||
|
const charset = "abcdefghijklmnopqrstuvwxyz" +
|
||||||
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
|
||||||
|
|
||||||
|
var seededRand *rand.Rand = rand.New(
|
||||||
|
rand.NewSource(time.Now().UnixNano()))
|
||||||
|
|
||||||
|
func stringWithCharset(length int, charset string) string {
|
||||||
|
b := make([]byte, length)
|
||||||
|
for i := range b {
|
||||||
|
b[i] = charset[seededRand.Intn(len(charset))]
|
||||||
|
}
|
||||||
|
return string(b)
|
||||||
|
}
|
||||||
|
|
||||||
|
func randomString(length int) string {
|
||||||
|
return stringWithCharset(length, charset)
|
||||||
|
}
|
||||||
|
|
15
main.go
15
main.go
|
@ -21,11 +21,15 @@ var (
|
||||||
kubeconfig string
|
kubeconfig string
|
||||||
serverIP string
|
serverIP string
|
||||||
filterK8Resources string
|
filterK8Resources string
|
||||||
|
cpu bool
|
||||||
|
memory bool
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
defer glog.Flush()
|
defer glog.Flush()
|
||||||
printVersionInfo()
|
printVersionInfo()
|
||||||
|
prof = enableProfiling(cpu, memory)
|
||||||
|
|
||||||
clientConfig, err := createClientConfig(kubeconfig)
|
clientConfig, err := createClientConfig(kubeconfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Fatalf("Error building kubeconfig: %v\n", err)
|
glog.Fatalf("Error building kubeconfig: %v\n", err)
|
||||||
|
@ -83,15 +87,24 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
server.RunAsync()
|
server.RunAsync()
|
||||||
|
|
||||||
<-stopCh
|
<-stopCh
|
||||||
server.Stop()
|
|
||||||
genControler.Stop()
|
genControler.Stop()
|
||||||
eventController.Stop()
|
eventController.Stop()
|
||||||
annotationsController.Stop()
|
annotationsController.Stop()
|
||||||
policyController.Stop()
|
policyController.Stop()
|
||||||
|
disableProfiling(prof)
|
||||||
|
server.Stop()
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
// profiling feature gate
|
||||||
|
// cpu and memory profiling cannot be enabled at same time
|
||||||
|
// if both cpu and memory are enabled
|
||||||
|
// by default is to profile cpu
|
||||||
|
flag.BoolVar(&cpu, "cpu", false, "cpu profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time")
|
||||||
|
flag.BoolVar(&memory, "memory", false, "memory profilling feature gate, default to false || cpu and memory profiling cannot be enabled at the same time")
|
||||||
|
|
||||||
flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
|
flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
|
||||||
flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
|
flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
|
||||||
flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
|
flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
|
||||||
|
|
|
@ -101,7 +101,7 @@ func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest) *v1
|
||||||
// If Validation fails then reject the request
|
// If Validation fails then reject the request
|
||||||
ok, msg := isAdmSuccesful(policyInfos)
|
ok, msg := isAdmSuccesful(policyInfos)
|
||||||
// violations are created if "audit" flag is set
|
// violations are created if "audit" flag is set
|
||||||
// and if there are any then we dont bock the resource creation
|
// and if there are any then we dont block the resource creation
|
||||||
// Even if one the policy being applied
|
// Even if one the policy being applied
|
||||||
|
|
||||||
if !ok && toBlock(policyInfos) {
|
if !ok && toBlock(policyInfos) {
|
||||||
|
|
|
@ -18,7 +18,7 @@ dep ensure -v || exit 2
|
||||||
echo "# Building executable ${project_name}..."
|
echo "# Building executable ${project_name}..."
|
||||||
chmod +x scripts/update-codegen.sh
|
chmod +x scripts/update-codegen.sh
|
||||||
scripts/update-codegen.sh
|
scripts/update-codegen.sh
|
||||||
CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o ${project_name} . || exit 3
|
make build || exit 3
|
||||||
|
|
||||||
echo "# Building docker image ${hub_user_name}/${project_name}:${version}"
|
echo "# Building docker image ${hub_user_name}/${project_name}:${version}"
|
||||||
cat <<EOF > Dockerfile
|
cat <<EOF > Dockerfile
|
||||||
|
|
Loading…
Add table
Reference in a new issue