- register resource webhook when policy controller starts; - add debug log

2025-04-09 18:52:36 +00:00 · 2020-01-02 19:12:45 -08:00 · 2020-01-02 19:12:45 -08:00 · 956cb0559a
commit 956cb0559a
parent b5192dc559
3 changed files with 23 additions and 0 deletions
--- a/pkg/policy/controller.go
+++ b/pkg/policy/controller.go
@ -227,6 +227,12 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
 		glog.Error("failed to sync informer cache")
 		return
 	}
+
+	// if policies exist before Kyverno get created, resource webhook configuration
+	// could not be registered as clusterpolicy.spec.background=false by default
+	// the policy controller would starts only when the first incoming policy is queued
+	pc.registerResourceWebhookConfiguration()
+
 	for i := 0; i < workers; i++ {
 		go wait.Until(pc.worker, time.Second, stopCh)
 	}
--- a/pkg/policy/webhookregistration.go
+++ b/pkg/policy/webhookregistration.go
@ -29,6 +29,18 @@ func (pc *PolicyController) removeResourceWebhookConfiguration() error {
 	return nil
 }

+func (pc *PolicyController) registerResourceWebhookConfiguration() {
+	policies, err := pc.pLister.List(labels.NewSelector())
+	if err != nil {
+		glog.Errorf("failed to register resource webhook configuration, error listing policies: %v", err)
+	}
+
+	if hasMutateOrValidatePolicies(policies) {
+		glog.V(4).Info("Found existing policy, registering resource webhook configuration")
+		pc.resourceWebhookWatcher.RegisterResourceWebhook()
+	}
+}
+
 func hasMutateOrValidatePolicies(policies []*kyverno.ClusterPolicy) bool {
 	for _, policy := range policies {
 		if (*policy).HasMutateOrValidate() {
--- a/pkg/policyviolation/generator.go
+++ b/pkg/policyviolation/generator.go
@ -133,6 +133,7 @@ func (gen *Generator) enqueue(info Info) {
 func (gen *Generator) Add(infos ...Info) {
 	for _, info := range infos {
 		gen.enqueue(info)
+		glog.V(3).Infof("Added policy violation: %s", info.toKey())
 	}
 }

@ -234,9 +235,13 @@ func (gen *Generator) syncHandler(info Info) error {
 	pvs := builder.generate(info)
 	for _, pv := range pvs {
 		// Create Policy Violations
+		glog.V(3).Infof("Creating policy violation: %s", info.toKey())
 		err := handler.create(pv)
 		if err != nil {
 			failure = true
+			glog.V(3).Infof("Failed to create policy violation: %v", err)
+		} else {
+			glog.V(3).Infof("Policy violation created: %s", info.toKey())
 		}
 	}
 	if failure {