mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 02:45:06 +00:00
Code Activity

configmap added

Browse source
This commit is contained in:
Yuvraj 2020-08-29 04:31:40 +05:30
parent 3ebf9d43fc
commit a01bfc7f15
6 changed files with 532 additions and 91 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

346
charts/kyverno/crds/crds.yaml
View file

@ -273,6 +273,179 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
name: clusterpolicyreports.policy.kubernetes.io
spec:
additionalPrinterColumns:
- JSONPath: .scope.kind
name: Kind
priority: 1
type: string
- JSONPath: .scope.name
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
name: Pass
type: integer
- JSONPath: .summary.fail
name: Fail
type: integer
- JSONPath: .summary.warn
name: Warn
type: integer
- JSONPath: .summary.error
name: Error
type: integer
- JSONPath: .summary.skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: policy.kubernetes.io
names:
kind: ClusterPolicyReport
listKind: ClusterPolicyReportList
plural: clusterpolicyreports
singular: clusterpolicyreport
scope: Namespaced
subresources: {}
validation:
openAPIV3Schema:
description: ClusterPolicyReport is the Schema for the clusterpolicyreports API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
results:
description: PolicyReportResult provides result details
items:
description: PolicyReportResult provides the result for an individual policy or rule
properties:
data:
additionalProperties:
type: string
description: Data provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
type: string
policy:
description: Policy is the name of the policy
type: string
resource:
description: Resource is an optional reference to the resource check bu the policy rule
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
rule:
description: Rule is the name of the policy rule
type: string
scored:
description: Scored indicates if this policy rule is scored
type: boolean
status:
description: Status indicates the result of the policy rule check
enum:
- Pass
- Fail
- Warn
- Error
- Skip
type: string
required:
- policy
type: object
type: array
scope:
description: Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
type: integer
fail:
type: integer
pass:
type: integer
skip:
type: integer
warn:
type: integer
required:
- error
- fail
- pass
- skip
- warn
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterpolicyviolations.kyverno.io
spec:
@ -674,6 +847,179 @@ spec:
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.5
creationTimestamp: null
name: policyreports.policy.kubernetes.io
spec:
additionalPrinterColumns:
- JSONPath: .scope.kind
name: Kind
priority: 1
type: string
- JSONPath: .scope.name
name: Name
priority: 1
type: string
- JSONPath: .summary.pass
name: Pass
type: integer
- JSONPath: .summary.fail
name: Fail
type: integer
- JSONPath: .summary.warn
name: Warn
type: integer
- JSONPath: .summary.error
name: Error
type: integer
- JSONPath: .summary.skip
name: Skip
type: integer
- JSONPath: .metadata.creationTimestamp
name: Age
type: date
group: policy.kubernetes.io
names:
kind: PolicyReport
listKind: PolicyReportList
plural: policyreports
singular: policyreport
scope: Namespaced
subresources: {}
validation:
openAPIV3Schema:
description: PolicyReport is the Schema for the policyreports API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
results:
description: PolicyReportResult provides result details
items:
description: PolicyReportResult provides the result for an individual policy or rule
properties:
data:
additionalProperties:
type: string
description: Data provides additional information for the policy rule
type: object
message:
description: Message is a short user friendly description of the policy rule
type: string
policy:
description: Policy is the name of the policy
type: string
resource:
description: Resource is an optional reference to the resource check bu the policy rule
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
rule:
description: Rule is the name of the policy rule
type: string
scored:
description: Scored indicates if this policy rule is scored
type: boolean
status:
description: Status indicates the result of the policy rule check
enum:
- Pass
- Fail
- Warn
- Error
- Skip
type: string
required:
- policy
type: object
type: array
scope:
description: Scope is an optional reference to the report scope (e.g. a Deployment, Namespace, or Node)
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
summary:
description: PolicyReportSummary provides a summary of results
properties:
error:
type: integer
fail:
type: integer
pass:
type: integer
skip:
type: integer
warn:
type: integer
required:
- error
- fail
- pass
- skip
- warn
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: policyviolations.kyverno.io
spec:

56
definitions/install.yaml
View file

@ -1113,10 +1113,10 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- policyreport
- policyreport/status
- clusterpolicyreport
- clusterpolicyreport/status
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
@ -1253,14 +1253,29 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyreports
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreports
- clusterpolicyreports
- policyreport
- clusterpolicyreport
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreport
- clusterpolicyreport
- policies
verbs:
- get
@ -1275,10 +1290,10 @@ metadata:
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
- policy.kubernetes.io
resources:
- policyviolations
- policies
- policyreport
- clusterpolicyreport
verbs:
- get
- list
@ -1318,12 +1333,12 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:view-clusterpolicyreports
name: kyverno:view-clusterpolicyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- clusterpolicyreports
- clusterpolicyreport
verbs:
- get
- list
@ -1367,12 +1382,12 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policyreports
name: kyverno:view-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreports
- policyreport
verbs:
- get
- list
@ -1453,6 +1468,14 @@ metadata:
namespace: kyverno
---
apiVersion: v1
data:
Helm: ""
kind: ConfigMap
metadata:
name: kyverno-event
namespace: kyverno
---
apiVersion: v1
kind: Service
metadata:
labels:
@ -1487,6 +1510,7 @@ spec:
- args:
- --filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*]
- -v=2
- --policyreport=policyreport
env:
- name: INIT_CONFIG
value: init-config
@ -1496,7 +1520,7 @@ spec:
fieldPath: metadata.namespace
- name: KYVERNO_SVC
value: kyverno-svc
image: nirmata/kyverno:v1.1.10
image: evalsocket/kyverno:v1.1.10-25-g3ebf9d43fc6c
imagePullPolicy: Always
livenessProbe:
failureThreshold: 4

53
definitions/install_debug.yaml
View file

@ -1113,10 +1113,10 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- policyreport
- policyreport/status
- clusterpolicyreport
- clusterpolicyreport/status
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
@ -1253,14 +1253,29 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyreports
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreports
- clusterpolicyreports
- policyreport
- clusterpolicyreport
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreport
- clusterpolicyreport
- policies
verbs:
- get
@ -1275,10 +1290,10 @@ metadata:
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
- policy.kubernetes.io
resources:
- policyviolations
- policies
- policyreport
- clusterpolicyreport
verbs:
- get
- list
@ -1318,12 +1333,12 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:view-clusterpolicyreports
name: kyverno:view-clusterpolicyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- clusterpolicyreports
- clusterpolicyreport
verbs:
- get
- list
@ -1367,12 +1382,12 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policyreports
name: kyverno:view-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreports
- policyreport
verbs:
- get
- list
@ -1453,6 +1468,14 @@ metadata:
namespace: kyverno
---
apiVersion: v1
data:
Helm: ""
kind: ConfigMap
metadata:
name: kyverno-event
namespace: kyverno
---
apiVersion: v1
kind: Service
metadata:
labels:

10
definitions/k8s-resource/configmap.yaml
View file

@ -5,4 +5,12 @@ data:
kind: ConfigMap
metadata:
name: init-config
namespace: kyverno
namespace: kyverno
---
apiVersion: v1
data:
Helm: ''
kind: ConfigMap
metadata:
name: kyverno-event
namespace: kyverno

97
definitions/k8s-resource/rbac.yaml
View file

@ -1,7 +1,7 @@
---
kind: Namespace
apiVersion: v1
metadata:
metadata:
name: "kyverno"
---
apiVersion: v1
@ -71,7 +71,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@ -84,8 +84,8 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
---
namespace: kyverno
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
@ -97,7 +97,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: kyverno-service-account
namespace: kyverno
namespace: kyverno
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@ -116,7 +116,7 @@ rules:
verbs:
- create
- delete
- get
- get
- list
- patch
- update
@ -132,7 +132,7 @@ rules:
verbs:
- create
- delete
- get
- get
- update
- watch
- apiGroups:
@ -142,7 +142,7 @@ rules:
resourceNames:
- kubernetes.io/legacy-unknown
verbs:
- approve
- approve
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@ -174,10 +174,10 @@ rules:
- policies/status
- clusterpolicies
- clusterpolicies/status
- policyreport
- policyreport/status
- clusterpolicyreport
- clusterpolicyreport/status
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- clusterpolicyviolations
- clusterpolicyviolations/status
- policyviolations
@ -187,12 +187,12 @@ rules:
verbs:
- create
- delete
- get
- list
- get
- list
- patch
- update
- watch
---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -281,23 +281,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:policyreport
rules:
@ -310,26 +293,26 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:view-policyreports
name: kyverno:view-policyreport
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups: [ "policy.kubernetes.io" ]
resources:
- policyreports
- policyreport
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:view-clusterpolicyreports
name: kyverno:view-clusterpolicyreport
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["policy.kubernetes.io"]
resources:
- clusterpolicyreports
- clusterpolicyreport
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
@ -337,15 +320,49 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyreports
name: kyverno:edit-policies-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreports
- clusterpolicyreports
- policyreport
- clusterpolicyreport
- policies
verbs:
- get
- list
- watch
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreport
- clusterpolicyreport
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- policy.kubernetes.io
resources:
- policyreport
- clusterpolicyreport
verbs:
- get
- list
- watch
---

61
pkg/policyreport/generator.go
View file

@ -1,12 +1,14 @@
package policyreport
import (
"github.com/nirmata/kyverno/pkg/config"
"context"
"github.com/nirmata/kyverno/pkg/config"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
"reflect"
"strconv"
"strings"
"encoding/json"
"sync"
"time"
@ -115,7 +117,7 @@ type GeneratorInterface interface {
type PVEvent struct {
Helm map[string][]Info
Nmaespace map[string][]Info
Namespace map[string][]Info
Cluster []Info
}
@ -139,8 +141,13 @@ func NewPRGenerator(client *policyreportclient.Clientset,
log: log,
policyStatusListener: policyStatus,
configmap : nil,
inMemoryConfigMap : &PVEvent{},
inMemoryConfigMap : &PVEvent{
Helm: make(map[string][]Info),
Namespace: make(map[string][]Info),
Cluster: make([]Info,0,100),
},
}
return &gen
}
@ -175,12 +182,15 @@ func (gen *Generator) Run(workers int, stopCh <-chan struct{}) {
for i := 0; i < workers; i++ {
go wait.Until(gen.runWorker, constant.PolicyViolationControllerResync, stopCh)
}
ticker := time.NewTicker(11)
ticker := time.NewTicker(100*time.Second)
ctx := context.Background()
for {
select {
case <-ticker.C:
gen.createConfigmap();
err := gen.createConfigmap();
if err != nil {
logger.Error(err,"configmap error")
}
case <-ctx.Done():
// Create Jobs
}
@ -260,21 +270,39 @@ func (gen *Generator) createConfigmap() error {
gen.mux.Unlock()
}()
gen.mux.Lock()
configmap, err := gen.dclient.GetResource("", "Namespace", config.KubePolicyNamespace, "kyverno-event")
configmap, err := gen.dclient.GetResource("", "ConfigMap", config.KubePolicyNamespace, "kyverno-event")
if err != nil {
return err
}
err = unstructured.SetNestedField(configmap.Object,gen.inMemoryConfigMap,"data")
cm := v1.ConfigMap{}
if err := runtime.DefaultUnstructuredConverter.FromUnstructured(configmap.UnstructuredContent(), &cm); err != nil {
return err
}
rawData, _ := json.Marshal(gen.inMemoryConfigMap.Helm)
cm.Data["Helm"] = string(rawData)
rawData, _ = json.Marshal(gen.inMemoryConfigMap.Cluster)
cm.Data["Cluster"] = string(rawData)
rawData, _ = json.Marshal(gen.inMemoryConfigMap.Namespace)
cm.Data["Namespace"] = string(rawData)
gen.log.Error(nil,"DEBUGYUVRAJ","UDH",cm)
_, err = gen.dclient.UpdateResource("", "ConfigMap", config.KubePolicyNamespace, cm,false)
if err != nil {
return err
}
gen.inMemoryConfigMap = &PVEvent{}
gen.inMemoryConfigMap = &PVEvent{
Helm: make(map[string][]Info),
Namespace: make(map[string][]Info),
Cluster: make([]Info,0,100),
}
return nil
}
func (gen *Generator) syncHandler(info Info) error {
logger := gen.log
defer func(){
logger.Error(nil, "DEBUG","Key",gen.inMemoryConfigMap)
gen.mux.Unlock()
}()
gen.mux.Lock()
@ -286,25 +314,20 @@ func (gen *Generator) syncHandler(info Info) error {
labels := resource.GetLabels()
_, okChart := labels["app"]
_, okRelease := labels["release"]
if okChart && okRelease {
if _,ok := gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()]; ok {
gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()],info)
return nil
}
gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()] = []Info{}
if okChart && okRelease {
gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Helm[info.Resource.GetNamespace()],info)
return nil
} else if info.Resource.GetNamespace() == "" {
// cluster scope resource generate a clusterpolicy violation
gen.inMemoryConfigMap.Cluster = append(gen.inMemoryConfigMap.Cluster,info)
gen.inMemoryConfigMap.Cluster = append(gen.inMemoryConfigMap.Cluster,info)
return nil
} else {
// namespaced resources generated a namespaced policy violation in the namespace of the resource
if _,ok := gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()]; ok {
gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()],info)
if _,ok := gen.inMemoryConfigMap.Namespace[info.Resource.GetNamespace()]; ok {
gen.inMemoryConfigMap.Namespace[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Namespace[info.Resource.GetNamespace()],info)
}
gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()] = []Info{}
gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Nmaespace[info.Resource.GetNamespace()],info)
gen.inMemoryConfigMap.Namespace[info.Resource.GetNamespace()] = append(gen.inMemoryConfigMap.Namespace[info.Resource.GetNamespace()],info)
return nil
}
return nil