From a251bda1dd522100a67df85ac58af2f5c41e41a3 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Tue, 26 May 2020 14:52:49 -0700
Subject: [PATCH] suppress violation on evicted pod

---
 pkg/policyviolation/namespacedpv.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/pkg/policyviolation/namespacedpv.go b/pkg/policyviolation/namespacedpv.go
index ba061defce..10b007fae1 100644
--- a/pkg/policyviolation/namespacedpv.go
+++ b/pkg/policyviolation/namespacedpv.go
@@ -11,6 +11,7 @@ import (
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/policystatus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	unstructedv1 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
 //NamespacedPV ...
@@ -97,6 +98,12 @@ func (nspv *namespacedPV) createPV(newPv *kyverno.PolicyViolation) error {
 		return nil
 	}
 
+	if newPv.Spec.ResourceSpec.Kind == "Pod" {
+		if isEvictedPod(obj.Object) {
+			return nil
+		}
+	}
+
 	// set owner reference to resource
 	ownerRef, ok := createOwnerReference(obj)
 	if !ok {
@@ -142,3 +149,12 @@ func (nspv *namespacedPV) updatePV(newPv, oldPv *kyverno.PolicyViolation) error
 	logger.Info("namespaced policy violation created")
 	return nil
 }
+
+func isEvictedPod(pod map[string]interface{}) bool {
+	reason, ok, _ := unstructedv1.NestedString(pod, "status", "reason")
+	if !ok {
+		return false
+	}
+
+	return reason == "Evicted"
+}