mirror of
https://github.com/kyverno/kyverno.git
synced 2025-01-20 18:52:16 +00:00
feat: migrate to events.k8s.io/v1 (#7673)
* feat: migrate events to events.k8s.io group Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix: kuttl event tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * migrate background events to events.k8s.io Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * update kuttl tests Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * remove ResourceSkipped from actions Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
This commit is contained in:
parent
32d486e2f2
commit
a60dc00392
24 changed files with 218 additions and 148 deletions
|
@ -117,7 +117,9 @@ func (c *GenerateController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
events := event.NewBackgroundFailedEvent(err, ur.Spec.Policy, "", event.GeneratePolicyController, trigger)
|
||||
policy, _ := c.getPolicySpec(*ur)
|
||||
events := event.NewBackgroundFailedEvent(err, policy, ur.Spec.Rule, event.GeneratePolicyController,
|
||||
kyvernov1.ResourceSpec{Kind: trigger.GetKind(), Namespace: trigger.GetNamespace(), Name: trigger.GetName()})
|
||||
c.eventGen.Add(events...)
|
||||
}
|
||||
|
||||
|
@ -261,8 +263,7 @@ func (c *GenerateController) applyGenerate(resource unstructured.Unstructured, u
|
|||
c.eventGen.Add(e)
|
||||
}
|
||||
|
||||
unstructuredPol := kubeutils.NewUnstructured("kyverno.io/v1", policy.GetKind(), policy.GetNamespace(), policy.GetName())
|
||||
e := event.NewBackgroundSuccessEvent(ur.Spec.Policy, ur.Spec.Rule, event.GeneratePolicyController, unstructuredPol)
|
||||
e := event.NewBackgroundSuccessEvent(event.GeneratePolicyController, policy, genResources)
|
||||
c.eventGen.Add(e...)
|
||||
}
|
||||
|
||||
|
|
|
@ -156,11 +156,11 @@ func (c *mutateExistingController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) e
|
|||
err := fmt.Errorf("failed to mutate existing resource, rule response%v: %s", r.Status(), r.Message())
|
||||
logger.Error(err, "")
|
||||
errs = append(errs, err)
|
||||
c.report(err, ur.Spec.Policy, rule.Name, patched)
|
||||
c.report(err, policy, rule.Name, patched)
|
||||
|
||||
case engineapi.RuleStatusSkip:
|
||||
logger.Info("mutate existing rule skipped", "rule", r.Name(), "message", r.Message())
|
||||
c.report(err, ur.Spec.Policy, rule.Name, patched)
|
||||
c.report(err, policy, rule.Name, patched)
|
||||
|
||||
case engineapi.RuleStatusPass:
|
||||
patchedNew := patched
|
||||
|
@ -195,7 +195,7 @@ func (c *mutateExistingController) ProcessUR(ur *kyvernov1beta1.UpdateRequest) e
|
|||
logger.WithName(rule.Name).V(4).Info("successfully mutated existing resource", "namespace", patchedNew.GetNamespace(), "name", patchedNew.GetName())
|
||||
}
|
||||
|
||||
c.report(updateErr, ur.Spec.Policy, rule.Name, patched)
|
||||
c.report(updateErr, policy, rule.Name, patched)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -218,17 +218,20 @@ func (c *mutateExistingController) getPolicy(ur *kyvernov1beta1.UpdateRequest) (
|
|||
return c.policyLister.Get(pName)
|
||||
}
|
||||
|
||||
func (c *mutateExistingController) report(err error, policy, rule string, target *unstructured.Unstructured) {
|
||||
func (c *mutateExistingController) report(err error, policy kyvernov1.PolicyInterface, rule string, target *unstructured.Unstructured) {
|
||||
var events []event.Info
|
||||
|
||||
if target == nil {
|
||||
c.log.WithName("mutateExisting").Info("cannot generate events for empty target resource", "policy", policy, "rule", rule)
|
||||
c.log.WithName("mutateExisting").Info("cannot generate events for empty target resource", "policy", policy.GetName(), "rule", rule)
|
||||
return
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
events = event.NewBackgroundFailedEvent(err, policy, rule, event.MutateExistingController, target)
|
||||
events = event.NewBackgroundFailedEvent(err, policy, rule, event.MutateExistingController,
|
||||
kyvernov1.ResourceSpec{Kind: target.GetKind(), Namespace: target.GetNamespace(), Name: target.GetName()})
|
||||
} else {
|
||||
events = event.NewBackgroundSuccessEvent(policy, rule, event.MutateExistingController, target)
|
||||
events = event.NewBackgroundSuccessEvent(event.MutateExistingController, policy,
|
||||
[]kyvernov1.ResourceSpec{{Kind: target.GetKind(), Namespace: target.GetNamespace(), Name: target.GetName()}})
|
||||
}
|
||||
|
||||
c.eventGen.Add(events...)
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"k8s.io/client-go/dynamic"
|
||||
"k8s.io/client-go/dynamic/dynamicinformer"
|
||||
"k8s.io/client-go/kubernetes"
|
||||
corev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
eventsv1 "k8s.io/client-go/kubernetes/typed/events/v1"
|
||||
"k8s.io/client-go/rest"
|
||||
)
|
||||
|
||||
|
@ -24,7 +24,7 @@ type Interface interface {
|
|||
// GetKubeClient provides typed kube client
|
||||
GetKubeClient() kubernetes.Interface
|
||||
// GetEventsInterface provides typed interface for events
|
||||
GetEventsInterface() corev1.EventInterface
|
||||
GetEventsInterface() eventsv1.EventsV1Interface
|
||||
// GetDynamicInterface fetches underlying dynamic interface
|
||||
GetDynamicInterface() dynamic.Interface
|
||||
// Discovery return the discovery client implementation
|
||||
|
@ -96,8 +96,8 @@ func (c *client) GetKubeClient() kubernetes.Interface {
|
|||
}
|
||||
|
||||
// GetEventsInterface provides typed interface for events
|
||||
func (c *client) GetEventsInterface() corev1.EventInterface {
|
||||
return c.kube.CoreV1().Events(metav1.NamespaceAll)
|
||||
func (c *client) GetEventsInterface() eventsv1.EventsV1Interface {
|
||||
return c.kube.EventsV1()
|
||||
}
|
||||
|
||||
func (c *client) getInterface(apiVersion string, kind string) dynamic.NamespaceableResourceInterface {
|
||||
|
|
|
@ -108,7 +108,7 @@ func TestCRUDResource(t *testing.T) {
|
|||
func TestEventInterface(t *testing.T) {
|
||||
f := newFixture(t)
|
||||
iEvent := f.client.GetEventsInterface()
|
||||
_, err := iEvent.List(context.TODO(), metav1.ListOptions{})
|
||||
_, err := iEvent.Events(metav1.NamespaceAll).List(context.TODO(), metav1.ListOptions{})
|
||||
if err != nil {
|
||||
t.Errorf("Testing Event interface not working: %s", err)
|
||||
}
|
||||
|
|
13
pkg/event/action.go
Normal file
13
pkg/event/action.go
Normal file
|
@ -0,0 +1,13 @@
|
|||
package event
|
||||
|
||||
// Action types of Event Actions
|
||||
type Action string
|
||||
|
||||
const (
|
||||
ResourceBlocked Action = "Resource Blocked"
|
||||
ResourcePassed Action = "Resource Passed"
|
||||
ResourceGenerated Action = "Resource Generated"
|
||||
ResourceMutated Action = "Resource Mutated"
|
||||
ResourceCleanedUp Action = "Resource Cleaned Up"
|
||||
None Action = "None"
|
||||
)
|
|
@ -11,12 +11,13 @@ import (
|
|||
kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||
kyvernov2alpha1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
|
||||
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
errors "k8s.io/apimachinery/pkg/api/errors"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
"k8s.io/client-go/tools/record"
|
||||
"k8s.io/client-go/tools/events"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
)
|
||||
|
||||
|
@ -39,15 +40,15 @@ type generator struct {
|
|||
// queue to store event generation requests
|
||||
queue workqueue.RateLimitingInterface
|
||||
// events generated at policy controller
|
||||
policyCtrRecorder record.EventRecorder
|
||||
policyCtrRecorder events.EventRecorder
|
||||
// events generated at admission control
|
||||
admissionCtrRecorder record.EventRecorder
|
||||
admissionCtrRecorder events.EventRecorder
|
||||
// events generated at namespaced policy controller to process 'generate' rule
|
||||
genPolicyRecorder record.EventRecorder
|
||||
genPolicyRecorder events.EventRecorder
|
||||
// events generated at mutateExisting controller
|
||||
mutateExistingRecorder record.EventRecorder
|
||||
mutateExistingRecorder events.EventRecorder
|
||||
// events generated at cleanup controller
|
||||
cleanupPolicyRecorder record.EventRecorder
|
||||
cleanupPolicyRecorder events.EventRecorder
|
||||
|
||||
maxQueuedEvents int
|
||||
|
||||
|
@ -207,35 +208,35 @@ func (gen *generator) processNextWorkItem() bool {
|
|||
|
||||
func (gen *generator) syncHandler(key Info) error {
|
||||
logger := gen.log
|
||||
var robj runtime.Object
|
||||
var regardingObj, relatedObj runtime.Object
|
||||
var err error
|
||||
switch key.Kind {
|
||||
case "ClusterPolicy":
|
||||
robj, err = gen.cpLister.Get(key.Name)
|
||||
regardingObj, err = gen.cpLister.Get(key.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get cluster policy", "name", key.Name)
|
||||
return err
|
||||
}
|
||||
case "Policy":
|
||||
robj, err = gen.pLister.Policies(key.Namespace).Get(key.Name)
|
||||
regardingObj, err = gen.pLister.Policies(key.Namespace).Get(key.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get policy", "name", key.Name)
|
||||
return err
|
||||
}
|
||||
case "ClusterCleanupPolicy":
|
||||
robj, err = gen.clustercleanuppolLister.Get(key.Name)
|
||||
regardingObj, err = gen.clustercleanuppolLister.Get(key.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get cluster clean up policy", "name", key.Name)
|
||||
return err
|
||||
}
|
||||
case "CleanupPolicy":
|
||||
robj, err = gen.cleanuppolLister.CleanupPolicies(key.Namespace).Get(key.Name)
|
||||
regardingObj, err = gen.cleanuppolLister.CleanupPolicies(key.Namespace).Get(key.Name)
|
||||
if err != nil {
|
||||
logger.Error(err, "failed to get cleanup policy", "name", key.Name)
|
||||
return err
|
||||
}
|
||||
default:
|
||||
robj, err = gen.client.GetResource(context.TODO(), "", key.Kind, key.Namespace, key.Name)
|
||||
regardingObj, err = gen.client.GetResource(context.TODO(), "", key.Kind, key.Namespace, key.Name)
|
||||
if err != nil {
|
||||
if !errors.IsNotFound(err) {
|
||||
logger.Error(err, "failed to get resource", "kind", key.Kind, "name", key.Name, "namespace", key.Namespace)
|
||||
|
@ -245,6 +246,8 @@ func (gen *generator) syncHandler(key Info) error {
|
|||
}
|
||||
}
|
||||
|
||||
relatedObj = kubeutils.NewUnstructured(key.RelatedAPIVersion, key.RelatedKind, key.RelatedNamespace, key.RelatedName)
|
||||
|
||||
// set the event type based on reason
|
||||
// if skip/pass, reason will be: NORMAL
|
||||
// else reason will be: WARNING
|
||||
|
@ -257,15 +260,15 @@ func (gen *generator) syncHandler(key Info) error {
|
|||
// based on the source of event generation, use different event recorders
|
||||
switch key.Source {
|
||||
case AdmissionController:
|
||||
gen.admissionCtrRecorder.Event(robj, eventType, string(key.Reason), key.Message)
|
||||
gen.admissionCtrRecorder.Eventf(regardingObj, relatedObj, eventType, string(key.Reason), string(key.Action), key.Message)
|
||||
case PolicyController:
|
||||
gen.policyCtrRecorder.Event(robj, eventType, string(key.Reason), key.Message)
|
||||
gen.policyCtrRecorder.Eventf(regardingObj, relatedObj, eventType, string(key.Reason), string(key.Action), key.Message)
|
||||
case GeneratePolicyController:
|
||||
gen.genPolicyRecorder.Event(robj, eventType, string(key.Reason), key.Message)
|
||||
gen.genPolicyRecorder.Eventf(regardingObj, relatedObj, eventType, string(key.Reason), string(key.Action), key.Message)
|
||||
case MutateExistingController:
|
||||
gen.mutateExistingRecorder.Event(robj, eventType, string(key.Reason), key.Message)
|
||||
gen.mutateExistingRecorder.Eventf(regardingObj, relatedObj, eventType, string(key.Reason), string(key.Action), key.Message)
|
||||
case CleanupController:
|
||||
gen.cleanupPolicyRecorder.Event(robj, eventType, string(key.Reason), key.Message)
|
||||
gen.cleanupPolicyRecorder.Eventf(regardingObj, relatedObj, eventType, string(key.Reason), string(key.Action), key.Message)
|
||||
default:
|
||||
logger.Info("info.source not defined for the request")
|
||||
}
|
||||
|
|
|
@ -11,13 +11,23 @@ import (
|
|||
)
|
||||
|
||||
func NewPolicyFailEvent(source Source, reason Reason, engineResponse engineapi.EngineResponse, ruleResp engineapi.RuleResponse, blocked bool) Info {
|
||||
action := ResourcePassed
|
||||
if blocked {
|
||||
action = ResourceBlocked
|
||||
}
|
||||
|
||||
return Info{
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
Reason: reason,
|
||||
Source: source,
|
||||
Message: buildPolicyEventMessage(ruleResp, engineResponse.GetResourceSpec(), blocked),
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
RelatedAPIVersion: engineResponse.GetResourceSpec().APIVersion,
|
||||
RelatedKind: engineResponse.GetResourceSpec().Kind,
|
||||
RelatedName: engineResponse.GetResourceSpec().Name,
|
||||
RelatedNamespace: engineResponse.GetResourceSpec().Namespace,
|
||||
Reason: reason,
|
||||
Source: source,
|
||||
Message: buildPolicyEventMessage(ruleResp, engineResponse.GetResourceSpec(), blocked),
|
||||
Action: action,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -71,19 +81,27 @@ func NewPolicyAppliedEvent(source Source, engineResponse engineapi.EngineRespons
|
|||
hasVerifyImages := engineResponse.Policy().GetSpec().HasVerifyImages()
|
||||
hasMutate := engineResponse.Policy().GetSpec().HasMutate()
|
||||
|
||||
var action Action
|
||||
if hasValidate || hasVerifyImages {
|
||||
fmt.Fprintf(&bldr, "%s: pass", res)
|
||||
action = ResourcePassed
|
||||
} else if hasMutate {
|
||||
fmt.Fprintf(&bldr, "%s is successfully mutated", res)
|
||||
action = ResourceMutated
|
||||
}
|
||||
|
||||
return Info{
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
Reason: PolicyApplied,
|
||||
Source: source,
|
||||
Message: bldr.String(),
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
RelatedAPIVersion: resource.GetAPIVersion(),
|
||||
RelatedKind: resource.GetKind(),
|
||||
RelatedName: resource.GetName(),
|
||||
RelatedNamespace: resource.GetNamespace(),
|
||||
Reason: PolicyApplied,
|
||||
Source: source,
|
||||
Message: bldr.String(),
|
||||
Action: action,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -102,6 +120,7 @@ func NewResourceViolationEvent(source Source, reason Reason, engineResponse engi
|
|||
Reason: reason,
|
||||
Source: source,
|
||||
Message: bldr.String(),
|
||||
Action: ResourcePassed,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -115,47 +134,54 @@ func NewResourceGenerationEvent(policy, rule string, source Source, resource kyv
|
|||
Source: source,
|
||||
Reason: PolicyApplied,
|
||||
Message: msg,
|
||||
Action: None,
|
||||
}
|
||||
}
|
||||
|
||||
func NewBackgroundFailedEvent(err error, policy, rule string, source Source, r *unstructured.Unstructured) []Info {
|
||||
if r == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewBackgroundFailedEvent(err error, policy kyvernov1.PolicyInterface, rule string, source Source, resource kyvernov1.ResourceSpec) []Info {
|
||||
var events []Info
|
||||
events = append(events, Info{
|
||||
Kind: r.GetKind(),
|
||||
Namespace: r.GetNamespace(),
|
||||
Name: r.GetName(),
|
||||
Source: source,
|
||||
Reason: PolicyError,
|
||||
Message: fmt.Sprintf("policy %s/%s error: %v", policy, rule, err),
|
||||
Kind: policy.GetKind(),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
RelatedAPIVersion: resource.GetAPIVersion(),
|
||||
RelatedKind: resource.GetKind(),
|
||||
RelatedNamespace: resource.GetNamespace(),
|
||||
RelatedName: resource.GetName(),
|
||||
Source: source,
|
||||
Reason: PolicyError,
|
||||
Message: fmt.Sprintf("policy %s/%s error: %v", policy.GetName(), rule, err),
|
||||
Action: None,
|
||||
})
|
||||
|
||||
return events
|
||||
}
|
||||
|
||||
func NewBackgroundSuccessEvent(policy, rule string, source Source, r *unstructured.Unstructured) []Info {
|
||||
if r == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
func NewBackgroundSuccessEvent(source Source, policy kyvernov1.PolicyInterface, resources []kyvernov1.ResourceSpec) []Info {
|
||||
var events []Info
|
||||
msg := "resource generated"
|
||||
action := ResourceGenerated
|
||||
|
||||
if source == MutateExistingController {
|
||||
msg = "resource mutated"
|
||||
action = ResourceMutated
|
||||
}
|
||||
|
||||
events = append(events, Info{
|
||||
Kind: r.GetKind(),
|
||||
Namespace: r.GetNamespace(),
|
||||
Name: r.GetName(),
|
||||
Source: source,
|
||||
Reason: PolicyApplied,
|
||||
Message: msg,
|
||||
})
|
||||
for _, res := range resources {
|
||||
events = append(events, Info{
|
||||
Kind: policy.GetKind(),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
RelatedAPIVersion: res.GetAPIVersion(),
|
||||
RelatedKind: res.GetKind(),
|
||||
RelatedNamespace: res.GetNamespace(),
|
||||
RelatedName: res.GetName(),
|
||||
Source: source,
|
||||
Reason: PolicyApplied,
|
||||
Message: msg,
|
||||
Action: action,
|
||||
})
|
||||
}
|
||||
|
||||
return events
|
||||
}
|
||||
|
@ -171,20 +197,30 @@ func NewPolicyExceptionEvents(engineResponse engineapi.EngineResponse, ruleResp
|
|||
exceptionMessage = fmt.Sprintf("resource %s was skipped from policy rule %s/%s/%s", resourceKey(engineResponse.PatchedResource), engineResponse.Policy().GetNamespace(), engineResponse.Policy().GetName(), ruleResp.Name())
|
||||
}
|
||||
policyEvent := Info{
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
Reason: PolicySkipped,
|
||||
Message: policyMessage,
|
||||
Source: source,
|
||||
Kind: getPolicyKind(engineResponse.Policy()),
|
||||
Name: engineResponse.Policy().GetName(),
|
||||
Namespace: engineResponse.Policy().GetNamespace(),
|
||||
RelatedAPIVersion: engineResponse.PatchedResource.GetAPIVersion(),
|
||||
RelatedKind: engineResponse.PatchedResource.GetKind(),
|
||||
RelatedName: engineResponse.PatchedResource.GetName(),
|
||||
RelatedNamespace: engineResponse.PatchedResource.GetNamespace(),
|
||||
Reason: PolicySkipped,
|
||||
Message: policyMessage,
|
||||
Source: source,
|
||||
Action: ResourcePassed,
|
||||
}
|
||||
exceptionEvent := Info{
|
||||
Kind: "PolicyException",
|
||||
Name: exceptionName,
|
||||
Namespace: exceptionNamespace,
|
||||
Reason: PolicySkipped,
|
||||
Message: exceptionMessage,
|
||||
Source: source,
|
||||
Kind: "PolicyException",
|
||||
Name: exceptionName,
|
||||
Namespace: exceptionNamespace,
|
||||
RelatedAPIVersion: engineResponse.PatchedResource.GetAPIVersion(),
|
||||
RelatedKind: engineResponse.PatchedResource.GetKind(),
|
||||
RelatedName: engineResponse.PatchedResource.GetName(),
|
||||
RelatedNamespace: engineResponse.PatchedResource.GetNamespace(),
|
||||
Reason: PolicySkipped,
|
||||
Message: exceptionMessage,
|
||||
Source: source,
|
||||
Action: ResourcePassed,
|
||||
}
|
||||
return []Info{policyEvent, exceptionEvent}
|
||||
}
|
||||
|
@ -192,21 +228,31 @@ func NewPolicyExceptionEvents(engineResponse engineapi.EngineResponse, ruleResp
|
|||
func NewCleanupPolicyEvent(policy kyvernov2alpha1.CleanupPolicyInterface, resource unstructured.Unstructured, err error) Info {
|
||||
if err == nil {
|
||||
return Info{
|
||||
Kind: getCleanupPolicyKind(policy),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
Source: CleanupController,
|
||||
Reason: PolicyApplied,
|
||||
Message: fmt.Sprintf("successfully cleaned up the target resource %v/%v/%v", resource.GetKind(), resource.GetNamespace(), resource.GetName()),
|
||||
Kind: getCleanupPolicyKind(policy),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
RelatedAPIVersion: resource.GetAPIVersion(),
|
||||
RelatedKind: resource.GetKind(),
|
||||
RelatedNamespace: resource.GetNamespace(),
|
||||
RelatedName: resource.GetName(),
|
||||
Source: CleanupController,
|
||||
Action: ResourceCleanedUp,
|
||||
Reason: PolicyApplied,
|
||||
Message: fmt.Sprintf("successfully cleaned up the target resource %v/%v/%v", resource.GetKind(), resource.GetNamespace(), resource.GetName()),
|
||||
}
|
||||
} else {
|
||||
return Info{
|
||||
Kind: getCleanupPolicyKind(policy),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
Source: CleanupController,
|
||||
Reason: PolicyError,
|
||||
Message: fmt.Sprintf("failed to clean up the target resource %v/%v/%v: %v", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err.Error()),
|
||||
Kind: getCleanupPolicyKind(policy),
|
||||
Namespace: policy.GetNamespace(),
|
||||
Name: policy.GetName(),
|
||||
RelatedAPIVersion: resource.GetAPIVersion(),
|
||||
RelatedKind: resource.GetKind(),
|
||||
RelatedNamespace: resource.GetNamespace(),
|
||||
RelatedName: resource.GetName(),
|
||||
Source: CleanupController,
|
||||
Action: None,
|
||||
Reason: PolicyError,
|
||||
Message: fmt.Sprintf("failed to clean up the target resource %v/%v/%v: %v", resource.GetKind(), resource.GetNamespace(), resource.GetName(), err.Error()),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -219,6 +265,7 @@ func NewFailedEvent(err error, policy, rule string, source Source, resource kyve
|
|||
Source: source,
|
||||
Reason: PolicyError,
|
||||
Message: fmt.Sprintf("policy %s/%s error: %v", policy, rule, err),
|
||||
Action: None,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -4,12 +4,17 @@ import "strings"
|
|||
|
||||
// Info defines the event details
|
||||
type Info struct {
|
||||
Kind string
|
||||
Name string
|
||||
Namespace string
|
||||
Reason Reason
|
||||
Message string
|
||||
Source Source
|
||||
Kind string
|
||||
Name string
|
||||
Namespace string
|
||||
RelatedAPIVersion string
|
||||
RelatedKind string
|
||||
RelatedName string
|
||||
RelatedNamespace string
|
||||
Reason Reason
|
||||
Message string
|
||||
Action Action
|
||||
Source Source
|
||||
}
|
||||
|
||||
func (i *Info) Resource() string {
|
||||
|
|
|
@ -2,25 +2,20 @@ package event
|
|||
|
||||
import (
|
||||
"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
"k8s.io/client-go/tools/record"
|
||||
typedeventsv1 "k8s.io/client-go/kubernetes/typed/events/v1"
|
||||
"k8s.io/client-go/tools/events"
|
||||
)
|
||||
|
||||
func NewRecorder(source Source, sink typedcorev1.EventInterface) record.EventRecorder {
|
||||
func NewRecorder(source Source, sink typedeventsv1.EventsV1Interface) events.EventRecorder {
|
||||
utilruntime.Must(scheme.AddToScheme(scheme.Scheme))
|
||||
eventBroadcaster := record.NewBroadcaster()
|
||||
eventBroadcaster.StartStructuredLogging(0)
|
||||
eventBroadcaster.StartRecordingToSink(
|
||||
&typedcorev1.EventSinkImpl{
|
||||
eventBroadcaster := events.NewBroadcaster(
|
||||
&events.EventSinkImpl{
|
||||
Interface: sink,
|
||||
},
|
||||
)
|
||||
return eventBroadcaster.NewRecorder(
|
||||
scheme.Scheme,
|
||||
corev1.EventSource{
|
||||
Component: string(source),
|
||||
},
|
||||
)
|
||||
eventBroadcaster.StartStructuredLogging(0)
|
||||
stopCh := make(chan struct{})
|
||||
eventBroadcaster.StartRecordingToSink(stopCh)
|
||||
return eventBroadcaster.NewRecorder(scheme.Scheme, string(source))
|
||||
}
|
||||
|
|
|
@ -25,7 +25,6 @@ import (
|
|||
engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
|
||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||
policyvalidation "github.com/kyverno/kyverno/pkg/validation/policy"
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||
|
@ -33,10 +32,9 @@ import (
|
|||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
"k8s.io/apimachinery/pkg/util/wait"
|
||||
corev1informers "k8s.io/client-go/informers/core/v1"
|
||||
typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1"
|
||||
corev1listers "k8s.io/client-go/listers/core/v1"
|
||||
"k8s.io/client-go/tools/cache"
|
||||
"k8s.io/client-go/tools/record"
|
||||
"k8s.io/client-go/tools/events"
|
||||
"k8s.io/client-go/util/workqueue"
|
||||
)
|
||||
|
||||
|
@ -60,7 +58,7 @@ type policyController struct {
|
|||
npInformer kyvernov1informers.PolicyInformer
|
||||
|
||||
eventGen event.Interface
|
||||
eventRecorder record.EventRecorder
|
||||
eventRecorder events.EventRecorder
|
||||
|
||||
// Policies that need to be synced
|
||||
queue workqueue.RateLimitingInterface
|
||||
|
@ -108,10 +106,15 @@ func NewPolicyController(
|
|||
jp jmespath.Interface,
|
||||
) (*policyController, error) {
|
||||
// Event broad caster
|
||||
eventBroadcaster := record.NewBroadcaster()
|
||||
eventBroadcaster.StartLogging(log.V(5).Info)
|
||||
eventInterface := client.GetEventsInterface()
|
||||
eventBroadcaster.StartRecordingToSink(&typedcorev1.EventSinkImpl{Interface: eventInterface})
|
||||
eventBroadcaster := events.NewBroadcaster(
|
||||
&events.EventSinkImpl{
|
||||
Interface: eventInterface,
|
||||
},
|
||||
)
|
||||
eventBroadcaster.StartStructuredLogging(0)
|
||||
stopCh := make(chan struct{})
|
||||
eventBroadcaster.StartRecordingToSink(stopCh)
|
||||
|
||||
pc := policyController{
|
||||
client: client,
|
||||
|
@ -120,7 +123,7 @@ func NewPolicyController(
|
|||
pInformer: pInformer,
|
||||
npInformer: npInformer,
|
||||
eventGen: eventGen,
|
||||
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "policy_controller"}),
|
||||
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, "policy_controller"),
|
||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
|
||||
configuration: configuration,
|
||||
reconcilePeriod: reconcilePeriod,
|
||||
|
|
|
@ -301,7 +301,8 @@ func (h *generationHandler) processRequest(ctx context.Context, policyContext *e
|
|||
|
||||
ur := buildURSpec(kyvernov1beta1.Generate, pKey, rule.Name, generateutils.TriggerFromLabels(labels), deleteDownstream)
|
||||
if err := h.urGenerator.Apply(ctx, ur); err != nil {
|
||||
e := event.NewBackgroundFailedEvent(err, pKey, pRuleName, event.GeneratePolicyController, &new)
|
||||
e := event.NewBackgroundFailedEvent(err, policy, pRuleName, event.GeneratePolicyController,
|
||||
kyvernov1.ResourceSpec{Kind: new.GetKind(), Namespace: new.GetNamespace(), Name: new.GetName()})
|
||||
h.eventGen.Add(e...)
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -55,8 +55,17 @@ func (h *resourceHandlers) handleMutateExisting(ctx context.Context, logger logr
|
|||
if failedResponse := applyUpdateRequest(ctx, request, kyvernov1beta1.Mutate, h.urGenerator, policyContext.AdmissionInfo(), request.Operation, engineResponses...); failedResponse != nil {
|
||||
for _, failedUR := range failedResponse {
|
||||
err := fmt.Errorf("failed to create update request: %v", failedUR.err)
|
||||
|
||||
var policy kyvernov1.PolicyInterface
|
||||
for _, pol := range policies {
|
||||
if pol.GetName() != failedUR.ur.Policy {
|
||||
continue
|
||||
}
|
||||
policy = pol
|
||||
}
|
||||
resource := policyContext.NewResource()
|
||||
events := event.NewBackgroundFailedEvent(err, failedUR.ur.Policy, "", event.GeneratePolicyController, &resource)
|
||||
events := event.NewBackgroundFailedEvent(err, policy, "", event.GeneratePolicyController,
|
||||
kyvernov1.ResourceSpec{Kind: resource.GetKind(), Namespace: resource.GetNamespace(), Name: resource.GetName()})
|
||||
h.eventGen.Add(events...)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,5 +5,4 @@ involvedObject:
|
|||
name: pod
|
||||
kind: Event
|
||||
metadata: {}
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
|
|
|
@ -5,5 +5,4 @@ involvedObject:
|
|||
name: pod
|
||||
kind: Event
|
||||
metadata: {}
|
||||
source:
|
||||
component: kyverno-scan
|
||||
reportingComponent: kyverno-scan
|
||||
|
|
|
@ -5,5 +5,4 @@ involvedObject:
|
|||
name: pod
|
||||
kind: Event
|
||||
metadata: {}
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
|
|
|
@ -5,5 +5,4 @@ involvedObject:
|
|||
name: pod
|
||||
kind: Event
|
||||
metadata: {}
|
||||
source:
|
||||
component: kyverno-scan
|
||||
reportingComponent: kyverno-scan
|
||||
|
|
|
@ -9,5 +9,5 @@ involvedObject:
|
|||
type: Normal
|
||||
message: resource generated
|
||||
reason: PolicyApplied
|
||||
source:
|
||||
component: kyverno-generate
|
||||
action: Resource Generated
|
||||
reportingComponent: kyverno-generate
|
||||
|
|
|
@ -9,5 +9,5 @@ involvedObject:
|
|||
namespace: test-ns
|
||||
type: Normal
|
||||
reason: PolicyApplied
|
||||
source:
|
||||
component: kyverno-generate
|
||||
action: None
|
||||
reportingComponent: kyverno-generate
|
||||
|
|
|
@ -8,5 +8,5 @@ involvedObject:
|
|||
name: add-labels
|
||||
type: Normal
|
||||
reason: PolicyApplied
|
||||
source:
|
||||
component: kyverno-admission
|
||||
action: Resource Mutated
|
||||
reportingComponent: kyverno-admission
|
||||
|
|
|
@ -6,5 +6,4 @@ involvedObject:
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
name: rbac-policy
|
||||
source:
|
||||
component: kyverno-generate
|
||||
reportingComponent: kyverno-generate
|
||||
|
|
|
@ -6,5 +6,4 @@ involvedObject:
|
|||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
name: default
|
||||
source:
|
||||
component: kyverno-generate
|
||||
reportingComponent: kyverno-generate
|
||||
|
|
|
@ -7,5 +7,4 @@ involvedObject:
|
|||
name: require-labels
|
||||
type: Normal
|
||||
reason: PolicyApplied
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
|
|
|
@ -7,5 +7,4 @@ involvedObject:
|
|||
name: require-labels
|
||||
type: Warning
|
||||
reason: PolicyViolation
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
|
|
|
@ -8,8 +8,7 @@ kind: Event
|
|||
metadata:
|
||||
namespace: policy-exception-events-creation-polex-ns
|
||||
reason: PolicySkipped
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
type: Normal
|
||||
---
|
||||
apiVersion: v1
|
||||
|
@ -21,6 +20,5 @@ kind: Event
|
|||
metadata:
|
||||
namespace: default
|
||||
reason: PolicySkipped
|
||||
source:
|
||||
component: kyverno-admission
|
||||
reportingComponent: kyverno-admission
|
||||
type: Normal
|
||||
|
|
Loading…
Add table
Reference in a new issue