feat: log when changes happen in policies (#6601)

* feat: log when changes happen in policies Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-03-16 18:17:21 +01:00 · 2023-03-16 18:17:21 +01:00 · a60e4c038c
commit a60e4c038c
parent 818b92bf60
3 changed files with 95 additions and 0 deletions
--- a/cmd/cleanup-controller/main.go
+++ b/cmd/cleanup-controller/main.go
@ -18,6 +18,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers/certmanager"
 	"github.com/kyverno/kyverno/pkg/controllers/cleanup"
 	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
 	"github.com/kyverno/kyverno/pkg/metrics"
@ -188,6 +189,19 @@ func main() {
 	cpolLister := kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies().Lister()
 	polLister := kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies().Lister()
 	nsLister := kubeInformer.Core().V1().Namespaces().Lister()
 	// log policy changes
 	genericloggingcontroller.NewController(
 		logger.WithName("cleanup-policy"),
 		"CleanupPolicy",
 		kyvernoInformer.Kyverno().V2alpha1().CleanupPolicies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	genericloggingcontroller.NewController(
 		logger.WithName("cluster-cleanup-policy"),
 		"ClusterCleanupPolicy",
 		kyvernoInformer.Kyverno().V2alpha1().ClusterCleanupPolicies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	// start informers and wait for cache sync
 	if !internal.StartInformersAndWaitForCacheSync(ctx, logger, kubeKyvernoInformer, kubeInformer, kyvernoInformer) {
 		os.Exit(1)
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -23,6 +23,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/controllers/certmanager"
 	configcontroller "github.com/kyverno/kyverno/pkg/controllers/config"
 	genericloggingcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/logging"
 	genericwebhookcontroller "github.com/kyverno/kyverno/pkg/controllers/generic/webhook"
 	policymetricscontroller "github.com/kyverno/kyverno/pkg/controllers/metrics/policy"
 	openapicontroller "github.com/kyverno/kyverno/pkg/controllers/openapi"
@ -353,6 +354,19 @@ func main() {
 		kyvernoInformer.Kyverno().V1().ClusterPolicies(),
 		kyvernoInformer.Kyverno().V1().Policies(),
 	)
 	// log policy changes
 	genericloggingcontroller.NewController(
 		logger.WithName("policy"),
 		"Policy",
 		kyvernoInformer.Kyverno().V1().Policies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	genericloggingcontroller.NewController(
 		logger.WithName("cluster-policy"),
 		"ClusterPolicy",
 		kyvernoInformer.Kyverno().V1().ClusterPolicies(),
 		genericloggingcontroller.CheckGeneration,
 	)
 	runtime := runtimeutils.NewRuntime(
 		logger.WithName("runtime-checks"),
 		serverIP,
--- a/pkg/controllers/generic/logging/controller.go
+++ b/pkg/controllers/generic/logging/controller.go
@ -0,0 +1,67 @@
 package logging
 import (
 	"github.com/go-logr/logr"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/cache"
 )
 type Predicate = func(metav1.Object, metav1.Object) bool
 func CheckVersion(old, obj metav1.Object) bool {
 	return old.GetResourceVersion() != obj.GetResourceVersion()
 }
 func CheckGeneration(old, obj metav1.Object) bool {
 	return old.GetGeneration() != obj.GetGeneration()
 }
 type controller struct {
 	logger     logr.Logger
 	predicates []Predicate
 }
 type informer interface {
 	Informer() cache.SharedIndexInformer
 }
 func NewController(logger logr.Logger, objectType string, informer informer, predicates ...Predicate) {
 	c := controller{
 		logger:     logger.WithValues("type", objectType),
 		predicates: predicates,
 	}
 	controllerutils.AddEventHandlersT(informer.Informer(), c.add, c.update, c.delete)
 }
 func (c *controller) add(obj metav1.Object) {
 	name, err := cache.MetaNamespaceKeyFunc(obj)
 	if err != nil {
 		c.logger.Error(err, "failed to extract name", "object", obj)
 		name = "unknown"
 	}
 	c.logger.Info("resource added", "name", name)
 }
 func (c *controller) update(old, obj metav1.Object) {
 	for _, predicate := range c.predicates {
 		if !predicate(old, obj) {
 			return
 		}
 	}
 	name, err := cache.MetaNamespaceKeyFunc(obj)
 	if err != nil {
 		c.logger.Error(err, "failed to extract name", "object", obj)
 		name = "unknown"
 	}
 	c.logger.Info("resource updated", "name", name)
 }
 func (c *controller) delete(obj metav1.Object) {
 	name, err := cache.MetaNamespaceKeyFunc(obj)
 	if err != nil {
 		c.logger.Error(err, "failed to extract name", "object", obj)
 		name = "unknown"
 	}
 	c.logger.Info("resource deleted", "name", name)
 }