remove channel, introduced a flag to indicate the webhook creation status

cmd/kyverno/main.go

@@ -91,7 +91,7 @@ func main() {
 
 	// Resource Mutating Webhook Watcher
 	lastReqTime := checker.NewLastReqTime()
-	rWebhookWatcher := webhookconfig.NewResourceWebhookWatcher(
+	rWebhookWatcher := webhookconfig.NewResourceWebhookRegister(
 		lastReqTime,
 		kubeInformer.Admissionregistration().V1beta1().MutatingWebhookConfigurations(),
 		webhookRegistrationClient,

pkg/policy/controller.go

@@ -82,7 +82,7 @@ type PolicyController struct {
 	// policy violation generator
 	pvGenerator policyviolation.GeneratorInterface
 	// resourceWebhookWatcher queues the webhook creation request, creates the webhook
-	resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher
+	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister
 }
 
 // NewPolicyController create a new PolicyController
@@ -95,7 +95,7 @@ func NewPolicyController(kyvernoClient *kyvernoclient.Clientset,
 	eventGen event.Interface,
 	pvGenerator policyviolation.GeneratorInterface,
 	pMetaStore policystore.UpdateInterface,
-	resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher) (*PolicyController, error) {
+	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister) (*PolicyController, error) {
 	// Event broad caster
 	eventBroadcaster := record.NewBroadcaster()
 	eventBroadcaster.StartLogging(glog.Infof)

pkg/webhookconfig/rwebhookregister.go

@@ -5,98 +5,81 @@ import (
 
 	"github.com/golang/glog"
 	checker "github.com/nirmata/kyverno/pkg/checker"
-	errorsapi "k8s.io/apimachinery/pkg/api/errors"
+	"github.com/tevino/abool"
 	mconfiginformer "k8s.io/client-go/informers/admissionregistration/v1beta1"
 	mconfiglister "k8s.io/client-go/listers/admissionregistration/v1beta1"
 	cache "k8s.io/client-go/tools/cache"
 )
 
-type ResourceWebhookWatcher struct {
+type ResourceWebhookRegister struct {
-	LastReqTime *checker.LastReqTime
+	// pendingCreation indicates the status of resource webhook creation
-	// ch holds the requests to create resource mutatingwebhookconfiguration
+	pendingCreation      *abool.AtomicBool
-	ch                   chan bool
+	LastReqTime          *checker.LastReqTime
 	mwebhookconfigSynced cache.InformerSynced
 	// list/get mutatingwebhookconfigurations
 	mWebhookConfigLister      mconfiglister.MutatingWebhookConfigurationLister
 	webhookRegistrationClient *WebhookRegistrationClient
 }
 
-func NewResourceWebhookWatcher(
+func NewResourceWebhookRegister(
 	lastReqTime *checker.LastReqTime,
 	mconfigwebhookinformer mconfiginformer.MutatingWebhookConfigurationInformer,
 	webhookRegistrationClient *WebhookRegistrationClient,
-) *ResourceWebhookWatcher {
+) *ResourceWebhookRegister {
-	return &ResourceWebhookWatcher{
+	return &ResourceWebhookRegister{
+		pendingCreation:           abool.New(),
 		LastReqTime:               lastReqTime,
-		ch:                        make(chan bool),
 		mwebhookconfigSynced:      mconfigwebhookinformer.Informer().HasSynced,
 		mWebhookConfigLister:      mconfigwebhookinformer.Lister(),
 		webhookRegistrationClient: webhookRegistrationClient,
 	}
 }
 
-func (rww *ResourceWebhookWatcher) RegisterResourceWebhook() {
+func (rww *ResourceWebhookRegister) RegisterResourceWebhook() {
-	rww.ch <- true
+	// drop the request if creation is in processing
+	if rww.pendingCreation.IsSet() {
+		glog.V(3).Info("resource webhook configuration is in pending creation, skip the request")
+		return
+	}
+
+	// check cache
+	configName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName()
+	// exsitence of config is all that matters; if error occurs, creates webhook anyway
+	// errors of webhook creation are handled separately
+	config, _ := rww.mWebhookConfigLister.Get(configName)
+	if config != nil {
+		glog.V(4).Info("mutating webhoook configuration already exists, skip the request")
+		return
+	}
+
+	createWebhook := func() {
+		rww.pendingCreation.Set()
+		err := rww.webhookRegistrationClient.CreateResourceMutatingWebhookConfiguration()
+		rww.pendingCreation.UnSet()
+
+		if err != nil {
+			glog.Errorf("failed to create resource mutating webhook configuration: %v, re-queue creation request", err)
+			rww.RegisterResourceWebhook()
+			return
+		}
+		glog.V(3).Info("Successfully created mutating webhook configuration for resources")
+	}
+
+	timeDiff := time.Since(rww.LastReqTime.Time())
+	if timeDiff < checker.DefaultDeadline {
+		glog.V(3).Info("Verified webhook status, creating webhook configuration")
+		go createWebhook()
+	}
 }
 
-func (rww *ResourceWebhookWatcher) Run(stopCh <-chan struct{}) {
+func (rww *ResourceWebhookRegister) Run(stopCh <-chan struct{}) {
-	glog.Info("Starting resource webhook watcher")
-	defer glog.Info("Shutting down resource webhook watcher")
-
 	// wait for cache to populate first time
 	if !cache.WaitForCacheSync(stopCh, rww.mwebhookconfigSynced) {
 		glog.Error("configuration: failed to sync webhook informer cache")
 	}
-
-	createWebhook := func() {
-		if err := rww.createResourceMutatingWebhookConfigurationIfRequired(); err != nil {
-			glog.Errorf("failed to create resource mutating webhook configuration: %v, re-queue creation request", err)
-			rww.RegisterResourceWebhook()
-		}
-	}
-
-	for {
-		select {
-		case <-rww.ch:
-			timeDiff := time.Since(rww.LastReqTime.Time())
-			if timeDiff < checker.DefaultDeadline {
-				glog.V(3).Info("Verified webhook status, creating webhook configuration")
-				go createWebhook()
-			} else {
-				glog.Info("Webhook is inactive, not creating resource webhook configuration")
-			}
-
-		case <-stopCh:
-			glog.V(2).Infof("stopping resource webhook watcher")
-			return
-		}
-	}
 }
 
-// CreateResourceMutatingWebhookConfigurationIfRequired creates a Mutatingwebhookconfiguration
+func (rww *ResourceWebhookRegister) RemoveResourceWebhookConfiguration() error {
-// for all resource types if there's no mutatingwebhookcfg for existing policy
-func (rww *ResourceWebhookWatcher) createResourceMutatingWebhookConfigurationIfRequired() error {
-	// check cache
-	configName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName()
-	config, err := rww.mWebhookConfigLister.Get(configName)
-	if err != nil && !errorsapi.IsNotFound(err) {
-		glog.V(4).Infof("failed to list mutating webhook configuration: %v", err)
-		return err
-	}
-
-	if config != nil {
-		// mutating webhoook configuration already exists
-		return nil
-	}
-
-	if err := rww.webhookRegistrationClient.CreateResourceMutatingWebhookConfiguration(); err != nil {
-		return err
-	}
-	glog.V(3).Info("Successfully created mutating webhook configuration for resources")
-	return nil
-}
-
-func (rww *ResourceWebhookWatcher) RemoveResourceWebhookConfiguration() error {
 	var err error
 	// check informer cache
 	configName := rww.webhookRegistrationClient.GetResourceMutatingWebhookConfigName()

pkg/webhooks/server.go

@@ -65,7 +65,7 @@ type WebhookServer struct {
 	pMetaStore policystore.LookupInterface
 	// policy violation generator
 	pvGenerator            policyviolation.GeneratorInterface
-	resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher
+	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister
 }
 
 // NewWebhookServer creates new instance of WebhookServer accordingly to given configuration
@@ -83,7 +83,7 @@ func NewWebhookServer(
 	configHandler config.Interface,
 	pMetaStore policystore.LookupInterface,
 	pvGenerator policyviolation.GeneratorInterface,
-	resourceWebhookWatcher *webhookconfig.ResourceWebhookWatcher,
+	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister,
 	cleanUp chan<- struct{}) (*WebhookServer, error) {
 
 	if tlsPair == nil {