fix: use client instead of discovery for sanity checks (#6296)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-02-10 16:38:34 +01:00 · 2023-02-10 16:38:34 +01:00 · b743a8999c
commit b743a8999c
parent 6ff2790957
2 changed files with 31 additions and 23 deletions
--- a/cmd/kyverno/main.go
+++ b/cmd/kyverno/main.go
@ -50,6 +50,7 @@ import (
 	webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/updaterequest"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
+	apiserver "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	kubeinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
 	corev1listers "k8s.io/client-go/listers/core/v1"
@ -93,8 +94,8 @@ func showWarnings(logger logr.Logger) {
 	}
 }

-func sanityChecks(dynamicClient dclient.Interface) error {
-	if !kubeutils.CRDsInstalled(dynamicClient.Discovery()) {
+func sanityChecks(apiserverClient apiserver.Interface) error {
+	if !kubeutils.CRDsInstalled(apiserverClient) {
 		return fmt.Errorf("CRDs not installed")
 	}
 	return nil
@ -276,11 +277,16 @@ func main() {
 		logger.Error(err, "failed to create dynamic client")
 		os.Exit(1)
 	}
+	apiserverClient, err := apiserver.NewForConfig(internal.CreateClientConfig(logger))
+	if err != nil {
+		logger.Error(err, "failed to create apiserver client")
+		os.Exit(1)
+	}
 	// THIS IS AN UGLY FIX
 	// ELSE KYAML IS NOT THREAD SAFE
 	kyamlopenapi.Schema()
 	// check we can run
-	if err := sanityChecks(dClient); err != nil {
+	if err := sanityChecks(apiserverClient); err != nil {
 		logger.Error(err, "sanity checks failed")
 		os.Exit(1)
 	}
--- a/pkg/utils/kube/crd.go
+++ b/pkg/utils/kube/crd.go
@ -1,35 +1,37 @@
 package kube

 import (
-	"fmt"
+	"context"

-	"github.com/kyverno/kyverno/pkg/logging"
-	"k8s.io/apimachinery/pkg/runtime/schema"
+	apiserver "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-type disco interface {
-	GetGVRFromKind(string) (schema.GroupVersionResource, error)
-}
-
 // CRDsInstalled checks if the Kyverno CRDs are installed or not
-func CRDsInstalled(discovery disco) bool {
-	kyvernoCRDs := []string{"ClusterPolicy", "Policy", "ClusterPolicyReport", "PolicyReport", "AdmissionReport", "BackgroundScanReport", "ClusterAdmissionReport", "ClusterBackgroundScanReport", "UpdateRequest"}
+func CRDsInstalled(apiserverClient apiserver.Interface) bool {
+	kyvernoCRDs := []string{
+		"admissionreports.kyverno.io",
+		"backgroundscanreports.kyverno.io",
+		"cleanuppolicies.kyverno.io",
+		"clusteradmissionreports.kyverno.io",
+		"clusterbackgroundscanreports.kyverno.io",
+		"clustercleanuppolicies.kyverno.io",
+		"clusterpolicies.kyverno.io",
+		"clusterpolicyreports.wgpolicyk8s.io",
+		"policies.kyverno.io",
+		"policyexceptions.kyverno.io",
+		"policyreports.wgpolicyk8s.io",
+		"updaterequests.kyverno.io",
+	}
 	for _, crd := range kyvernoCRDs {
-		if !isCRDInstalled(discovery, crd) {
+		if !isCRDInstalled(apiserverClient, crd) {
 			return false
 		}
 	}
 	return true
 }

-func isCRDInstalled(discovery disco, kind string) bool {
-	gvr, err := discovery.GetGVRFromKind(kind)
-	if gvr.Empty() {
-		if err == nil {
-			err = fmt.Errorf("not found")
-		}
-		logging.Error(err, "failed to retrieve CRD", "kind", kind)
-		return false
-	}
-	return true
+func isCRDInstalled(apiserverClient apiserver.Interface, kind string) bool {
+	_, err := apiserverClient.ApiextensionsV1().CustomResourceDefinitions().Get(context.Background(), kind, metav1.GetOptions{})
+	return err == nil
 }