upates

2025-03-31 03:45:17 +00:00 · 2019-10-29 11:51:30 -07:00 · 2019-10-29 11:51:30 -07:00 · ba94577d40
commit ba94577d40
parent a65080c349 6b97b5be3d
3 changed files with 11 additions and 10 deletions
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@ -308,7 +308,8 @@ spec:
      containers:
        - name: kyverno
          image: nirmata/kyverno:latest
-          # args:
+          args:
+          - "--filterK8Resources=[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]"
          # customize webhook timout
          # - "--webhooktimeout=4"
          # open one of the profiling flag here
@ -317,4 +318,4 @@ spec:
          - containerPort: 443
          env:
          - name: INIT_CONFIG
-            value: init-config
+            value: init-config
--- a/main.go
+++ b/main.go
@ -39,7 +39,7 @@ func main() {
 	printVersionInfo()
 	// profile cpu and memory consuption
 	prof = enableProfiling(cpu, memory)
-	// cleanUp channel
+	// cleanUp Channel
 	cleanUp := make(chan struct{})
 	// SIGINT & SIGTERM channel
 	stopCh := signals.SetupSignalHandler()
@ -151,7 +151,6 @@ func main() {
 	if err != nil {
 		glog.Fatalf("Unable to create webhook server: %v\n", err)
 	}
-
 	// Start the components
 	pInformer.Start(stopCh)
 	kubeInformer.Start(stopCh)
@ -187,6 +186,7 @@ func init() {
 	flag.IntVar(&webhookTimeout, "webhooktimeout", 3, "timeout for webhook configurations")
 	flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
 	flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
+	flag.StringVar(&filterK8Resources, "filterK8Resources", "", "k8 resource in format [kind,namespace,name] where policy is not evaluated by the admission webhook. example --filterKind \"[Deployment, kyverno, kyverno]\" --filterKind \"[Deployment, kyverno, kyverno],[Events, *, *]\"")
 	config.LogDefaultFlags()
 	flag.Parse()
 }
--- a/pkg/namespace/controller.go
+++ b/pkg/namespace/controller.go
@ -7,10 +7,10 @@ import (

 	"github.com/golang/glog"
 	kyverno "github.com/nirmata/kyverno/pkg/api/kyverno/v1alpha1"
-	"github.com/nirmata/kyverno/pkg/config"
 	client "github.com/nirmata/kyverno/pkg/dclient"
 	"github.com/nirmata/kyverno/pkg/event"
 	"github.com/nirmata/kyverno/pkg/policy"
+	"github.com/nirmata/kyverno/pkg/config"
 	"k8s.io/apimachinery/pkg/api/errors"

 	kyvernoclient "github.com/nirmata/kyverno/pkg/client/clientset/versioned"
@ -68,13 +68,13 @@ func NewNamespaceController(kyvernoClient *kyvernoclient.Clientset,
 	policyStatus policy.PolicyStatusInterface,
 	eventGen event.Interface,
 	configHandler config.Interface) *NamespaceController {
-	//TODO: do we need to event recorder for this controller?
+		//TODO: do we need to event recorder for this controller?
 	// create the controller
 	nsc := &NamespaceController{
-		client:        client,
-		kyvernoClient: kyvernoClient,
-		eventGen:      eventGen,
-		queue:         workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "namespace"),
+		client:            client,
+		kyvernoClient:     kyvernoClient,
+		eventGen:          eventGen,
+		queue:             workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "namespace"),
 		configHandler: configHandler,
 	}