mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
allow cross platform builds
This commit is contained in:
Jim Bugwadia
parent
bc37d27de6
commit
bf1aaba99b
3 changed files with 29 additions and 14 deletions
4
Makefile
4
Makefile
|
|
@ -53,6 +53,10 @@ docker-push-initContainer:
|
||||||
.PHONY: docker-build-kyverno docker-tag-repo-kyverno docker-push-kyverno
|
.PHONY: docker-build-kyverno docker-tag-repo-kyverno docker-push-kyverno
|
||||||
KYVERNO_PATH := cmd/kyverno
|
KYVERNO_PATH := cmd/kyverno
|
||||||
KYVERNO_IMAGE := kyverno
|
KYVERNO_IMAGE := kyverno
|
||||||
|
|
||||||
|
local:
|
||||||
|
go build -ldflags=$(LD_FLAGS) $(PWD)/$(KYVERNO_PATH)/
|
||||||
|
|
||||||
kyverno:
|
kyverno:
|
||||||
GOOS=$(GOOS) go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(KYVERNO_PATH)/main.go
|
GOOS=$(GOOS) go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -ldflags=$(LD_FLAGS) $(PWD)/$(KYVERNO_PATH)/main.go
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -206,6 +206,7 @@ func (pc *PolicyController) updatePolicy(old, cur interface{}) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logger.V(4).Info("updating policy", "name", oldP.Name)
|
logger.V(4).Info("updating policy", "name", oldP.Name)
|
||||||
pc.enqueuePolicy(curP)
|
pc.enqueuePolicy(curP)
|
||||||
}
|
}
|
||||||
|
|
@ -225,11 +226,13 @@ func (pc *PolicyController) deletePolicy(obj interface{}) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
logger.V(4).Info("deleting policy", "name", p.Name)
|
logger.V(4).Info("deleting policy", "name", p.Name)
|
||||||
// Unregister from policy meta-store
|
// Unregister from policy meta-store
|
||||||
if err := pc.pMetaStore.UnRegister(*p); err != nil {
|
if err := pc.pMetaStore.UnRegister(*p); err != nil {
|
||||||
logger.Error(err, "failed to unregister policy", "name", p.Name)
|
logger.Error(err, "failed to unregister policy", "name", p.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
// we process policies that are not set of background processing as we need to perform policy violation
|
// we process policies that are not set of background processing as we need to perform policy violation
|
||||||
// cleanup when a policy is deleted.
|
// cleanup when a policy is deleted.
|
||||||
pc.enqueuePolicy(p)
|
pc.enqueuePolicy(p)
|
||||||
|
|
@ -263,6 +266,7 @@ func (pc *PolicyController) Run(workers int, stopCh <-chan struct{}) {
|
||||||
for i := 0; i < workers; i++ {
|
for i := 0; i < workers; i++ {
|
||||||
go wait.Until(pc.worker, time.Second, stopCh)
|
go wait.Until(pc.worker, time.Second, stopCh)
|
||||||
}
|
}
|
||||||
|
|
||||||
<-stopCh
|
<-stopCh
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -315,49 +319,54 @@ func (pc *PolicyController) syncPolicy(key string) error {
|
||||||
defer func() {
|
defer func() {
|
||||||
logger.V(4).Info("finished syncing policy", "key", key, "processingTime", time.Since(startTime))
|
logger.V(4).Info("finished syncing policy", "key", key, "processingTime", time.Since(startTime))
|
||||||
}()
|
}()
|
||||||
|
|
||||||
policy, err := pc.pLister.Get(key)
|
policy, err := pc.pLister.Get(key)
|
||||||
if errors.IsNotFound(err) {
|
if errors.IsNotFound(err) {
|
||||||
logger.V(2).Info("policy deleted", "key", key)
|
go pc.deletePolicyViolations(key)
|
||||||
// delete cluster policy violation
|
|
||||||
if err := pc.deleteClusterPolicyViolations(key); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
// delete namespaced policy violation
|
|
||||||
if err := pc.deleteNamespacedPolicyViolations(key); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// remove webhook configurations if there are no policies
|
// remove webhook configurations if there are no policies
|
||||||
if err := pc.removeResourceWebhookConfiguration(); err != nil {
|
if err := pc.removeResourceWebhookConfiguration(); err != nil {
|
||||||
// do not fail, if unable to delete resource webhook config
|
// do not fail, if unable to delete resource webhook config
|
||||||
logger.Error(err, "failed to remove resource webhook configurations")
|
logger.Error(err, "failed to remove resource webhook configurations")
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
pc.resourceWebhookWatcher.RegisterResourceWebhook()
|
pc.resourceWebhookWatcher.RegisterResourceWebhook()
|
||||||
|
|
||||||
// process policies on existing resources
|
|
||||||
engineResponses := pc.processExistingResources(*policy)
|
engineResponses := pc.processExistingResources(*policy)
|
||||||
// report errors
|
|
||||||
pc.cleanupAndReport(engineResponses)
|
pc.cleanupAndReport(engineResponses)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (pc *PolicyController) deletePolicyViolations(key string) {
|
||||||
|
if err := pc.deleteClusterPolicyViolations(key); err != nil {
|
||||||
|
pc.log.Error(err, "failed to delete policy violation", "key", key)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := pc.deleteNamespacedPolicyViolations(key); err != nil {
|
||||||
|
pc.log.Error(err, "failed to delete policy violation", "key", key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func (pc *PolicyController) deleteClusterPolicyViolations(policy string) error {
|
func (pc *PolicyController) deleteClusterPolicyViolations(policy string) error {
|
||||||
cpvList, err := pc.getClusterPolicyViolationForPolicy(policy)
|
cpvList, err := pc.getClusterPolicyViolationForPolicy(policy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, cpv := range cpvList {
|
for _, cpv := range cpvList {
|
||||||
if err := pc.pvControl.DeleteClusterPolicyViolation(cpv.Name); err != nil {
|
if err := pc.pvControl.DeleteClusterPolicyViolation(cpv.Name); err != nil {
|
||||||
return err
|
pc.log.Error(err, "failed to delete policy violation", "name", cpv.Name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -366,11 +375,13 @@ func (pc *PolicyController) deleteNamespacedPolicyViolations(policy string) erro
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, nspv := range nspvList {
|
for _, nspv := range nspvList {
|
||||||
if err := pc.pvControl.DeleteNamespacedPolicyViolation(nspv.Namespace, nspv.Name); err != nil {
|
if err := pc.pvControl.DeleteNamespacedPolicyViolation(nspv.Namespace, nspv.Name); err != nil {
|
||||||
return err
|
pc.log.Error(err, "failed to delete policy violation", "name", nspv.Name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ func (rww *ResourceWebhookRegister) RemoveResourceWebhookConfiguration() error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
logger.V(3).Info("emoved mutating resource webhook configuration")
|
logger.V(3).Info("removed mutating resource webhook configuration")
|
||||||
}
|
}
|
||||||
|
|
||||||
if rww.RunValidationInMutatingWebhook != "true" {
|
if rww.RunValidationInMutatingWebhook != "true" {
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue