diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 01ab102708..a7482fa6f6 100755 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -50,6 +50,7 @@ var ( profilePort string webhookTimeout int + genWorkers int profile bool policyReport bool @@ -63,6 +64,7 @@ func main() { flag.StringVar(&excludeGroupRole, "excludeGroupRole", "", "") flag.StringVar(&excludeUsername, "excludeUsername", "", "") flag.IntVar(&webhookTimeout, "webhooktimeout", 3, "timeout for webhook configurations") + flag.IntVar(&genWorkers, "gen-workers", 20, "workers for generate controller") flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.") flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.") flag.StringVar(&runValidationInMutatingWebhook, "runValidationInMutatingWebhook", "", "Validation will also be done using the mutation webhook, set to 'true' to enable. Older kubernetes versions do not work properly when a validation webhook is registered.") @@ -358,11 +360,11 @@ func main() { go reportReqGen.Run(2, stopCh) go prgen.Run(1, stopCh) - go grgen.Run(1, stopCh) go configData.Run(stopCh) go policyCtrl.Run(2, stopCh) go eventGenerator.Run(3, stopCh) - go grc.Run(1, stopCh) + go grgen.Run(10, stopCh) + go grc.Run(genWorkers, stopCh) go grcc.Run(1, stopCh) go statusSync.Run(1, stopCh) go pCacheController.Run(1, stopCh) diff --git a/pkg/generate/cleanup/controller.go b/pkg/generate/cleanup/controller.go index 4b8155e6ab..dd2d051388 100644 --- a/pkg/generate/cleanup/controller.go +++ b/pkg/generate/cleanup/controller.go @@ -202,6 +202,11 @@ func (c *Controller) deleteGR(obj interface{}) { } func (c *Controller) enqueue(gr *kyverno.GenerateRequest) { + // skip enqueueing Pending requests + if gr.Status.State == kyverno.Pending { + return + } + logger := c.log key, err := cache.MetaNamespaceKeyFunc(gr) if err != nil { diff --git a/pkg/generate/generate_controller.go b/pkg/generate/generate_controller.go index 782e6f250c..de3c534218 100644 --- a/pkg/generate/generate_controller.go +++ b/pkg/generate/generate_controller.go @@ -261,7 +261,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) { defer utilruntime.HandleCrash() defer c.queue.ShutDown() - logger.Info("starting") + logger.Info("starting", "workers", workers) defer logger.Info("shutting down") if !cache.WaitForCacheSync(stopCh, c.policySynced, c.grSynced) { @@ -279,7 +279,7 @@ func (c *Controller) Run(workers int, stopCh <-chan struct{}) { // worker runs a worker thread that just dequeues items, processes them, and marks them done. // It enforces that the syncHandler is never invoked concurrently with the same key. func (c *Controller) worker() { - c.log.Info("starting new worker...") + c.log.V(3).Info("starting new worker...") for c.processNextWorkItem() { } @@ -347,7 +347,7 @@ func (c *Controller) syncGenerateRequest(key string) error { return c.processGR(gr) } -// EnqueueGenerateRequestFromWebhook - enqueing generate requests from webhook +// EnqueueGenerateRequestFromWebhook - enqueueing generate requests from webhook func (c *Controller) EnqueueGenerateRequestFromWebhook(gr *kyverno.GenerateRequest) { c.enqueueGenerateRequest(gr) } diff --git a/pkg/webhooks/generation.go b/pkg/webhooks/generation.go index c929d0e45b..bb405e50fa 100644 --- a/pkg/webhooks/generation.go +++ b/pkg/webhooks/generation.go @@ -112,7 +112,7 @@ func (ws *WebhookServer) handleUpdate(request *v1beta1.AdmissionRequest, policie } } -//handleUpdateCloneSourceResource - handles updation of clone source for generate policy +//handleUpdateCloneSourceResource - handles update of clone source for generate policy func (ws *WebhookServer) handleUpdateCloneSourceResource(resLabels map[string]string, logger logr.Logger) { policyNames := strings.Split(resLabels["generate.kyverno.io/clone-policy-name"], ",") for _, policyName := range policyNames { @@ -131,7 +131,7 @@ func (ws *WebhookServer) handleUpdateCloneSourceResource(resLabels map[string]st } } -//handleUpdateTargetResource - handles updation of target resource for generate policy +//handleUpdateTargetResource - handles update of target resource for generate policy func (ws *WebhookServer) handleUpdateTargetResource(request *v1beta1.AdmissionRequest, policies []*v1.ClusterPolicy, resLabels map[string]string, logger logr.Logger) { enqueueBool := false newRes, err := enginutils.ConvertToUnstructured(request.Object.Raw)