mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

suppress violation on evicted pod

Browse source
This commit is contained in:
Shuting Zhao 2020-05-26 14:52:49 -07:00
parent fd0e96b551
commit cca1451751
1 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/policyviolation/namespacedpv.go
View file

@ -11,6 +11,7 @@ import (
client "github.com/nirmata/kyverno/pkg/dclient" client "github.com/nirmata/kyverno/pkg/dclient"
"github.com/nirmata/kyverno/pkg/policystatus" "github.com/nirmata/kyverno/pkg/policystatus"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
unstructedv1 "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
) )
//NamespacedPV ... //NamespacedPV ...
@ -97,6 +98,12 @@ func (nspv *namespacedPV) createPV(newPv *kyverno.PolicyViolation) error {
return nil return nil
} }
if newPv.Spec.ResourceSpec.Kind == "Pod" {
if isEvictedPod(obj.Object) {
return nil
}
}
// set owner reference to resource // set owner reference to resource
ownerRef, ok := createOwnerReference(obj) ownerRef, ok := createOwnerReference(obj)
if !ok { if !ok {
@ -142,3 +149,12 @@ func (nspv *namespacedPV) updatePV(newPv, oldPv *kyverno.PolicyViolation) error
logger.Info("namespaced policy violation created") logger.Info("namespaced policy violation created")
return nil return nil
} }
func isEvictedPod(pod map[string]interface{}) bool {
reason, ok, _ := unstructedv1.NestedString(pod, "status", "reason")
if !ok {
return false
}
return reason == "Evicted"
}