mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-29 10:55:05 +00:00
Code Activity

Improve endpoint check (#2902)

Browse source 
* improve endpoint checks

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* update make target for the local build

Signed-off-by: ShutingZhao <shuting@nirmata.com>

* remove debug log

Signed-off-by: ShutingZhao <shuting@nirmata.com>
This commit is contained in:
shuting 2022-01-05 15:47:42 +08:00 committed by GitHub
parent 3f61e2dd3a
commit df105ff596
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -141,7 +141,7 @@ docker-build-kyverno: docker-buildx-builder
docker-build-kyverno-local:
CGO_ENABLED=0 GOOS=linux go build -o $(PWD)/$(KYVERNO_PATH)/kyverno -tags $(TAGS) -ldflags=$(LD_FLAGS_DEV) $(PWD)/$(KYVERNO_PATH)/main.go
@docker build -f $(PWD)/$(KYVERNO_PATH)/localDockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) $(PWD)/$(KYVERNO_PATH)
@docker tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest
@docker tag $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_DEV) $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG_LATEST_DEV)-latest
docker-build-kyverno-amd64:
@docker build -f $(PWD)/$(KYVERNO_PATH)/Dockerfile -t $(REPO)/$(KYVERNO_IMAGE):$(IMAGE_TAG) . --build-arg LD_FLAGS=$(LD_FLAGS) --build-arg TARGETPLATFORM="linux/amd64" --build-arg TAGS=$(TAGS)

36
pkg/webhookconfig/registration.go
View file

@ -14,6 +14,7 @@ import (
client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/resourcecache"
"github.com/kyverno/kyverno/pkg/tls"
"github.com/kyverno/kyverno/pkg/utils"
"github.com/pkg/errors"
admregapi "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1"
@ -621,13 +622,12 @@ func (wrc *Register) checkEndpoint() error {
return fmt.Errorf("failed to list Kyverno Pod: %v", err)
}
kyverno := pods.Items[0]
podIP, _, err := unstructured.NestedString(kyverno.UnstructuredContent(), "status", "podIP")
if err != nil {
return fmt.Errorf("failed to extract pod IP: %v", err)
ips, errs := getHealthyPodsIP(pods.Items)
if len(errs) != 0 {
return fmt.Errorf("error getting pod's IP: %v", errs)
}
if podIP == "" {
if len(ips) == 0 {
return fmt.Errorf("pod is not assigned to any node yet")
}
@ -637,7 +637,7 @@ func (wrc *Register) checkEndpoint() error {
}
for _, addr := range subset.Addresses {
if addr.IP == podIP {
if utils.ContainsString(ips, addr.IP) {
wrc.log.Info("Endpoint ready", "ns", config.KyvernoNamespace, "name", config.KyvernoServiceName)
return nil
}
@ -652,6 +652,30 @@ func (wrc *Register) checkEndpoint() error {
return err
}
func getHealthyPodsIP(pods []unstructured.Unstructured) (ips []string, errs []error) {
for _, pod := range pods {
phase, _, err := unstructured.NestedString(pod.UnstructuredContent(), "status", "phase")
if err != nil {
errs = append(errs, fmt.Errorf("failed to get pod %s status: %v", pod.GetName(), err))
continue
}
if phase != "Running" {
continue
}
ip, _, err := unstructured.NestedString(pod.UnstructuredContent(), "status", "podIP")
if err != nil {
errs = append(errs, fmt.Errorf("failed to extract pod %s IP: %v", pod.GetName(), err))
continue
}
ips = append(ips, ip)
}
return
}
func (wrc *Register) updateResourceValidatingWebhookConfiguration(nsSelector map[string]interface{}) error {
validatingCache, _ := wrc.resCache.GetGVRCache(kindValidating)