diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 8bff0bcd2f..485ecbbe08 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -94,7 +94,7 @@ jobs: sed -i -e "s|nameOverride:.*|nameOverride: kyverno|g" charts/kyverno/values.yaml sed -i -e "s|fullnameOverride:.*|fullnameOverride: kyverno|g" charts/kyverno/values.yaml sed -i -e "s|namespace:.*|namespace: kyverno|g" charts/kyverno/values.yaml - sed -i -e "s|tag:.*|tag: $(git describe --always --tags)|g" charts/kyverno/values.yaml + sed -i -e "s|tag:.*|tag: $(git describe --match "v[0-9]*")|g" charts/kyverno/values.yaml - name: Run chart-testing (install) run: | diff --git a/Makefile b/Makefile index e3ca8a9221..f50eef0646 100644 --- a/Makefile +++ b/Makefile @@ -3,13 +3,13 @@ ################################## # DEFAULTS ################################## -GIT_VERSION := $(shell git describe --always --tags) +GIT_VERSION := $(shell git describe --match "v[0-9]*") GIT_BRANCH := $(shell git branch | grep \* | cut -d ' ' -f2) GIT_HASH := $(GIT_BRANCH)/$(shell git log -1 --pretty=format:"%H") TIMESTAMP := $(shell date '+%Y-%m-%d_%I:%M:%S%p') CONTROLLER_GEN=controller-gen CONTROLLER_GEN_REQ_VERSION := v0.4.0 -VERSION ?= $(shell git describe --always --tags) +VERSION ?= $(shell git describe --match "v[0-9]*") REGISTRY?=ghcr.io REPO=$(REGISTRY)/kyverno diff --git a/pkg/policyreport/builder.go b/pkg/policyreport/builder.go index aff8c5bcf7..2e7c16d620 100755 --- a/pkg/policyreport/builder.go +++ b/pkg/policyreport/builder.go @@ -13,6 +13,7 @@ import ( "github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/utils" + "github.com/kyverno/kyverno/pkg/version" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -21,6 +22,9 @@ import ( ) const ( + // appVersion represents which version of Kyverno manages rcr / crcr + appVersion string = "app.kubernetes.io/version" + // the following labels are used to list rcr / crcr resourceLabelNamespace string = "kyverno.io/resource.namespace" deletedLabelPolicy string = "kyverno.io/delete.policy" @@ -181,6 +185,7 @@ func set(obj *unstructured.Unstructured, info Info) { obj.SetLabels(map[string]string{ resourceLabelNamespace: info.Namespace, + appVersion: version.BuildVersion, }) } diff --git a/pkg/policyreport/reportcontroller.go b/pkg/policyreport/reportcontroller.go index f4c67d3d80..ea4f1577f4 100644 --- a/pkg/policyreport/reportcontroller.go +++ b/pkg/policyreport/reportcontroller.go @@ -31,6 +31,7 @@ import ( policyreport "github.com/kyverno/kyverno/pkg/client/listers/policyreport/v1alpha2" "github.com/kyverno/kyverno/pkg/config" dclient "github.com/kyverno/kyverno/pkg/dclient" + "github.com/kyverno/kyverno/pkg/version" ) const ( @@ -143,7 +144,30 @@ func generateCacheKey(changeRequest interface{}) string { return "" } +// managedRequest returns true if the request is managed by +// the current version of Kyverno instance +func managedRequest(changeRequest interface{}) bool { + labels := make(map[string]string) + + if request, ok := changeRequest.(*changerequest.ReportChangeRequest); ok { + labels = request.GetLabels() + } else if request, ok := changeRequest.(*changerequest.ClusterReportChangeRequest); ok { + labels = request.GetLabels() + } + + if v, ok := labels[appVersion]; !ok || v != version.BuildVersion { + return false + } + + return true +} + func (g *ReportGenerator) addReportChangeRequest(obj interface{}) { + if !managedRequest(obj) { + g.cleanupReportRequests([]*changerequest.ReportChangeRequest{obj.(*changerequest.ReportChangeRequest)}) + return + } + key := generateCacheKey(obj) g.queue.Add(key) } @@ -155,11 +179,21 @@ func (g *ReportGenerator) updateReportChangeRequest(old interface{}, cur interfa return } + if !managedRequest(curReq) { + g.cleanupReportRequests([]*changerequest.ReportChangeRequest{curReq}) + return + } + key := generateCacheKey(cur) g.queue.Add(key) } func (g *ReportGenerator) addClusterReportChangeRequest(obj interface{}) { + if !managedRequest(obj) { + g.cleanupReportRequests([]*changerequest.ClusterReportChangeRequest{obj.(*changerequest.ClusterReportChangeRequest)}) + return + } + key := generateCacheKey(obj) g.queue.Add(key) } @@ -172,6 +206,10 @@ func (g *ReportGenerator) updateClusterReportChangeRequest(old interface{}, cur return } + if !managedRequest(curReq) { + return + } + g.queue.Add("") } @@ -461,7 +499,8 @@ func (g *ReportGenerator) aggregateReports(namespace string) ( report *unstructured.Unstructured, aggregatedRequests interface{}, err error) { if namespace == "" { - requests, err := g.clusterReportChangeRequestLister.List(labels.Everything()) + selector := labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion})) + requests, err := g.clusterReportChangeRequestLister.List(selector) if err != nil { return nil, nil, fmt.Errorf("unable to list ClusterReportChangeRequests within: %v", err) } @@ -482,7 +521,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) ( ns.SetDeletionTimestamp(&now) } - selector := labels.SelectorFromSet(labels.Set(map[string]string{resourceLabelNamespace: namespace})) + selector := labels.SelectorFromSet(labels.Set(map[string]string{appVersion: version.BuildVersion, resourceLabelNamespace: namespace})) requests, err := g.reportChangeRequestLister.ReportChangeRequests(config.KyvernoNamespace).List(selector) if err != nil { return nil, nil, fmt.Errorf("unable to list reportChangeRequests within namespace %s: %v", ns, err) diff --git a/scripts/create-e2e-infrastruture.sh b/scripts/create-e2e-infrastruture.sh index 216e597954..9151f5d32a 100755 --- a/scripts/create-e2e-infrastruture.sh +++ b/scripts/create-e2e-infrastruture.sh @@ -3,7 +3,7 @@ set -e pwd=$(pwd) -hash=$(git describe --always --tags) +hash=$(git describe --match "v[0-9]*") # ## Install Kind curl -Lo $pwd/kind https://kind.sigs.k8s.io/dl/v0.11.0/kind-linux-amd64