fix: cleanup controller context from #7597 (#7672)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-28 18:38:40 +00:00 · 2023-06-26 16:57:23 +02:00 · 2023-06-26 16:57:23 +02:00 · f3a5a885e0
commit f3a5a885e0
parent 8aef874d75
4 changed files with 36 additions and 15 deletions
--- a/charts/kyverno/templates/cleanup-controller/clusterrole.yaml
+++ b/charts/kyverno/templates/cleanup-controller/clusterrole.yaml
@ -45,6 +45,14 @@ rules:
    verbs:
      - list
      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
  - apiGroups:
      - batch
    resources:
--- a/cmd/cleanup-controller/handlers/cleanup/handlers.go
+++ b/cmd/cleanup-controller/handlers/cleanup/handlers.go
@ -5,6 +5,7 @@ import (
 	"time"

 	"github.com/go-logr/logr"
+	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
 	kyvernov2alpha1 "github.com/kyverno/kyverno/api/kyverno/v2alpha1"
 	kyvernov2alpha1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v2alpha1"
@ -12,6 +13,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	enginecontext "github.com/kyverno/kyverno/pkg/engine/context"
+	"github.com/kyverno/kyverno/pkg/engine/factories"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/metrics"
@ -35,6 +37,7 @@ type handlers struct {
 	cpolLister kyvernov2alpha1listers.ClusterCleanupPolicyLister
 	polLister  kyvernov2alpha1listers.CleanupPolicyLister
 	nsLister   corev1listers.NamespaceLister
+	cmResolver engineapi.ConfigmapResolver
 	recorder   record.EventRecorder
 	jp         jmespath.Interface
 	metrics    cleanupMetrics
@ -73,6 +76,7 @@ func New(
 	cpolLister kyvernov2alpha1listers.ClusterCleanupPolicyLister,
 	polLister kyvernov2alpha1listers.CleanupPolicyLister,
 	nsLister corev1listers.NamespaceLister,
+	cmResolver engineapi.ConfigmapResolver,
 	jp jmespath.Interface,
 ) *handlers {
 	return &handlers{
@ -80,6 +84,7 @@ func New(
 		cpolLister: cpolLister,
 		polLister:  polLister,
 		nsLister:   nsLister,
+		cmResolver: cmResolver,
 		recorder:   event.NewRecorder(event.CleanupController, client.GetEventsInterface()),
 		metrics:    newCleanupMetrics(logger),
 		jp:         jp,
@ -114,21 +119,11 @@ func (h *handlers) executePolicy(ctx context.Context, logger logr.Logger, policy
 	debug := logger.V(4)
 	var errs []error
 	enginectx := enginecontext.NewContext(h.jp)
-
-	if spec.Context != nil {
-		for _, entry := range spec.Context {
-			if entry.APICall != nil {
-				if err := engineapi.LoadAPIData(ctx, h.jp, logger, entry, enginectx, h.client); err != nil {
-					return err
-				}
-			} else if entry.Variable != nil {
-				if err := engineapi.LoadVariable(logger, h.jp, entry, enginectx); err != nil {
-					return err
-				}
-			}
-		}
+	factory := factories.DefaultContextLoaderFactory(h.cmResolver)
+	loader := factory(nil, kyvernov1.Rule{})
+	if err := loader.Load(ctx, h.jp, h.client, nil, spec.Context, enginectx); err != nil {
+		return err
 	}
-
 	for kind := range kinds {
 		commonLabels := []attribute.KeyValue{
 			attribute.String("policy_type", policy.GetKind()),
--- a/cmd/cleanup-controller/main.go
+++ b/cmd/cleanup-controller/main.go
@ -66,6 +66,7 @@ func main() {
 		internal.WithLeaderElection(),
 		internal.WithKyvernoClient(),
 		internal.WithKyvernoDynamicClient(),
+		internal.WithConfigMapCaching(),
 		internal.WithFlagSets(flagset),
 	)
 	// parse flags
@ -197,7 +198,16 @@ func main() {
 	}
 	// create handlers
 	admissionHandlers := admissionhandlers.New(setup.KyvernoDynamicClient)
-	cleanupHandlers := cleanuphandlers.New(setup.Logger.WithName("cleanup-handler"), setup.KyvernoDynamicClient, cpolLister, polLister, nsLister, setup.Jp)
+	cmResolver := internal.NewConfigMapResolver(ctx, setup.Logger, setup.KubeClient, resyncPeriod)
+	cleanupHandlers := cleanuphandlers.New(
+		setup.Logger.WithName("cleanup-handler"),
+		setup.KyvernoDynamicClient,
+		cpolLister,
+		polLister,
+		nsLister,
+		cmResolver,
+		setup.Jp,
+	)
 	// create server
 	server := NewServer(
 		func() ([]byte, []byte, error) {
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -37891,6 +37891,14 @@ rules:
    verbs:
      - list
      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
  - apiGroups:
      - batch
    resources: