mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-06 16:06:56 +00:00
e9a972a362
* Fix Dev setup * webhook monitor - start webhook monitor in main process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leaderelection Signed-off-by: Jim Bugwadia <jim@nirmata.com> * - add isLeader; - update to use configmap lock Signed-off-by: Shuting Zhao <shutting06@gmail.com> * - add initialization method - add methods to get attributes Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * remove newContext in runLeaderElection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to GenerateController Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * skip processing for non-leaders Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add leader election to generate cleanup controller Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Gracefully drain request * HA - Webhook Register / Webhook Monitor / Certificate Renewer (#1920) * enable leader election for webhook register Signed-off-by: Shuting Zhao <shutting06@gmail.com> * extract certManager to its own process Signed-off-by: Shuting Zhao <shutting06@gmail.com> * leader election for cert manager Signed-off-by: Shuting Zhao <shutting06@gmail.com> * certManager - init certs by the leader Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * update log message Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add leader election to policy report controller Signed-off-by: Shuting Zhao <shutting06@gmail.com> * rebuild leader election config Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start informers in leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * start policy informers in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * enable leader election in main Signed-off-by: Shuting Zhao <shutting06@gmail.com> * move eventHandler to the leader election start method Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * add clusterrole leaderelection Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fixed generate flow (#1936) Signed-off-by: NoSkillGirl <singhpooja240393@gmail.com> * - init separate kubeclient for leaderelection - fix webhook monitor Signed-off-by: Shuting Zhao <shutting06@gmail.com> * address reviewdog comments Signed-off-by: Shuting Zhao <shutting06@gmail.com> * cleanup Kyverno managed resources on stopLeading Signed-off-by: Shuting Zhao <shutting06@gmail.com> * tag v1.4.0-beta1 Signed-off-by: Shuting Zhao <shutting06@gmail.com> * fix cleanup process on Kyverno stops Signed-off-by: Shuting Zhao <shutting06@gmail.com> * bump kind to 0.11.0, k8s v1.21 (#1980) Co-authored-by: vyankatesh <vyankatesh@neualto.com> Co-authored-by: vyankatesh <vyankateshkd@gmail.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: Pooja Singh <36136335+NoSkillGirl@users.noreply.github.com>
138 lines
4.1 KiB
Go
138 lines
4.1 KiB
Go
package common
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
enginutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
|
"github.com/pkg/errors"
|
|
v1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
|
"k8s.io/client-go/informers"
|
|
listerv1 "k8s.io/client-go/listers/core/v1"
|
|
"sigs.k8s.io/controller-runtime/pkg/log"
|
|
)
|
|
|
|
// Policy Reporting Modes
|
|
const (
|
|
Enforce = "enforce" // blocks the request on failure
|
|
Audit = "audit" // dont block the request on failure, but report failiures as policy violations
|
|
)
|
|
|
|
// Policy Reporting Types
|
|
const (
|
|
PolicyViolation = "POLICYVIOLATION"
|
|
PolicyReport = "POLICYREPORT"
|
|
)
|
|
|
|
// GetNamespaceSelectorsFromGenericInformer - extracting the namespacelabels when generic informer is passed
|
|
func GetNamespaceSelectorsFromGenericInformer(kind, namespaceOfResource string, nsInformer informers.GenericInformer, logger logr.Logger) map[string]string {
|
|
namespaceLabels := make(map[string]string)
|
|
if kind != "Namespace" {
|
|
runtimeNamespaceObj, err := nsInformer.Lister().Get(namespaceOfResource)
|
|
if err != nil {
|
|
log.Log.Error(err, "failed to get the namespace", "name", namespaceOfResource)
|
|
return namespaceLabels
|
|
}
|
|
|
|
unstructuredObj := runtimeNamespaceObj.(*unstructured.Unstructured)
|
|
return unstructuredObj.GetLabels()
|
|
}
|
|
return namespaceLabels
|
|
}
|
|
|
|
// GetNamespaceSelectorsFromNamespaceLister - extract the namespacelabels when namespace lister is passed
|
|
func GetNamespaceSelectorsFromNamespaceLister(kind, namespaceOfResource string, nsLister listerv1.NamespaceLister, logger logr.Logger) map[string]string {
|
|
namespaceLabels := make(map[string]string)
|
|
if kind != "Namespace" {
|
|
namespaceObj, err := nsLister.Get(namespaceOfResource)
|
|
if err != nil {
|
|
log.Log.Error(err, "failed to get the namespace", "name", namespaceOfResource)
|
|
return namespaceLabels
|
|
}
|
|
return GetNamespaceLabels(namespaceObj, logger)
|
|
}
|
|
return namespaceLabels
|
|
}
|
|
|
|
// GetNamespaceLabels - from namespace obj
|
|
func GetNamespaceLabels(namespaceObj *v1.Namespace, logger logr.Logger) map[string]string {
|
|
namespaceObj.Kind = "Namespace"
|
|
namespaceRaw, err := json.Marshal(namespaceObj)
|
|
namespaceUnstructured, err := enginutils.ConvertToUnstructured(namespaceRaw)
|
|
if err != nil {
|
|
logger.Error(err, "failed to convert object resource to unstructured format")
|
|
}
|
|
return namespaceUnstructured.GetLabels()
|
|
}
|
|
|
|
// GetKindFromGVK - get kind and APIVersion from GVK
|
|
func GetKindFromGVK(str string) (apiVersion string, kind string) {
|
|
if strings.Count(str, "/") == 0 {
|
|
return "", str
|
|
}
|
|
splitString := strings.Split(str, "/")
|
|
if strings.Count(str, "/") == 1 {
|
|
return splitString[0], splitString[1]
|
|
}
|
|
return splitString[0] + "/" + splitString[1], splitString[2]
|
|
}
|
|
|
|
func VariableToJSON(key, value string) []byte {
|
|
var subString string
|
|
splitBySlash := strings.Split(key, "\"")
|
|
if len(splitBySlash) > 1 {
|
|
subString = splitBySlash[1]
|
|
}
|
|
|
|
startString := ""
|
|
endString := ""
|
|
lenOfVariableString := 0
|
|
addedSlashString := false
|
|
for _, k := range strings.Split(splitBySlash[0], ".") {
|
|
if k != "" {
|
|
startString += fmt.Sprintf(`{"%s":`, k)
|
|
endString += `}`
|
|
lenOfVariableString = lenOfVariableString + len(k) + 1
|
|
if lenOfVariableString >= len(splitBySlash[0]) && len(splitBySlash) > 1 && !addedSlashString {
|
|
startString += fmt.Sprintf(`{"%s":`, subString)
|
|
endString += `}`
|
|
addedSlashString = true
|
|
}
|
|
}
|
|
}
|
|
|
|
midString := fmt.Sprintf(`"%s"`, strings.Replace(value, `"`, `\"`, -1))
|
|
finalString := startString + midString + endString
|
|
var jsonData = []byte(finalString)
|
|
return jsonData
|
|
}
|
|
|
|
func RetryFunc(retryInterval, timeout time.Duration, run func() error, logger logr.Logger) func() error {
|
|
return func() error {
|
|
registerTimeout := time.After(timeout)
|
|
registerTicker := time.NewTicker(retryInterval)
|
|
defer registerTicker.Stop()
|
|
var err error
|
|
|
|
loop:
|
|
for {
|
|
select {
|
|
case <-registerTicker.C:
|
|
err = run()
|
|
if err != nil {
|
|
logger.V(3).Info("Failed to register admission control webhooks", "reason", err.Error())
|
|
} else {
|
|
break loop
|
|
}
|
|
|
|
case <-registerTimeout:
|
|
return errors.Wrap(err, "Timeout registering admission control webhooks")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
}
|