mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-05 15:37:19 +00:00
e2469415b7
* feat; add support for custom sigstore using TUF Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kuttl test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add commit hash Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add kyverno.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update kyverno deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update ordering Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update create image step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove wait step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: set sha on install crane Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add cosign installer Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update custom deployment Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: helm chart linting Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Chart.yaml Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: helm values liniting error Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove step Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: kind-deploy-kyverno Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create configmap in kyverno namespace Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update policy Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: create kyverno ns Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use envfrom Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: indentation Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add sigstore volume Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove tuf root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use default tuf instead :( Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update Create kind cluster Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove root Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update impl Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: nit Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: use custom test Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove force Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: cosign initialize Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add yes flag Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * update manifest Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: move tuf to features Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update comments Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: helmchart generate Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: trailing white space Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove old fields Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: decouple env config map from tuf Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * change the way we pass flags Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: re add envConfigMap Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix env vars Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove envConfigMap Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
121 lines
5 KiB
Go
121 lines
5 KiB
Go
package internal
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-logr/logr"
|
|
apiserverclient "github.com/kyverno/kyverno/pkg/clients/apiserver"
|
|
"github.com/kyverno/kyverno/pkg/clients/dclient"
|
|
dynamicclient "github.com/kyverno/kyverno/pkg/clients/dynamic"
|
|
kubeclient "github.com/kyverno/kyverno/pkg/clients/kube"
|
|
kyvernoclient "github.com/kyverno/kyverno/pkg/clients/kyverno"
|
|
metadataclient "github.com/kyverno/kyverno/pkg/clients/metadata"
|
|
"github.com/kyverno/kyverno/pkg/config"
|
|
"github.com/kyverno/kyverno/pkg/engine/jmespath"
|
|
"github.com/kyverno/kyverno/pkg/imageverifycache"
|
|
"github.com/kyverno/kyverno/pkg/metrics"
|
|
"github.com/kyverno/kyverno/pkg/registryclient"
|
|
corev1listers "k8s.io/client-go/listers/core/v1"
|
|
)
|
|
|
|
func shutdown(logger logr.Logger, sdowns ...context.CancelFunc) context.CancelFunc {
|
|
return func() {
|
|
for i := range sdowns {
|
|
if sdowns[i] != nil {
|
|
logger.Info("shutting down...")
|
|
defer sdowns[i]()
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
type SetupResult struct {
|
|
Logger logr.Logger
|
|
Configuration config.Configuration
|
|
MetricsConfiguration config.MetricsConfiguration
|
|
MetricsManager metrics.MetricsConfigManager
|
|
Jp jmespath.Interface
|
|
KubeClient kubeclient.UpstreamInterface
|
|
LeaderElectionClient kubeclient.UpstreamInterface
|
|
RegistryClient registryclient.Client
|
|
ImageVerifyCacheClient imageverifycache.Client
|
|
RegistrySecretLister corev1listers.SecretNamespaceLister
|
|
KyvernoClient kyvernoclient.UpstreamInterface
|
|
DynamicClient dynamicclient.UpstreamInterface
|
|
ApiServerClient apiserverclient.UpstreamInterface
|
|
MetadataClient metadataclient.UpstreamInterface
|
|
KyvernoDynamicClient dclient.Interface
|
|
}
|
|
|
|
func Setup(config Configuration, name string, skipResourceFilters bool) (context.Context, SetupResult, context.CancelFunc) {
|
|
logger := setupLogger()
|
|
showVersion(logger)
|
|
printFlagSettings(logger)
|
|
showWarnings(config, logger)
|
|
check(logger)
|
|
sdownMaxProcs := setupMaxProcs(logger)
|
|
setupProfiling(logger)
|
|
ctx, sdownSignals := setupSignals(logger)
|
|
client := kubeclient.From(createKubernetesClient(logger), kubeclient.WithTracing())
|
|
metricsConfiguration := startMetricsConfigController(ctx, logger, client)
|
|
metricsManager, sdownMetrics := SetupMetrics(ctx, logger, metricsConfiguration, client)
|
|
client = client.WithMetrics(metricsManager, metrics.KubeClient)
|
|
configuration := startConfigController(ctx, logger, client, skipResourceFilters)
|
|
sdownTracing := SetupTracing(logger, name, client)
|
|
var registryClient registryclient.Client
|
|
var registrySecretLister corev1listers.SecretNamespaceLister
|
|
if config.UsesRegistryClient() {
|
|
registryClient, registrySecretLister = setupRegistryClient(ctx, logger, client)
|
|
}
|
|
var imageVerifyCache imageverifycache.Client
|
|
if config.UsesImageVerifyCache() {
|
|
imageVerifyCache = setupImageVerifyCache(ctx, logger)
|
|
}
|
|
if config.UsesCosign() {
|
|
setupSigstoreTUF(ctx, logger)
|
|
}
|
|
var leaderElectionClient kubeclient.UpstreamInterface
|
|
if config.UsesLeaderElection() {
|
|
leaderElectionClient = createKubernetesClient(logger, kubeclient.WithMetrics(metricsManager, metrics.KubeClient), kubeclient.WithTracing())
|
|
}
|
|
var kyvernoClient kyvernoclient.UpstreamInterface
|
|
if config.UsesKyvernoClient() {
|
|
kyvernoClient = createKyvernoClient(logger, kyvernoclient.WithMetrics(metricsManager, metrics.KyvernoClient), kyvernoclient.WithTracing())
|
|
}
|
|
var dynamicClient dynamicclient.UpstreamInterface
|
|
if config.UsesDynamicClient() {
|
|
dynamicClient = createDynamicClient(logger, dynamicclient.WithMetrics(metricsManager, metrics.DynamicClient), dynamicclient.WithTracing())
|
|
}
|
|
var apiServerClient apiserverclient.UpstreamInterface
|
|
if config.UsesApiServerClient() {
|
|
apiServerClient = createApiServerClient(logger, apiserverclient.WithMetrics(metricsManager, metrics.ApiServerClient), apiserverclient.WithTracing())
|
|
}
|
|
var dClient dclient.Interface
|
|
if config.UsesKyvernoDynamicClient() {
|
|
dClient = createKyvernoDynamicClient(logger, ctx, dynamicClient, client, 15*time.Minute)
|
|
}
|
|
var metadataClient metadataclient.UpstreamInterface
|
|
if config.UsesMetadataClient() {
|
|
metadataClient = createMetadataClient(logger, metadataclient.WithMetrics(metricsManager, metrics.MetadataClient), metadataclient.WithTracing())
|
|
}
|
|
return ctx,
|
|
SetupResult{
|
|
Logger: logger,
|
|
Configuration: configuration,
|
|
MetricsConfiguration: metricsConfiguration,
|
|
MetricsManager: metricsManager,
|
|
Jp: jmespath.New(configuration),
|
|
KubeClient: client,
|
|
LeaderElectionClient: leaderElectionClient,
|
|
RegistryClient: registryClient,
|
|
ImageVerifyCacheClient: imageVerifyCache,
|
|
RegistrySecretLister: registrySecretLister,
|
|
KyvernoClient: kyvernoClient,
|
|
DynamicClient: dynamicClient,
|
|
ApiServerClient: apiServerClient,
|
|
MetadataClient: metadataClient,
|
|
KyvernoDynamicClient: dClient,
|
|
},
|
|
shutdown(logger.WithName("shutdown"), sdownMaxProcs, sdownMetrics, sdownTracing, sdownSignals)
|
|
}
|