mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity

retry secret fetching and fix config for mountedSecret usage

Browse source 
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
This commit is contained in:
Frank Jogeleit 2023-05-30 20:40:01 +02:00
parent c164cff966
commit 96da05aea0
2 changed files with 39 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
charts/policy-reporter/config.yaml
View file

@ -4,6 +4,7 @@ loki:
skipTLS: {{ .Values.target.loki.skipTLS }}
path: {{ .Values.target.loki.path | quote }}
secretRef: {{ .Values.target.loki.secretRef | quote }}
mountedSecret: {{ .Values.target.loki.mountedSecret | quote }}
minimumPriority: {{ .Values.target.loki.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.loki.skipExistingOnStartup }}
{{- with .Values.target.loki.customLabels }}
@ -30,6 +31,7 @@ elasticsearch:
username: {{ .Values.target.elasticsearch.username | quote }}
password: {{ .Values.target.elasticsearch.password | quote }}
secretRef: {{ .Values.target.elasticsearch.secretRef | quote }}
mountedSecret: {{ .Values.target.elasticsearch.mountedSecret | quote }}
index: {{ .Values.target.elasticsearch.index | default "policy-reporter" | quote }}
rotation: {{ .Values.target.elasticsearch.rotation | default "daily" | quote }}
minimumPriority: {{ .Values.target.elasticsearch.minimumPriority | quote }}
@ -55,6 +57,7 @@ slack:
webhook: {{ .Values.target.slack.webhook | quote }}
channel: {{ .Values.target.slack.channel | quote }}
secretRef: {{ .Values.target.slack.secretRef | quote }}
mountedSecret: {{ .Values.target.slack.mountedSecret | quote }}
minimumPriority: {{ .Values.target.slack.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.slack.skipExistingOnStartup }}
{{- with .Values.target.slack.customFields }}
@ -77,6 +80,7 @@ slack:
discord:
webhook: {{ .Values.target.discord.webhook | quote }}
secretRef: {{ .Values.target.discord.secretRef | quote }}
mountedSecret: {{ .Values.target.discord.mountedSecret | quote }}
minimumPriority: {{ .Values.target.discord.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.discord.skipExistingOnStartup }}
{{- with .Values.target.discord.customFields }}
@ -101,6 +105,7 @@ teams:
certificate: {{ .Values.target.teams.certificate | quote }}
skipTLS: {{ .Values.target.teams.skipTLS }}
secretRef: {{ .Values.target.teams.secretRef | quote }}
mountedSecret: {{ .Values.target.teams.mountedSecret | quote }}
minimumPriority: {{ .Values.target.teams.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.teams.skipExistingOnStartup }}
{{- with .Values.target.teams.customFields }}
@ -125,6 +130,7 @@ webhook:
certificate: {{ .Values.target.webhook.certificate | quote }}
skipTLS: {{ .Values.target.webhook.skipTLS }}
secretRef: {{ .Values.target.webhook.secretRef | quote }}
mountedSecret: {{ .Values.target.webhook.mountedSecret | quote }}
minimumPriority: {{ .Values.target.webhook.minimumPriority | quote }}
skipExistingOnStartup: {{ .Values.target.webhook.skipExistingOnStartup }}
{{- with .Values.target.webhook.sources }}
@ -191,6 +197,7 @@ kinesis:
accessKeyID: {{ .Values.target.kinesis.accessKeyID }}
secretAccessKey: {{ .Values.target.kinesis.secretAccessKey }}
secretRef: {{ .Values.target.kinesis.secretRef | quote }}
mountedSecret: {{ .Values.target.kinesis.mountedSecret | quote }}
region: {{ .Values.target.kinesis.region }}
endpoint: {{ .Values.target.kinesis.endpoint }}
streamName: {{ .Values.target.kinesis.streamName }}
@ -218,6 +225,7 @@ securityHub:
accessKeyID: {{ .Values.target.securityHub.accessKeyID }}
secretAccessKey: {{ .Values.target.securityHub.secretAccessKey }}
secretRef: {{ .Values.target.securityHub.secretRef | quote }}
mountedSecret: {{ .Values.target.securityHub.mountedSecret | quote }}
region: {{ .Values.target.securityHub.region }}
endpoint: {{ .Values.target.securityHub.endpoint }}
streamName: {{ .Values.target.securityHub.streamName }}
@ -243,6 +251,7 @@ securityHub:
gcs:
credentials: {{ .Values.target.gcs.credentials }}
secretRef: {{ .Values.target.gcs.secretRef | quote }}
mountedSecret: {{ .Values.target.gcs.mountedSecret | quote }}
bucket: {{ .Values.target.gcs.bucket }}
prefix: {{ .Values.target.gcs.prefix }}
minimumPriority: {{ .Values.target.gcs.minimumPriority | quote }}

31
pkg/kubernetes/secrets/client.go
View file

@ -3,8 +3,11 @@ package secrets
import (
"context"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
v1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/util/retry"
)
type Values struct {
@ -32,7 +35,33 @@ type k8sClient struct {
}
func (c *k8sClient) Get(ctx context.Context, name string) (Values, error) {
secret, err := c.client.Get(ctx, name, metav1.GetOptions{})
var secret *corev1.Secret
err := retry.OnError(retry.DefaultRetry, func(err error) bool {
if _, ok := err.(errors.APIStatus); !ok {
return true
}
if ok := errors.IsTimeout(err); ok {
return true
}
if ok := errors.IsServerTimeout(err); ok {
return true
}
if ok := errors.IsServiceUnavailable(err); ok {
return true
}
return false
}, func() error {
var err error
secret, err = c.client.Get(ctx, name, metav1.GetOptions{})
return err
})
values := Values{}
if err != nil {
return values, err