refactor: update updaterequest to be created for each policy (kyverno…

…#10793) * chore: remove v1beta1 updaterequest definitions Signed-off-by: ShutingZhao <[email protected]> * feat: update UR to map a policy instead a rule; adapt UR mapping changes for admission review Signed-off-by: ShutingZhao <[email protected]> * feat: update code-gen Signed-off-by: ShutingZhao <[email protected]> * fix: linter Signed-off-by: ShutingZhao <[email protected]> * fix: remove unused function Signed-off-by: ShutingZhao <[email protected]> * fix: add missing files Signed-off-by: ShutingZhao <[email protected]> * fix: add missing files Signed-off-by: ShutingZhao <[email protected]> * chore: update ur in policy controller Signed-off-by: ShutingZhao <[email protected]> * feat: update crds Signed-off-by: ShutingZhao <[email protected]> * feat: adapt ur changes in the background controller Signed-off-by: ShutingZhao <[email protected]> * fix: linter Signed-off-by: ShutingZhao <[email protected]> * fix: more linter Signed-off-by: ShutingZhao <[email protected]> * feat: modify mapping relationship for deletion events Signed-off-by: ShutingZhao <[email protected]> * feat: remedy missing target for policy application Signed-off-by: ShutingZhao <[email protected]> * fix: fetching logic for triggers Signed-off-by: ShutingZhao <[email protected]> * fix: clean up targets upon policy deletion Signed-off-by: ShutingZhao <[email protected]> * chore: update crds Signed-off-by: ShutingZhao <[email protected]> * merge main Signed-off-by: ShutingZhao <[email protected]> * merge main Signed-off-by: ShutingZhao <[email protected]> * fix: adds delay before assertion Signed-off-by: ShutingZhao <[email protected]> * chore: update docs Signed-off-by: ShutingZhao <[email protected]> * fix: wrong yaml format Signed-off-by: ShutingZhao <[email protected]> * feat: update error handling logic Signed-off-by: ShutingZhao <[email protected]> * fix(attempt): enable more debug info Signed-off-by: ShutingZhao <[email protected]> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <[email protected]> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <[email protected]> * fix(attempt): enable debug log Signed-off-by: ShutingZhao <[email protected]> * fix: makefile to update ur crds Signed-off-by: ShutingZhao <[email protected]> * fix: generate existing Signed-off-by: ShutingZhao <[email protected]> * fix: skip empty ur generation Signed-off-by: ShutingZhao <[email protected]> * fix: update install.yaml Signed-off-by: ShutingZhao <[email protected]> --------- Signed-off-by: ShutingZhao <[email protected]>
TnGadaria · Aug 13, 2024 · 481798c · 481798c
1 parent de37a04
commit 481798c
Show file tree

Hide file tree

Showing 43 changed files with 951 additions and 1,526 deletions.
diff --git a/.github/actions/kyverno-logs/action.yaml b/.github/actions/kyverno-logs/action.yaml
@@ -14,15 +14,9 @@ runs:
       run: |
         kubectl -n kyverno get pod
         kubectl -n kyverno describe pod | grep -i events -A10
-    - shell: bash
-      run: |
-        kubectl -n kyverno logs deploy/kyverno-admission-controller --all-containers -p || true
-        kubectl -n kyverno logs deploy/kyverno-reports-controller --all-containers -p || true
-        kubectl -n kyverno logs deploy/kyverno-cleanup-controller --all-containers -p || true
-        kubectl -n kyverno logs deploy/kyverno-background-controller --all-containers -p || true
     - shell: bash
       run: |
         kubectl -n kyverno logs deploy/kyverno-admission-controller --all-containers
+        kubectl -n kyverno logs deploy/kyverno-background-controller --all-containers
         kubectl -n kyverno logs deploy/kyverno-reports-controller --all-containers
         kubectl -n kyverno logs deploy/kyverno-cleanup-controller --all-containers
-        kubectl -n kyverno logs deploy/kyverno-background-controller --all-containers
diff --git a/Makefile b/Makefile
@@ -501,7 +501,7 @@ codegen-client-all: codegen-client-wrappers
 codegen-crds-kyverno: ## Generate kyverno CRDs
 	@echo Generate kyverno crds... >&2
 	@rm -rf $(CRDS_PATH)/kyverno && mkdir -p $(CRDS_PATH)/kyverno
-	@go run ./hack/controller-gen -- paths=./api/kyverno/... crd:crdVersions=v1,ignoreUnexportedFields=true,generateEmbeddedObjectMeta=false output:dir=$(CRDS_PATH)/kyverno
+	@go run ./hack/controller-gen -- paths=./api/kyverno/v1/... paths=./api/kyverno/v2/... paths=./api/kyverno/v2alpha1/... paths=./api/kyverno/v2beta1/... crd:crdVersions=v1,ignoreUnexportedFields=true,generateEmbeddedObjectMeta=false output:dir=$(CRDS_PATH)/kyverno
 
 .PHONY: codegen-crds-policyreport
 codegen-crds-policyreport: ## Generate policy reports CRDs

diff --git a/api/kyverno/v2/constants.go b/api/kyverno/v2/constants.go
@@ -10,9 +10,5 @@ const (
 
 	// URGeneratePolicyLabel adds the policy name to URs for generate policies
 	URGeneratePolicyLabel          = "generate.kyverno.io/policy-name"
-	URGenerateResourceNameLabel    = "generate.kyverno.io/resource-name"
-	URGenerateResourceUIDLabel     = "generate.kyverno.io/resource-uid"
-	URGenerateResourceNSLabel      = "generate.kyverno.io/resource-namespace"
-	URGenerateResourceKindLabel    = "generate.kyverno.io/resource-kind"
 	URGenerateRetryCountAnnotation = "generate.kyverno.io/retry-count"
 )
diff --git a/api/kyverno/v2/updaterequest_types.go b/api/kyverno/v2/updaterequest_types.go
@@ -82,23 +82,45 @@ type UpdateRequestSpec struct {
 	// Specifies the name of the policy.
 	Policy string `json:"policy" yaml:"policy"`
 
+	// RuleContext is the associate context to apply rules.
+	// optional
+	RuleContext []RuleContext `json:"ruleContext,omitempty" yaml:"ruleContext,omitempty"`
+
 	// Rule is the associate rule name of the current UR.
 	Rule string `json:"rule" yaml:"rule"`
 
 	// DeleteDownstream represents whether the downstream needs to be deleted.
+	// Deprecated
 	DeleteDownstream bool `json:"deleteDownstream" yaml:"deleteDownstream"`
 
 	// Synchronize represents the sync behavior of the corresponding rule
 	// Optional. Defaults to "false" if not specified.
+	// Deprecated, will be removed in 1.14.
 	Synchronize bool `json:"synchronize,omitempty" yaml:"synchronize,omitempty"`
 
 	// ResourceSpec is the information to identify the trigger resource.
 	Resource kyvernov1.ResourceSpec `json:"resource" yaml:"resource"`
 
-	// Context ...
+	// Context represents admission request context.
+	// It is used upon admission review only and is shared across rules within the same UR.
 	Context UpdateRequestSpecContext `json:"context" yaml:"context"`
 }
 
+type RuleContext struct {
+	// Rule is the associate rule name of the current UR.
+	Rule string `json:"rule" yaml:"rule"`
+
+	// DeleteDownstream represents whether the downstream needs to be deleted.
+	DeleteDownstream bool `json:"deleteDownstream" yaml:"deleteDownstream"`
+
+	// Synchronize represents the sync behavior of the corresponding rule
+	// Optional. Defaults to "false" if not specified.
+	Synchronize bool `json:"synchronize,omitempty" yaml:"synchronize,omitempty"`
+
+	// ResourceSpec is the information to identify the trigger resource.
+	Trigger kyvernov1.ResourceSpec `json:"trigger" yaml:"resource"`
+}
+
 // UpdateRequestSpecContext stores the context to be shared.
 type UpdateRequestSpecContext struct {
 	// +optional

diff --git a/api/kyverno/v2/zz_generated.deepcopy.go b/api/kyverno/v2/zz_generated.deepcopy.go