From c8ec5fe99aa4049c90ee742587a447d95714e0fd Mon Sep 17 00:00:00 2001 From: Mariam Fahmy Date: Wed, 2 Oct 2024 17:26:04 +0300 Subject: [PATCH] feat: add dumpPatch flag Signed-off-by: Mariam Fahmy --- charts/kyverno/README.md | 1 + charts/kyverno/templates/_helpers.tpl | 3 +++ .../kyverno/templates/admission-controller/deployment.yaml | 1 + charts/kyverno/values.yaml | 3 +++ cmd/kyverno/main.go | 1 + config/install-latest-testing.yaml | 1 + pkg/toggle/toggle.go | 6 ++++++ pkg/webhooks/resource/mutation/mutation.go | 5 ++++- 8 files changed, 20 insertions(+), 1 deletion(-) diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 2bfa820d95e7..49dd52f46928 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -300,6 +300,7 @@ The chart values are organised per component. | features.configMapCaching.enabled | bool | `true` | Enables the feature | | features.deferredLoading.enabled | bool | `true` | Enables the feature | | features.dumpPayload.enabled | bool | `false` | Enables the feature | +| features.dumpPatches.enabled | bool | `false` | Enables the feature | | features.forceFailurePolicyIgnore.enabled | bool | `false` | Enables the feature | | features.logging.format | string | `"text"` | Logging format | | features.logging.verbosity | int | `2` | Logging verbosity | diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl index f3504d3b0439..bd8331eb0520 100644 --- a/charts/kyverno/templates/_helpers.tpl +++ b/charts/kyverno/templates/_helpers.tpl @@ -34,6 +34,9 @@ {{- with .dumpPayload -}} {{- $flags = append $flags (print "--dumpPayload=" .enabled) -}} {{- end -}} +{{- with .dumpPatches -}} + {{- $flags = append $flags (print "--dumpPatches=" .enabled) -}} +{{- end -}} {{- with .forceFailurePolicyIgnore -}} {{- $flags = append $flags (print "--forceFailurePolicyIgnore=" .enabled) -}} {{- end -}} diff --git a/charts/kyverno/templates/admission-controller/deployment.yaml b/charts/kyverno/templates/admission-controller/deployment.yaml index 996f27e66912..bf1b92133072 100644 --- a/charts/kyverno/templates/admission-controller/deployment.yaml +++ b/charts/kyverno/templates/admission-controller/deployment.yaml @@ -156,6 +156,7 @@ spec: "deferredLoading" "dumpPayload" "forceFailurePolicyIgnore" + "dumpPatches" "logging" "omitEvents" "policyExceptions" diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 012f221ff0d1..002fd92ef66c 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -370,6 +370,9 @@ features: dumpPayload: # -- Enables the feature enabled: false + dumpPatches: + # -- Enables the feature + enabled: false forceFailurePolicyIgnore: # -- Enables the feature enabled: false diff --git a/cmd/kyverno/main.go b/cmd/kyverno/main.go index 7aa83c7ebe57..848f96030a79 100644 --- a/cmd/kyverno/main.go +++ b/cmd/kyverno/main.go @@ -203,6 +203,7 @@ func main() { flagset.DurationVar(&webhookRegistrationTimeout, "webhookRegistrationTimeout", 120*time.Second, "Timeout for webhook registration, e.g., 30s, 1m, 5m.") flagset.Func(toggle.ProtectManagedResourcesFlagName, toggle.ProtectManagedResourcesDescription, toggle.ProtectManagedResources.Parse) flagset.Func(toggle.ForceFailurePolicyIgnoreFlagName, toggle.ForceFailurePolicyIgnoreDescription, toggle.ForceFailurePolicyIgnore.Parse) + flagset.Func(toggle.DumpMutatePatchesFlagName, toggle.DumpMutatePatchesDescription, toggle.DumpMutatePatches.Parse) flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.") flagset.IntVar(&servicePort, "servicePort", 443, "Port used by the Kyverno Service resource and for webhook configurations.") flagset.StringVar(&backgroundServiceAccountName, "backgroundServiceAccountName", "", "Background service account name.") diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml index ba377b62aa0c..4d58c59441a0 100644 --- a/config/install-latest-testing.yaml +++ b/config/install-latest-testing.yaml @@ -32426,6 +32426,7 @@ spec: - --enableConfigMapCaching=true - --enableDeferredLoading=true - --dumpPayload=false + - --dumpPatches=false - --forceFailurePolicyIgnore=false - --loggingFormat=text - --v=2 diff --git a/pkg/toggle/toggle.go b/pkg/toggle/toggle.go index 9126531ef6e9..648cf42e1aa1 100644 --- a/pkg/toggle/toggle.go +++ b/pkg/toggle/toggle.go @@ -21,12 +21,18 @@ const ( EnableDeferredLoadingDescription = "enable deferred loading of context variables" enableDeferredLoadingEnvVar = "FLAG_ENABLE_DEFERRED_LOADING" defaultEnableDeferredLoading = true + // dump mutate patches + DumpMutatePatchesFlagName = "dumpPatches" + DumpMutatePatchesDescription = "Set the flag to 'true', to dump mutate patches." + dumpMutatePatchesEnvVar = "FLAG_DUMP_PATCHES" + defaultDumpMutatePatches = false ) var ( ProtectManagedResources = newToggle(defaultProtectManagedResources, protectManagedResourcesEnvVar) ForceFailurePolicyIgnore = newToggle(defaultForceFailurePolicyIgnore, forceFailurePolicyIgnoreEnvVar) EnableDeferredLoading = newToggle(defaultEnableDeferredLoading, enableDeferredLoadingEnvVar) + DumpMutatePatches = newToggle(defaultDumpMutatePatches, dumpMutatePatchesEnvVar) ) type Toggle interface { diff --git a/pkg/webhooks/resource/mutation/mutation.go b/pkg/webhooks/resource/mutation/mutation.go index cee51e058982..125d45c66c72 100644 --- a/pkg/webhooks/resource/mutation/mutation.go +++ b/pkg/webhooks/resource/mutation/mutation.go @@ -12,6 +12,7 @@ import ( "github.com/kyverno/kyverno/pkg/event" "github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/openapi" + "github.com/kyverno/kyverno/pkg/toggle" "github.com/kyverno/kyverno/pkg/tracing" engineutils "github.com/kyverno/kyverno/pkg/utils/engine" jsonutils "github.com/kyverno/kyverno/pkg/utils/json" @@ -66,7 +67,9 @@ func (h *mutationHandler) HandleMutation( if err != nil { return nil, nil, err } - h.log.V(6).Info("", "generated patches", string(mutatePatches)) + if toggle.DumpMutatePatches.Enabled() { + h.log.V(2).Info("", "generated patches", string(mutatePatches)) + } return mutatePatches, webhookutils.GetWarningMessages(mutateEngineResponses), nil }