Skip to content

api: add skipBackgroundRequests support for MutatingPolicy and GeneratingPolicy #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
atharrva01 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

api: add skipBackgroundRequests support for MutatingPolicy and GeneratingPolicy #42

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions api/policies.kyverno.io/v1beta1/generating_policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,16 @@ func (s GeneratingPolicySpec) AdmissionEnabled() bool {
return *s.EvaluationConfiguration.Admission.Enabled
}

// SkipBackgroundRequestsEnabled returns whether background requests should be skipped.
// Returns true by default.
func (s GeneratingPolicySpec) SkipBackgroundRequestsEnabled() bool {
const defaultValue = true
if s.EvaluationConfiguration == nil || s.EvaluationConfiguration.SkipBackgroundRequests == nil {
return defaultValue
}
return *s.EvaluationConfiguration.SkipBackgroundRequests
}

type GeneratingPolicyEvaluationConfiguration struct {
// Admission controls policy evaluation during admission.
// +optional
Expand All @@ -276,6 +286,13 @@ type GeneratingPolicyEvaluationConfiguration struct {

// OrphanDownstreamOnPolicyDelete defines the configuration for orphaning downstream resources on policy delete.
OrphanDownstreamOnPolicyDelete *OrphanDownstreamOnPolicyDeleteConfiguration `json:"orphanDownstreamOnPolicyDelete,omitempty"`

// SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
// The default value is set to "true", it must be set to "false" to apply
// generate rules to those requests.
// +kubebuilder:default=true
// +kubebuilder:validation:Optional
SkipBackgroundRequests *bool `json:"skipBackgroundRequests,omitempty"`
}

// GenerateExistingConfiguration defines the configuration for generating resources for existing triggers.
Expand Down
17 changes: 17 additions & 0 deletions api/policies.kyverno.io/v1beta1/mutating_policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -404,6 +404,16 @@ func (s MutatingPolicySpec) MutateExistingEnabled() bool {
return *s.EvaluationConfiguration.MutateExistingConfiguration.Enabled
}

// SkipBackgroundRequestsEnabled returns whether background requests should be skipped.
// Returns true by default.
func (s MutatingPolicySpec) SkipBackgroundRequestsEnabled() bool {
const defaultValue = true
if s.EvaluationConfiguration == nil || s.EvaluationConfiguration.SkipBackgroundRequests == nil {
return defaultValue
}
return *s.EvaluationConfiguration.SkipBackgroundRequests
}

type MutatingPolicyEvaluationConfiguration struct {
// Mode is the mode of policy evaluation.
// Allowed values are "Kubernetes" or "JSON".
Expand All @@ -422,6 +432,13 @@ type MutatingPolicyEvaluationConfiguration struct {
// MutateExisting controls whether existing resources are mutated.
// +optional
MutateExistingConfiguration *MutateExistingConfiguration `json:"mutateExisting,omitempty"`

// SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
// The default value is set to "true", it must be set to "false" to apply
// mutateExisting rules to those requests.
// +kubebuilder:default=true
// +kubebuilder:validation:Optional
SkipBackgroundRequests *bool `json:"skipBackgroundRequests,omitempty"`
}

type MutatingPolicyAutogenConfiguration struct {
Expand Down
10 changes: 10 additions & 0 deletions api/policies.kyverno.io/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions charts/kyverno-api/templates/crds/policies.kyverno.io_generatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down
14 changes: 14 additions & 0 deletions charts/kyverno-api/templates/crds/policies.kyverno.io_mutatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4453,6 +4453,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -5465,6 +5472,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down
7 changes: 7 additions & 0 deletions charts/kyverno-api/templates/crds/policies.kyverno.io_namespacedgeneratingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -706,6 +706,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down
14 changes: 14 additions & 0 deletions charts/kyverno-api/templates/crds/policies.kyverno.io_namespacedmutatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2305,6 +2305,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -3317,6 +3324,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down
42 changes: 42 additions & 0 deletions config/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2993,6 +2993,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down Expand Up @@ -14897,6 +14904,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -15909,6 +15923,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -18814,6 +18835,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down Expand Up @@ -26275,6 +26303,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -27287,6 +27322,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down
7 changes: 7 additions & 0 deletions config/crds/policies.kyverno.io_generatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1316,6 +1316,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down
14 changes: 14 additions & 0 deletions config/crds/policies.kyverno.io_mutatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4451,6 +4451,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -5463,6 +5470,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down
7 changes: 7 additions & 0 deletions config/crds/policies.kyverno.io_namespacedgeneratingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,13 @@ spec:
Optional. Defaults to "false" if not specified.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
generate rules to those requests.
type: boolean
synchronize:
description: Synchronization defines the configuration for the
synchronization of generated resources.
Expand Down
14 changes: 14 additions & 0 deletions config/crds/policies.kyverno.io_namespacedmutatingpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2303,6 +2303,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down Expand Up @@ -3315,6 +3322,13 @@ spec:
When spec.targetMatchConstraints is not defined, Kyverno mutates existing resources matched in spec.matchConstraints.
type: boolean
type: object
skipBackgroundRequests:
default: true
description: |-
SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to "true", it must be set to "false" to apply
mutateExisting rules to those requests.
type: boolean
type: object
failurePolicy:
description: |-
Expand Down
26 changes: 26 additions & 0 deletions docs/user/crd/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13958,6 +13958,19 @@ <h3 id="policies.kyverno.io/v1beta1.GeneratingPolicyEvaluationConfiguration">Gen
<p>OrphanDownstreamOnPolicyDelete defines the configuration for orphaning downstream resources on policy delete.</p>
</td>
</tr>
<tr>
<td>
<code>skipBackgroundRequests</code><br/>
<em>
bool
</em>
</td>
<td>
<p>SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to &ldquo;true&rdquo;, it must be set to &ldquo;false&rdquo; to apply
generate rules to those requests.</p>
</td>
</tr>
</tbody>
</table>
<hr />
Expand Down Expand Up @@ -15149,6 +15162,19 @@ <h3 id="policies.kyverno.io/v1beta1.MutatingPolicyEvaluationConfiguration">Mutat
<p>MutateExisting controls whether existing resources are mutated.</p>
</td>
</tr>
<tr>
<td>
<code>skipBackgroundRequests</code><br/>
<em>
bool
</em>
</td>
<td>
<p>SkipBackgroundRequests bypasses admission requests that are sent by the background controller.
The default value is set to &ldquo;true&rdquo;, it must be set to &ldquo;false&rdquo; to apply
mutateExisting rules to those requests.</p>
</td>
</tr>
</tbody>
</table>
<hr />
Expand Down
Loading