Skip to content

Commit

Permalink
Add kyverno to processor
Browse files Browse the repository at this point in the history 
Signed-off-by: Mmadu Manasseh <[email protected]>
  • Loading branch information
@MeNsaaH
MeNsaaH committed Dec 18, 2024
1 parent 53a514f commit 6c8f707
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 4 deletions.
1 change: 0 additions & 1 deletion cmd/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,6 @@ var ControllerCmd = &cobra.Command{
if err = processLocations(ctx, ctr, cfg.KyvernoPoliciesLocation); err != nil {
log.Fatal().Err(err).Msg("failed to process kyverno policies locations")
}
log.Debug().Strs("locations", cfg.KyvernoPoliciesLocation).Msg("kyverno policies locations after processing")

processors, err := getProcessors(ctr)
if err != nil {
Expand Down
9 changes: 9 additions & 0 deletions cmd/processors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"github.com/zapier/kubechecks/pkg/checks/diff"
"github.com/zapier/kubechecks/pkg/checks/hooks"
"github.com/zapier/kubechecks/pkg/checks/kubeconform"
"github.com/zapier/kubechecks/pkg/checks/kyverno"
"github.com/zapier/kubechecks/pkg/checks/preupgrade"
"github.com/zapier/kubechecks/pkg/checks/rego"
"github.com/zapier/kubechecks/pkg/container"
Expand Down Expand Up @@ -57,5 +58,13 @@ func getProcessors(ctr container.Container) ([]checks.ProcessorEntry, error) {
})
}

if ctr.Config.EnableKyvernoChecks {
procs = append(procs, checks.ProcessorEntry{
Name: "running kyverno check",
Processor: kyverno.Check,
WorstState: ctr.Config.WorstPreupgradeState,
})
}

return procs, nil
}
2 changes: 2 additions & 0 deletions localdev/kubechecks/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ configMap:
KUBECHECKS_ENABLE_KYVERNO_CHECKS: "true"
KUBECHECKS_KYVERNO_POLICIES_LOCATION: "https://gitlab.com/zapier/team-sre/service-kyverno.git"
KUBECHECKS_KYVERNO_POLICIES_PATHS: "argocd/production/templates/checks"
KUBECHECKS_ARGOCD_SEND_FULL_REPOSITORY: "true"
KUBECHECKS_ARGOCD_REPOSITORY_ENDPOINT: argocd-repo-server.kubechecks:8081
GRPC_ENFORCE_ALPN_ENABLED: false


Expand Down
6 changes: 3 additions & 3 deletions localdev/terraform/modules/vcs_files/mr5_files/apps/httpdump/overlays/a/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../../base
- ../../base

patchesStrategicMerge:
- replica-patch.yaml
patches:
- path: replica-patch.yaml
10 changes: 10 additions & 0 deletions pkg/checks/kyverno/kyverno.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,25 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ
_, span := tracer.Start(ctx, "KyvernoValidate")
defer span.End()

log.Debug().Msg("Creating temporary file for app manifests")
tempFile, err := os.CreateTemp("/tmp", "appManifests-*.yaml")
if err != nil {
log.Error().Err(err).Msg("Failed to create temporary file")
return msg.Result{}, err
}
defer os.Remove(tempFile.Name())

log.Debug().Str("tempFile", tempFile.Name()).Msg("Temporary file created")

for _, manifest := range appManifests {
if _, err := tempFile.WriteString(manifest + "\n"); err != nil {
log.Error().Err(err).Msg("Failed to write manifest to temporary file")
return msg.Result{}, err
}
}

if err := tempFile.Close(); err != nil {
log.Error().Err(err).Msg("Failed to close temporary file")
return msg.Result{}, err
}

Expand All @@ -47,6 +53,7 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ
var output strings.Builder
applyCommand.SetOutput(&output)
if err := applyCommand.Execute(); err != nil {
log.Error().Err(err).Msg("Failed to execute kyverno apply command")
return msg.Result{}, err
}
log.Info().Msg(output.String())
Expand All @@ -58,9 +65,12 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ
cr.State = pkg.StateSuccess
}

log.Debug().Str("report", output.String()).Msg("Kyverno validation completed")
cr.Summary = "<b>Show kyverno report:</b>"
cr.Details = fmt.Sprintf(">Kyverno Policy Report \n\n%s", output.String())

log.Debug().Msg("Kyverno validation completed")

return cr, nil
}

Expand Down

0 comments on commit 6c8f707

Please sign in to comment.