diff --git a/cmd/controller.go b/cmd/controller.go index fb99069d..5a3879f7 100644 --- a/cmd/controller.go +++ b/cmd/controller.go @@ -83,7 +83,6 @@ var ControllerCmd = &cobra.Command{ if err = processLocations(ctx, ctr, cfg.KyvernoPoliciesLocation); err != nil { log.Fatal().Err(err).Msg("failed to process kyverno policies locations") } - log.Debug().Strs("locations", cfg.KyvernoPoliciesLocation).Msg("kyverno policies locations after processing") processors, err := getProcessors(ctr) if err != nil { diff --git a/cmd/processors.go b/cmd/processors.go index 1b0aecaf..274ca2f8 100644 --- a/cmd/processors.go +++ b/cmd/processors.go @@ -7,6 +7,7 @@ import ( "github.com/zapier/kubechecks/pkg/checks/diff" "github.com/zapier/kubechecks/pkg/checks/hooks" "github.com/zapier/kubechecks/pkg/checks/kubeconform" + "github.com/zapier/kubechecks/pkg/checks/kyverno" "github.com/zapier/kubechecks/pkg/checks/preupgrade" "github.com/zapier/kubechecks/pkg/checks/rego" "github.com/zapier/kubechecks/pkg/container" @@ -57,5 +58,13 @@ func getProcessors(ctr container.Container) ([]checks.ProcessorEntry, error) { }) } + if ctr.Config.EnableKyvernoChecks { + procs = append(procs, checks.ProcessorEntry{ + Name: "running kyverno check", + Processor: kyverno.Check, + WorstState: ctr.Config.WorstPreupgradeState, + }) + } + return procs, nil } diff --git a/localdev/kubechecks/values.yaml b/localdev/kubechecks/values.yaml index 28b669d0..f87b4354 100644 --- a/localdev/kubechecks/values.yaml +++ b/localdev/kubechecks/values.yaml @@ -24,6 +24,8 @@ configMap: KUBECHECKS_ENABLE_KYVERNO_CHECKS: "true" KUBECHECKS_KYVERNO_POLICIES_LOCATION: "https://gitlab.com/zapier/team-sre/service-kyverno.git" KUBECHECKS_KYVERNO_POLICIES_PATHS: "argocd/production/templates/checks" + KUBECHECKS_ARGOCD_SEND_FULL_REPOSITORY: "true" + KUBECHECKS_ARGOCD_REPOSITORY_ENDPOINT: argocd-repo-server.kubechecks:8081 GRPC_ENFORCE_ALPN_ENABLED: false diff --git a/localdev/terraform/modules/vcs_files/mr5_files/apps/httpdump/overlays/a/kustomization.yaml b/localdev/terraform/modules/vcs_files/mr5_files/apps/httpdump/overlays/a/kustomization.yaml index fc09adc6..118f8961 100644 --- a/localdev/terraform/modules/vcs_files/mr5_files/apps/httpdump/overlays/a/kustomization.yaml +++ b/localdev/terraform/modules/vcs_files/mr5_files/apps/httpdump/overlays/a/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../base +- ../../base -patchesStrategicMerge: - - replica-patch.yaml \ No newline at end of file +patches: +- path: replica-patch.yaml diff --git a/pkg/checks/kyverno/kyverno.go b/pkg/checks/kyverno/kyverno.go index 77df4035..63dadf0a 100644 --- a/pkg/checks/kyverno/kyverno.go +++ b/pkg/checks/kyverno/kyverno.go @@ -22,19 +22,25 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ _, span := tracer.Start(ctx, "KyvernoValidate") defer span.End() + log.Debug().Msg("Creating temporary file for app manifests") tempFile, err := os.CreateTemp("/tmp", "appManifests-*.yaml") if err != nil { + log.Error().Err(err).Msg("Failed to create temporary file") return msg.Result{}, err } defer os.Remove(tempFile.Name()) + log.Debug().Str("tempFile", tempFile.Name()).Msg("Temporary file created") + for _, manifest := range appManifests { if _, err := tempFile.WriteString(manifest + "\n"); err != nil { + log.Error().Err(err).Msg("Failed to write manifest to temporary file") return msg.Result{}, err } } if err := tempFile.Close(); err != nil { + log.Error().Err(err).Msg("Failed to close temporary file") return msg.Result{}, err } @@ -47,6 +53,7 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ var output strings.Builder applyCommand.SetOutput(&output) if err := applyCommand.Execute(); err != nil { + log.Error().Err(err).Msg("Failed to execute kyverno apply command") return msg.Result{}, err } log.Info().Msg(output.String()) @@ -58,9 +65,12 @@ func kyvernoValidate(ctx context.Context, ctr container.Container, appName, targ cr.State = pkg.StateSuccess } + log.Debug().Str("report", output.String()).Msg("Kyverno validation completed") cr.Summary = "Show kyverno report:" cr.Details = fmt.Sprintf(">Kyverno Policy Report \n\n%s", output.String()) + log.Debug().Msg("Kyverno validation completed") + return cr, nil }