Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help with understanding background policies #1229

Open
achaikaJH opened this issue Feb 6, 2025 · 0 comments
Open

Help with understanding background policies #1229

achaikaJH opened this issue Feb 6, 2025 · 0 comments

Comments

@achaikaJH
Copy link

Running:

kyverno: 1.12.6
k8s: 1.30.6 (Azure AKS)

I have below policy, which supposedly should update deployments with the costsavedownscale: "true" label if they are in the correct namespace and cluster name is right. And it is working, but only by admission, not background controller. So unless there is a change made to the deployment, label isn't assigned.
I can see that background controller adds UR, but nothing else happens, no label being added.
So, is this something I do not understand or doing correctly?

kyverno-background-controller-7996c8578-s5zst controller 2025-02-06T15:05:20Z	INFO	PolicyController.handleMutate.mutate-deployments-adding-secondary-clusters-label	policy/mutate.go:15	update URs on policy event
kyverno-background-controller-7996c8578-s5zst controller 2025-02-06T15:05:22Z	INFO	PolicyController.handleGenerate.mutate-deployments-adding-secondary-clusters-label	policy/generate.go:21	update URs on policy event

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: mutate-deployments-adding-secondary-clusters-label
  annotations:
    policies.kyverno.io/title: Mutate deployments
    policies.kyverno.io/category: Deployment
    policies.kyverno.io/subject: Deployment, Pod
    policies.kyverno.io/minversion: 1.6.0
    policies.kyverno.io/description: "This policy adds downscale labels to secondary clusters deployments"
spec:
  mutateExistingOnPolicyUpdate: true
  rules:
    - name: mutate-deployments
      context:
        - name: namespacefilters
          configMap:
            name: namespace-filters
            namespace: kyverno
      match:
        any:
          - resources:
              kinds:
                - Deployment
              namespaces:
                - "ns-org*"
      exclude:
        any:
          - resources:
              kinds:
                - Deployment
              namespaceSelector:
                matchExpressions:
                  - key: active
                    operator: In
                    values: ["true"]
      preconditions:
        all:
        - key: "{{ namespacefilters.data.clustername || '' }}"
          operator: AnyIn
          value: "{{ \"namespacefilters\".data.\"secondaryclusters\" | parse_json(@) }}"
      mutate:
        targets:
          - apiVersion: apps/v1
            kind: Deployment
            name: "{{ request.object.metadata.name }}"
        patchStrategicMerge:
          metadata:
            labels:
              costsavedownscale: "true"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@achaikaJH