-
Notifications
You must be signed in to change notification settings - Fork 784
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Skipping a resource re-validation overwrites to original result #10169
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
Could you please share with us the policy and the resource manifests to be able to reproduce the issue and fix it? Thanks. |
OK then here's an example from one of our clusters.
|
I am not able to reproduce the bug you are facing. I applied the policy first and then the deployment. Here are the events:
Here is the corresponding policy report:
I tested it against 1.11 and the main branch and both generate report with |
After updating the deployment, the policy report changes to have a
|
Kyverno Version
1.11.4
Description
We're providing K8s clusters with Kyverno & Policy-Reporter to different DevOps teams. The DevOps are running multiple environments like "production" or "stage" on this clusters. They recieve Kyverno-Policy-Reports, one per month.
We noticed an unexpected difference in policy-reports between two identical environments. The difference comes from an report entry with the result "skip" and the message "skipping modified resource as validation results have not changed".
We expected this entry to be "warn" in compare to the other environment.
Policy-Reporter then seems to ignore this entry and the differences are confusing the DevOps. Without previous knowledge from the first validation result we're not able to know the original validation result.
As described in https://kyverno.io/docs/policy-reports/#report-result-logic "skip" should only be set when a Precondition or PolicyException is the reason. I think the result should not be changed to "skip" when Kyverno skips the validation for technical reasons.
Slack discussion
No response
Troubleshooting
The text was updated successfully, but these errors were encountered: