[Bug] Nonsense log `applying background rule` #12069

anbrsap · 2025-02-03T15:44:41Z

Kyverno Version

1.13.2

Kubernetes Version

1.30.x

Kubernetes Platform

Other (specify in description)

Kyverno Rule Type

Validate

Description

I have a cluster policy containing mutate, validate and generate rules.

For all these rules the admission controller logs applying background rule although the request is not coming from the background controller:

{
    "level": "-3",
    "gvk": "/v1, Kind=Pod",
    "gvr": {
        "group": "",
        "version": "v1",
        "resource": "pods"
    },
    "namespace": "test-ns",
    "name": "test-pod-jwwdt",
    "operation": "UPDATE",
    "user": {
        "username": "system:serviceaccount:kube-system:calico-cni-plugin"
    },
    "URLParams": "",
    "v": 4,
    "logger": "webhooks/resource/validate",
    "rule": "validate-rule-1",
    "skipBackgroundRequests": true,
    "backgroundSaDesired": "system:serviceaccount:kyverno:kyverno-background-controller",
    "backgroundSaActual": "system:serviceaccount:kube-system:calico-cni-plugin",
    "time": "2025-02-03T14:00:24Z",
    "message": "applying background rule"
}

Steps to reproduce

Create a policy which has a generate rule or mutate-existing rule, plus at least another type of rule (validate, mutate)
Set admission controller log verbosity level >= 4
Create a K8s API request that results in a webhook to Kyverno which matches the generate rule or mutate-existing rule.
See the above-mentionen log entry for all rules in the policy.

Expected behavior

applying background rule should only be logged if the K8s API request has been created by the Kyverno background controller.

Also see the respective lines of code.

Screenshots

No response

Kyverno logs

Slack discussion

No response

Troubleshooting

I have read and followed the documentation AND the troubleshooting guide.
I have searched other issues in this repository and mine is not recorded.

The text was updated successfully, but these errors were encountered:

dosubot · 2025-05-05T16:00:57Z

Hi, @anbrsap. I'm Dosu, and I'm helping the kyverno team manage their backlog. I'm marking this issue as stale.

Issue Summary:

Reported bug in Kyverno version 1.13.2.
Admission controller logs "applying background rule" for all rules.
Expected behavior: log should appear only for requests from the background controller.
Includes steps to reproduce and a link to relevant code.
No comments or updates have been made on this issue.

Next Steps:

Please confirm if this issue is still relevant to the latest version of Kyverno.
If no further activity occurs, this issue will be automatically closed in 60 days.

Thank you for your understanding and contribution!

anbrsap · 2025-05-06T06:56:31Z

Of course this is still relevant.

dosubot · 2025-05-06T06:59:15Z

@realshuting, the user @anbrsap has confirmed that this issue is still relevant. Could you please assist them with the reported bug in Kyverno version 1.13.2?

anbrsap added bug Something isn't working triage Default label assigned to all new issues indicating label curation is needed to fully organize. labels Feb 3, 2025

dosubot bot added the validation Issues pertaining to the validate ability. label Feb 3, 2025

dosubot bot added the stale Stale issue, may be closed in the near future if nothing happens label May 5, 2025

dosubot bot removed the stale Stale issue, may be closed in the near future if nothing happens label May 6, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] Nonsense log `applying background rule` #12069

[Bug] Nonsense log `applying background rule` #12069

[Bug] Nonsense log applying background rule #12069

[Bug] Nonsense log applying background rule #12069

Comments

Kyverno Version

Kubernetes Version

Kubernetes Platform

Kyverno Rule Type

Description

Steps to reproduce

Expected behavior

Screenshots

Kyverno logs

Slack discussion

Troubleshooting

[Bug] Nonsense log `applying background rule` #12069

[Bug] Nonsense log `applying background rule` #12069