chore: add UpdateRequests reconciliation details (#1066)

* add ur retry logic Signed-off-by: ShutingZhao <shuting@nirmata.com> * Update content/en/docs/Writing policies/generate.md Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: shuting <shuting@nirmata.com> * add new spec attribute Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com> Signed-off-by: shuting <shuting@nirmata.com> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com>
kyverno · Dec 30, 2023 · 6ac331b · 6ac331b
1 parent 5539732
commit 6ac331b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/content/en/docs/Writing policies/generate.md b/content/en/docs/Writing policies/generate.md
@@ -410,6 +410,8 @@ A `UpdateRequest` status can have one of four values:
 * `Pending`: the request is yet to be processed or the resource has not been created
 * `Skip`: marked when triggering the generate policy by adding a label/annotation to the existing resource, while the selector is not defined in the policy itself.
 
+Note that Kyverno will retry up to three times to reconcile an `UpdateRequest` in a `Failed` status. The `UpdateRequest` will be garbage collected if it exceeds the retry threshold.
+
 Kyverno processes generate rules in a combination of the admission controller and the background controller. For further details of the internals of how these work and how high availability and scale are handled, refer to the [High Availability](/docs/high-availability/) page.
 
 ## Troubleshooting

diff --git a/content/en/docs/Writing policies/policy-settings.md b/content/en/docs/Writing policies/policy-settings.md
@@ -21,6 +21,8 @@ A [policy](/docs/kyverno-policies/) contains one or more rules, and the followin
 
 * **schemaValidation**: controls whether policy validation checks are applied. Defaults to "true". Kyverno will attempt to validate the schema of a policy and fail if it cannot determine it satisfies the OpenAPI schema definition for that resource. Can occur on either validate or mutate policies. Set to "false" to skip schema validation. This field is deprecated as of 1.11 and currently has no effect. Scheduled to be removed in a future version.
 
+* **skipBackgroundRequests**: bypasses admission requests that are sent by the background controller. The default value is set to "true", it must be set to "false" to apply generate and mutateExisting rules to those requests.
+
 * **useServerSideApply**: controls whether to use server-side apply for generate rules. Defaults to `false`. If set to `true`, Kyverno will use server-side apply when generating resources allowing other controllers to know which fields Kyverno owns.
 
 * **validationFailureAction**: controls if a validation policy rule failure should block the admission review request (`Enforce`) or allow (`Audit`) the admission review request and report the policy failure in a policy report. Defaults to `Audit`.