Skip to content

Commit

Permalink
Merge pull request #438 from kubearmor/fix-probe
Browse files Browse the repository at this point in the history
fix(probe): directly fetch kubearmor pods from k8s api instead of listing nodes
  • Loading branch information
DelusionalOptimist authored May 27, 2024
2 parents 80ceb6a + a64b744 commit 39b65a1
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 25 deletions.
4 changes: 0 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,6 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/DATA-DOG/go-sqlmock v1.5.1 h1:FK6RCIUSfmbnI/imIICmboyQBkOckutaa6R5YYlLZyo=
github.com/DATA-DOG/go-sqlmock v1.5.1/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU=
github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
Expand Down Expand Up @@ -2259,8 +2257,6 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
helm.sh/helm/v3 v3.14.2 h1:V71fv+NGZv0icBlr+in1MJXuUIHCiPG1hW9gEBISTIA=
helm.sh/helm/v3 v3.14.2/go.mod h1:2itvvDv2WSZXTllknfQo6j7u3VVgMAvm8POCDgYH424=
helm.sh/helm/v3 v3.14.3 h1:HmvRJlwyyt9HjgmAuxHbHv3PhMz9ir/XNWHyXfmnOP4=
helm.sh/helm/v3 v3.14.3/go.mod h1:v6myVbyseSBJTzhmeE39UcPLNv6cQK6qss3dvgAySaE=
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
Expand Down
36 changes: 16 additions & 20 deletions probe/probe.go
Original file line number Diff line number Diff line change
Expand Up @@ -422,7 +422,8 @@ func getKubeArmorDaemonset(c *k8s.Client, o Options) (bool, *Status) {
return false, nil
}
desired, ready, available := w.Items[0].Status.DesiredNumberScheduled, w.Items[0].Status.NumberReady, w.Items[0].Status.NumberAvailable
if desired != ready && desired != available {
if desired != ready && desired != available && ready == 0 {
// set kubearmor to not running only if there are 0 ready pods
return false, nil
}
DaemonSetStatus := Status{
Expand Down Expand Up @@ -487,21 +488,23 @@ func getKubeArmorContainers(c *k8s.Client, o Options) map[string]*KubeArmorPodSp
// ProbeRunningKubeArmorNodes extracts data from running KubeArmor daemonset by executing into the container and reading /tmp/kubearmor.cfg
func ProbeRunningKubeArmorNodes(c *k8s.Client, o Options) ([]KubeArmorProbeData, map[string]KubeArmorProbeData, error) {
// KubeArmor Nodes
nodes, err := c.K8sClientset.CoreV1().Nodes().List(context.Background(), metav1.ListOptions{})
if err != nil {
return []KubeArmorProbeData{}, nil, fmt.Errorf("error occured when getting nodes %s", err.Error())
}
pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
LabelSelector: "kubearmor-app=kubearmor",
})

if len(nodes.Items) == 0 {
if err != nil || len(pods.Items) == 0 {
return []KubeArmorProbeData{}, nil, fmt.Errorf("no nodes found")
}
nodeData := make(map[string]KubeArmorProbeData)

var dataList []KubeArmorProbeData
for i, item := range nodes.Items {
data, err := readDataFromKubeArmor(c, o, item.Name)
for i, item := range pods.Items {
if item.Status.Phase != corev1.PodRunning {
continue
}
data, err := readDataFromKubeArmor(c, item)
if err != nil {
return []KubeArmorProbeData{}, nil, err
continue
}
dataList = append(dataList, data)
nodeData["Node"+strconv.Itoa(i+1)] = data
Expand All @@ -510,25 +513,18 @@ func ProbeRunningKubeArmorNodes(c *k8s.Client, o Options) ([]KubeArmorProbeData,
return dataList, nodeData, nil
}

func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) (KubeArmorProbeData, error) {
func readDataFromKubeArmor(c *k8s.Client, pod corev1.Pod) (KubeArmorProbeData, error) {
srcPath := "/tmp/karmorProbeData.cfg"
pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
LabelSelector: "kubearmor-app=kubearmor",
FieldSelector: "spec.nodeName=" + nodeName,
})
if err != nil || pods == nil || len(pods.Items) == 0 {
return KubeArmorProbeData{}, fmt.Errorf("error occured while getting KubeArmor pods %s", err.Error())
}
reader, outStream := io.Pipe()
cmdArr := []string{"cat", srcPath}
req := c.K8sClientset.CoreV1().RESTClient().
Get().
Namespace(pods.Items[0].Namespace).
Namespace(pod.Namespace).
Resource("pods").
Name(pods.Items[0].Name).
Name(pod.Name).
SubResource("exec").
VersionedParams(&corev1.PodExecOptions{
Container: pods.Items[0].Spec.Containers[0].Name,
Container: pod.Spec.Containers[0].Name,
Command: cmdArr,
Stdin: false,
Stdout: true,
Expand Down
2 changes: 1 addition & 1 deletion profile/Client/profileClient.go
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,7 @@ func convertToJSON(Operation string, data []Profile) {
}
if len(jsonArray) > 0 {
filepath := "Profile_Summary/"
err := os.MkdirAll(filepath, os.ModePerm)
err := os.MkdirAll(filepath, 0600)
err = os.WriteFile(filepath+Operation+".json", []byte(jsonArray[0]), 0600)
if err != nil {
panic(err)
Expand Down

0 comments on commit 39b65a1

Please sign in to comment.