feat: Support NetworkPolicy relationships

Signed-off-by: Justin Toh <tohjustin@hotmail.com>

README.md

@@ -94,6 +94,7 @@ List of supported relationships used for discovering dependent objects:
   - [Event References](https://kubernetes.io/docs/reference/kubernetes-api/cluster-resources/event-v1/)
   - [Ingress References](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-v1/) & [IngressClass References](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/ingress-class-v1/)
   - [MutatingWebhookConfiguration References](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1/) & [ValidatingWebhookConfiguration References](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/)
+  - [NetworkPolicy References](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/)
   - [PersistentVolume References](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/) & [PersistentVolumeClaim References](https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/)
   - [Pod References](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/)
   - [PodDisruptionBudget References](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/)

internal/graph/graph.go

@@ -514,6 +514,13 @@ func ResolveDependents(m meta.RESTMapper, objects []unstructuredv1.Unstructured,
 				klog.V(4).Infof("Failed to get relationships for ingressclass named \"%s\": %s", node.Name, err)
 				continue
 			}
+		// Populate dependents based on NetworkPolicy relationships
+		case node.Group == "networking.k8s.io" && node.Kind == "NetworkPolicy":
+			rmap, err = getNetworkPolicyRelationships(node)
+			if err != nil {
+				klog.V(4).Infof("Failed to get relationships for networkpolicy named \"%s\": %s", node.Name, err)
+				continue
+			}
 		// Populate dependents based on RuntimeClass relationships
 		case node.Group == "node.k8s.io" && node.Kind == "RuntimeClass":
 			rmap, err = getRuntimeClassRelationships(node)

internal/graph/kubernetes.go

@@ -54,6 +54,9 @@ const (
 	// Kubernetes MutatingWebhookConfiguration & ValidatingWebhookConfiguration relationships.
 	RelationshipWebhookConfigurationService Relationship = "WebhookConfigurationService"
 
+	// Kubernetes RelationshipNetworkPolicy relationships.
+	RelationshipNetworkPolicy Relationship = "NetworkPolicy"
+
 	// Kubernetes Owner-Dependent relationships.
 	RelationshipControllerRef Relationship = "ControllerReference"
 	RelationshipOwnerRef      Relationship = "OwnerReference"
@@ -428,6 +431,31 @@ func getMutatingWebhookConfigurationRelationships(n *Node) (*RelationshipMap, er
 	return &result, nil
 }
 
+// getNetworkPolicyRelationships returns a map of relationships that this
+// NetworkPolicy has with other objects, based on what was referenced in its
+// manifest.
+func getNetworkPolicyRelationships(n *Node) (*RelationshipMap, error) {
+	var netpol networkingv1.NetworkPolicy
+	err := runtime.DefaultUnstructuredConverter.FromUnstructured(n.UnstructuredContent(), &netpol)
+	if err != nil {
+		return nil, err
+	}
+
+	var ols ObjectLabelSelector
+	ns := netpol.Namespace
+	result := newRelationshipMap()
+
+	// RelationshipNetworkPolicy
+	selector, err := metav1.LabelSelectorAsSelector(&netpol.Spec.PodSelector)
+	if err != nil {
+		return nil, err
+	}
+	ols = ObjectLabelSelector{Kind: "Pod", Namespace: ns, Selector: selector}
+	result.AddDependencyByLabelSelector(ols, RelationshipNetworkPolicy)
+
+	return &result, nil
+}
+
 // getPersistentVolumeRelationships returns a map of relationships that this
 // PersistentVolume has with other objects, based on what was referenced in its
 // manifest.