Merge pull request #330 from kubescape/cronjob

bump k8s-interface for cronjob CRD renaming

build/Dockerfile

@@ -9,7 +9,7 @@ RUN --mount=target=. \
     --mount=type=cache,target=/go/pkg \
     GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/node-agent .
 
-FROM gcr.io/distroless/static-debian11:latest
+FROM gcr.io/distroless/static-debian11:debug
 
 COPY --from=builder /out/node-agent /usr/bin/node-agent
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/kubescape/node-agent
 
-go 1.22.3
+go 1.22.5
 
 require (
 	github.com/armosec/armoapi-go v0.0.425
@@ -21,7 +21,7 @@ require (
 	github.com/kinbiko/jsonassert v1.1.1
 	github.com/kubescape/backend v0.0.20
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.166
+	github.com/kubescape/k8s-interface v0.0.170
 	github.com/kubescape/storage v0.0.89
 	github.com/panjf2000/ants/v2 v2.9.1
 	github.com/prometheus/alertmanager v0.27.0
@@ -232,6 +232,7 @@ require (
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/apiextensions-apiserver v0.30.2 // indirect
 	k8s.io/apiserver v0.30.2 // indirect
 	k8s.io/cli-runtime v0.30.2 // indirect
 	k8s.io/component-base v0.30.2 // indirect

go.sum

@@ -541,8 +541,8 @@ github.com/kubescape/backend v0.0.20 h1:E3nZGqWW8ELSh/n3ZRitlkmuZq33Lyx/42Lm4gpg
 github.com/kubescape/backend v0.0.20/go.mod h1:FpazfN+c3Ucuvv4jZYCnk99moSBRNMVIxl5aWCZAEBo=
 github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE=
 github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g=
-github.com/kubescape/k8s-interface v0.0.166 h1:n9rG8vUvHw7UMh+/PZHadfK4Mcj++WAaj+rvNc8kbJY=
-github.com/kubescape/k8s-interface v0.0.166/go.mod h1:oF+Yxug3Kpfu9Yr2j63wy7gwswrKXpiqI0mLk/7gF/s=
+github.com/kubescape/k8s-interface v0.0.170 h1:EtzomWoeeIWDz7QrAEsqUDpLHQwoh2m3tZITfrE/tiE=
+github.com/kubescape/k8s-interface v0.0.170/go.mod h1:VoEoHI4Va08NiGAkYzbITF50aFMT5y4fPHRb4x2LtME=
 github.com/kubescape/storage v0.0.89 h1:kYjaYqKndm3C/15MB1J4hgdmA4vbV4zCMWox2ga8O3M=
 github.com/kubescape/storage v0.0.89/go.mod h1:eLCQ7JKpR6JRjtENnN3JduvRLMOyJFtBihfdVC+1hLA=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
@@ -1398,6 +1398,8 @@ istio.io/pkg v0.0.0-20231221211216-7635388a563e h1:ZlLVbKDlCzfP0MPbWc6VRcY23d9Nd
 istio.io/pkg v0.0.0-20231221211216-7635388a563e/go.mod h1:fvmqEdHhZjYYwf6dSiIwvwc7db54kMWVTfsb91KmhzY=
 k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI=
 k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI=
+k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE=
+k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw=
 k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg=
 k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw=

main.go

@@ -121,7 +121,7 @@ func main() {
 
 	nodeName := os.Getenv(config.NodeNameEnvVar)
 	// Create watchers
-	dWatcher := dynamicwatcher.NewWatchHandler(k8sClient, cfg)
+	dWatcher := dynamicwatcher.NewWatchHandler(k8sClient, cfg.SkipNamespace)
 	// create k8sObject cache
 	k8sObjectCache, err := k8scache.NewK8sObjectCache(nodeName, k8sClient)
 	if err != nil {

pkg/applicationprofilemanager/v1/applicationprofile_manager.go

@@ -17,7 +17,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
-	"github.com/kubescape/k8s-interface/names"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/node-agent/pkg/applicationprofilemanager"
 	"github.com/kubescape/node-agent/pkg/config"
@@ -221,7 +220,7 @@ func (am *ApplicationProfileManager) saveProfile(ctx context.Context, watchedCon
 	}
 
 	// leave container name empty this way the "slug" will represent a workload
-	slug, err := names.InstanceIDToSlug(watchedContainer.InstanceID.GetName(), watchedContainer.InstanceID.GetKind(), "", watchedContainer.InstanceID.GetHashed())
+	slug, err := watchedContainer.InstanceID.GetSlug(true)
 	if err != nil {
 		logger.L().Ctx(ctx).Error("ApplicationProfileManager - failed to get slug", helpers.Error(err),
 			helpers.String("slug", slug),

pkg/networkmanager/v2/network_manager.go

@@ -32,7 +32,6 @@ import (
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
-	"github.com/kubescape/k8s-interface/names"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	storageUtils "github.com/kubescape/storage/pkg/utils"
@@ -239,7 +238,7 @@ func (nm *NetworkManager) saveNetworkEvents(ctx context.Context, watchedContaine
 	}
 
 	// leave container name empty this way the "slug" will represent a workload
-	slug, err := names.InstanceIDToSlug(watchedContainer.InstanceID.GetName(), watchedContainer.InstanceID.GetKind(), "", watchedContainer.InstanceID.GetHashed())
+	slug, err := watchedContainer.InstanceID.GetSlug(true)
 	if err != nil {
 		logger.L().Ctx(ctx).Error("NetworkManager - failed to get slug", helpers.Error(err),
 			helpers.String("slug", slug),

pkg/objectcache/applicationprofilecache/applicationprofilecache.go

@@ -10,7 +10,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
-	"github.com/kubescape/k8s-interface/names"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/node-agent/pkg/k8sclient"
 	"github.com/kubescape/node-agent/pkg/objectcache"
@@ -308,7 +307,7 @@ func getSlug(p *unstructured.Unstructured) (string, error) {
 
 	// a single pod can have multiple instanceIDs (because of the containers), but we only need one
 	instanceID := instanceIDs[0]
-	slug, err := names.InstanceIDToSlug(instanceID.GetName(), instanceID.GetKind(), "", instanceID.GetHashed())
+	slug, err := instanceID.GetSlug(true)
 	if err != nil {
 		return "", fmt.Errorf("failed to get slug")
 	}

pkg/objectcache/networkneighborhoodcache/networkneighborhoodcache.go

@@ -17,7 +17,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
-	"github.com/kubescape/k8s-interface/names"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -310,7 +309,7 @@ func getSlug(p *unstructured.Unstructured) (string, error) {
 
 	// a single pod can have multiple instanceIDs (because of the containers), but we only need one
 	instanceID := instanceIDs[0]
-	slug, err := names.InstanceIDToSlug(instanceID.GetName(), instanceID.GetKind(), "", instanceID.GetHashed())
+	slug, err := instanceID.GetSlug(true)
 	if err != nil {
 		return "", fmt.Errorf("failed to get slug")
 	}

pkg/sbomhandler/syfthandler/syft_handler.go

@@ -61,7 +61,7 @@ func (sc *SyftHandler) FilterSBOM(watchedContainer *utils.WatchedContainerData,
 	}
 
 	if watchedContainer.SBOMSyftFiltered == nil {
-		filteredSBOMKey, err := watchedContainer.InstanceID.GetSlug()
+		filteredSBOMKey, err := watchedContainer.InstanceID.GetSlug(false)
 		if err != nil {
 			return err
 		}

pkg/utils/utils.go

@@ -26,10 +26,8 @@ import (
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/instanceidhandler"
-	"github.com/kubescape/k8s-interface/instanceidhandler/v1/containerinstance"
-	"github.com/kubescape/k8s-interface/instanceidhandler/v1/ephemeralcontainerinstance"
+	instanceidhandlerv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
-	"github.com/kubescape/k8s-interface/instanceidhandler/v1/initcontainerinstance"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
 	v1 "k8s.io/api/core/v1"
@@ -341,13 +339,13 @@ func SetInMap(newExecMap *maps.SafeMap[string, mapset.Set[string]]) func(k strin
 func ToInstanceType(c ContainerType) helpersv1.InstanceType {
 	switch c {
 	case Container:
-		return containerinstance.InstanceType
+		return instanceidhandlerv1.Container
 	case InitContainer:
-		return initcontainerinstance.InstanceType
+		return instanceidhandlerv1.InitContainer
 	case EphemeralContainer:
-		return ephemeralcontainerinstance.InstanceType
+		return instanceidhandlerv1.EphemeralContainer
 	default:
-		return containerinstance.InstanceType
+		return instanceidhandlerv1.Container
 	}
 }
 

pkg/watcher/dynamicwatcher/watch.go

@@ -7,7 +7,6 @@ import (
 	"os"
 	"time"
 
-	"github.com/kubescape/node-agent/pkg/config"
 	"github.com/kubescape/node-agent/pkg/k8sclient"
 	"github.com/kubescape/node-agent/pkg/watcher"
 	"github.com/kubescape/node-agent/pkg/watcher/cooldownqueue"
@@ -34,22 +33,24 @@ type resourceVersionGetter interface {
 	GetResourceVersion() string
 }
 
+type SkipNamespaceFunc func(string) bool
+
 type WatchHandler struct {
-	k8sClient   k8sclient.K8sClientInterface
-	resources   map[string]watcher.WatchResource
-	eventQueues map[string]*cooldownqueue.CooldownQueue
-	handlers    []watcher.Watcher
-	cfg         config.Config
+	k8sClient         k8sclient.K8sClientInterface
+	resources         map[string]watcher.WatchResource
+	eventQueues       map[string]*cooldownqueue.CooldownQueue
+	handlers          []watcher.Watcher
+	skipNamespaceFunc SkipNamespaceFunc
 }
 
 var errWatchClosed = errors.New("watch channel closed")
 
-func NewWatchHandler(k8sClient k8sclient.K8sClientInterface, cfg config.Config) *WatchHandler {
+func NewWatchHandler(k8sClient k8sclient.K8sClientInterface, skipNamespaceFunc SkipNamespaceFunc) *WatchHandler {
 	return &WatchHandler{
-		k8sClient:   k8sClient,
-		resources:   make(map[string]watcher.WatchResource),
-		eventQueues: make(map[string]*cooldownqueue.CooldownQueue),
-		cfg:         cfg,
+		k8sClient:         k8sClient,
+		resources:         make(map[string]watcher.WatchResource),
+		eventQueues:       make(map[string]*cooldownqueue.CooldownQueue),
+		skipNamespaceFunc: skipNamespaceFunc,
 	}
 }
 
@@ -158,7 +159,7 @@ func (wh *WatchHandler) watchRetry(ctx context.Context, res schema.GroupVersionR
 				return fmt.Errorf("watch error: %s", event.Object)
 			}
 			pod := event.Object.(*unstructured.Unstructured)
-			if wh.cfg.SkipNamespace(pod.GetNamespace()) {
+			if wh.skipNamespaceFunc(pod.GetNamespace()) {
 				continue
 			}
 			eventQueue.Enqueue(event)
@@ -187,7 +188,7 @@ func (wh *WatchHandler) getExistingStorageObjects(ctx context.Context, res schem
 	if err := list.EachListItem(context.Background(), watchOpts, func(obj runtime.Object) error {
 		pod := obj.(*unstructured.Unstructured)
 		resourceVersion = pod.GetResourceVersion()
-		if wh.cfg.SkipNamespace(pod.GetNamespace()) {
+		if wh.skipNamespaceFunc(pod.GetNamespace()) {
 			return nil
 		}
 		for _, handler := range wh.handlers {

pkg/watcher/dynamicwatcher/watch_test.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	"github.com/kubescape/node-agent/mocks"
-	"github.com/kubescape/node-agent/pkg/config"
 	"github.com/kubescape/node-agent/pkg/watcher"
 
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
@@ -75,7 +74,9 @@ func startTest(t *testing.T, tc testObj) {
 	k8sClient := k8sinterface.NewKubernetesApiMock()
 	k8sClient.DynamicClient = dynamicfake.NewSimpleDynamicClient(scheme.Scheme, tc.preCreatedObjects...)
 
-	wh := NewWatchHandler(k8sClient, config.Config{})
+	wh := NewWatchHandler(k8sClient, func(s string) bool {
+		return false
+	})
 
 	wh.AddAdaptor(a)