diff --git a/build/Dockerfile b/build/Dockerfile index 33bd4481..ed1b2bfb 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -9,7 +9,7 @@ RUN --mount=target=. \ --mount=type=cache,target=/go/pkg \ GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/node-agent . -FROM gcr.io/distroless/static-debian11:latest +FROM gcr.io/distroless/static-debian11:debug COPY --from=builder /out/node-agent /usr/bin/node-agent diff --git a/go.mod b/go.mod index 96fdbe68..cb2919f8 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/kubescape/node-agent -go 1.22.3 +go 1.22.5 require ( github.com/armosec/armoapi-go v0.0.425 @@ -21,7 +21,7 @@ require ( github.com/kinbiko/jsonassert v1.1.1 github.com/kubescape/backend v0.0.20 github.com/kubescape/go-logger v0.0.22 - github.com/kubescape/k8s-interface v0.0.166 + github.com/kubescape/k8s-interface v0.0.170 github.com/kubescape/storage v0.0.89 github.com/panjf2000/ants/v2 v2.9.1 github.com/prometheus/alertmanager v0.27.0 @@ -232,6 +232,7 @@ require ( gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiextensions-apiserver v0.30.2 // indirect k8s.io/apiserver v0.30.2 // indirect k8s.io/cli-runtime v0.30.2 // indirect k8s.io/component-base v0.30.2 // indirect diff --git a/go.sum b/go.sum index 748bc339..1aa4216c 100644 --- a/go.sum +++ b/go.sum @@ -541,8 +541,8 @@ github.com/kubescape/backend v0.0.20 h1:E3nZGqWW8ELSh/n3ZRitlkmuZq33Lyx/42Lm4gpg github.com/kubescape/backend v0.0.20/go.mod h1:FpazfN+c3Ucuvv4jZYCnk99moSBRNMVIxl5aWCZAEBo= github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE= github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g= -github.com/kubescape/k8s-interface v0.0.166 h1:n9rG8vUvHw7UMh+/PZHadfK4Mcj++WAaj+rvNc8kbJY= -github.com/kubescape/k8s-interface v0.0.166/go.mod h1:oF+Yxug3Kpfu9Yr2j63wy7gwswrKXpiqI0mLk/7gF/s= +github.com/kubescape/k8s-interface v0.0.170 h1:EtzomWoeeIWDz7QrAEsqUDpLHQwoh2m3tZITfrE/tiE= +github.com/kubescape/k8s-interface v0.0.170/go.mod h1:VoEoHI4Va08NiGAkYzbITF50aFMT5y4fPHRb4x2LtME= github.com/kubescape/storage v0.0.89 h1:kYjaYqKndm3C/15MB1J4hgdmA4vbV4zCMWox2ga8O3M= github.com/kubescape/storage v0.0.89/go.mod h1:eLCQ7JKpR6JRjtENnN3JduvRLMOyJFtBihfdVC+1hLA= github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs= @@ -1398,6 +1398,8 @@ istio.io/pkg v0.0.0-20231221211216-7635388a563e h1:ZlLVbKDlCzfP0MPbWc6VRcY23d9Nd istio.io/pkg v0.0.0-20231221211216-7635388a563e/go.mod h1:fvmqEdHhZjYYwf6dSiIwvwc7db54kMWVTfsb91KmhzY= k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= +k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= diff --git a/main.go b/main.go index fb39562a..ba247bc2 100644 --- a/main.go +++ b/main.go @@ -121,7 +121,7 @@ func main() { nodeName := os.Getenv(config.NodeNameEnvVar) // Create watchers - dWatcher := dynamicwatcher.NewWatchHandler(k8sClient, cfg) + dWatcher := dynamicwatcher.NewWatchHandler(k8sClient, cfg.SkipNamespace) // create k8sObject cache k8sObjectCache, err := k8scache.NewK8sObjectCache(nodeName, k8sClient) if err != nil { diff --git a/pkg/applicationprofilemanager/v1/applicationprofile_manager.go b/pkg/applicationprofilemanager/v1/applicationprofile_manager.go index 4eb117a0..7b6fdfe8 100644 --- a/pkg/applicationprofilemanager/v1/applicationprofile_manager.go +++ b/pkg/applicationprofilemanager/v1/applicationprofile_manager.go @@ -17,7 +17,6 @@ import ( "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/k8s-interface/names" "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/node-agent/pkg/applicationprofilemanager" "github.com/kubescape/node-agent/pkg/config" @@ -221,7 +220,7 @@ func (am *ApplicationProfileManager) saveProfile(ctx context.Context, watchedCon } // leave container name empty this way the "slug" will represent a workload - slug, err := names.InstanceIDToSlug(watchedContainer.InstanceID.GetName(), watchedContainer.InstanceID.GetKind(), "", watchedContainer.InstanceID.GetHashed()) + slug, err := watchedContainer.InstanceID.GetSlug(true) if err != nil { logger.L().Ctx(ctx).Error("ApplicationProfileManager - failed to get slug", helpers.Error(err), helpers.String("slug", slug), diff --git a/pkg/networkmanager/v2/network_manager.go b/pkg/networkmanager/v2/network_manager.go index ec2b2123..4cfa971c 100644 --- a/pkg/networkmanager/v2/network_manager.go +++ b/pkg/networkmanager/v2/network_manager.go @@ -32,7 +32,6 @@ import ( "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1" - "github.com/kubescape/k8s-interface/names" "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" storageUtils "github.com/kubescape/storage/pkg/utils" @@ -239,7 +238,7 @@ func (nm *NetworkManager) saveNetworkEvents(ctx context.Context, watchedContaine } // leave container name empty this way the "slug" will represent a workload - slug, err := names.InstanceIDToSlug(watchedContainer.InstanceID.GetName(), watchedContainer.InstanceID.GetKind(), "", watchedContainer.InstanceID.GetHashed()) + slug, err := watchedContainer.InstanceID.GetSlug(true) if err != nil { logger.L().Ctx(ctx).Error("NetworkManager - failed to get slug", helpers.Error(err), helpers.String("slug", slug), diff --git a/pkg/objectcache/applicationprofilecache/applicationprofilecache.go b/pkg/objectcache/applicationprofilecache/applicationprofilecache.go index a1cf3bde..93b77511 100644 --- a/pkg/objectcache/applicationprofilecache/applicationprofilecache.go +++ b/pkg/objectcache/applicationprofilecache/applicationprofilecache.go @@ -10,7 +10,6 @@ import ( "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/k8s-interface/names" "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/node-agent/pkg/k8sclient" "github.com/kubescape/node-agent/pkg/objectcache" @@ -308,7 +307,7 @@ func getSlug(p *unstructured.Unstructured) (string, error) { // a single pod can have multiple instanceIDs (because of the containers), but we only need one instanceID := instanceIDs[0] - slug, err := names.InstanceIDToSlug(instanceID.GetName(), instanceID.GetKind(), "", instanceID.GetHashed()) + slug, err := instanceID.GetSlug(true) if err != nil { return "", fmt.Errorf("failed to get slug") } diff --git a/pkg/objectcache/networkneighborhoodcache/networkneighborhoodcache.go b/pkg/objectcache/networkneighborhoodcache/networkneighborhoodcache.go index 70f794a9..a63797f5 100644 --- a/pkg/objectcache/networkneighborhoodcache/networkneighborhoodcache.go +++ b/pkg/objectcache/networkneighborhoodcache/networkneighborhoodcache.go @@ -17,7 +17,6 @@ import ( "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler/v1" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/k8s-interface/names" "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -310,7 +309,7 @@ func getSlug(p *unstructured.Unstructured) (string, error) { // a single pod can have multiple instanceIDs (because of the containers), but we only need one instanceID := instanceIDs[0] - slug, err := names.InstanceIDToSlug(instanceID.GetName(), instanceID.GetKind(), "", instanceID.GetHashed()) + slug, err := instanceID.GetSlug(true) if err != nil { return "", fmt.Errorf("failed to get slug") } diff --git a/pkg/sbomhandler/syfthandler/syft_handler.go b/pkg/sbomhandler/syfthandler/syft_handler.go index ecdd9caa..55b33a60 100644 --- a/pkg/sbomhandler/syfthandler/syft_handler.go +++ b/pkg/sbomhandler/syfthandler/syft_handler.go @@ -61,7 +61,7 @@ func (sc *SyftHandler) FilterSBOM(watchedContainer *utils.WatchedContainerData, } if watchedContainer.SBOMSyftFiltered == nil { - filteredSBOMKey, err := watchedContainer.InstanceID.GetSlug() + filteredSBOMKey, err := watchedContainer.InstanceID.GetSlug(false) if err != nil { return err } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index ac73b4f9..64dbbcf4 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -26,10 +26,8 @@ import ( "github.com/kubescape/go-logger" "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/instanceidhandler" - "github.com/kubescape/k8s-interface/instanceidhandler/v1/containerinstance" - "github.com/kubescape/k8s-interface/instanceidhandler/v1/ephemeralcontainerinstance" + instanceidhandlerv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1" helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers" - "github.com/kubescape/k8s-interface/instanceidhandler/v1/initcontainerinstance" "github.com/kubescape/k8s-interface/workloadinterface" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" v1 "k8s.io/api/core/v1" @@ -341,13 +339,13 @@ func SetInMap(newExecMap *maps.SafeMap[string, mapset.Set[string]]) func(k strin func ToInstanceType(c ContainerType) helpersv1.InstanceType { switch c { case Container: - return containerinstance.InstanceType + return instanceidhandlerv1.Container case InitContainer: - return initcontainerinstance.InstanceType + return instanceidhandlerv1.InitContainer case EphemeralContainer: - return ephemeralcontainerinstance.InstanceType + return instanceidhandlerv1.EphemeralContainer default: - return containerinstance.InstanceType + return instanceidhandlerv1.Container } } diff --git a/pkg/watcher/dynamicwatcher/watch.go b/pkg/watcher/dynamicwatcher/watch.go index 44ce71e4..aabf98f9 100644 --- a/pkg/watcher/dynamicwatcher/watch.go +++ b/pkg/watcher/dynamicwatcher/watch.go @@ -7,7 +7,6 @@ import ( "os" "time" - "github.com/kubescape/node-agent/pkg/config" "github.com/kubescape/node-agent/pkg/k8sclient" "github.com/kubescape/node-agent/pkg/watcher" "github.com/kubescape/node-agent/pkg/watcher/cooldownqueue" @@ -34,22 +33,24 @@ type resourceVersionGetter interface { GetResourceVersion() string } +type SkipNamespaceFunc func(string) bool + type WatchHandler struct { - k8sClient k8sclient.K8sClientInterface - resources map[string]watcher.WatchResource - eventQueues map[string]*cooldownqueue.CooldownQueue - handlers []watcher.Watcher - cfg config.Config + k8sClient k8sclient.K8sClientInterface + resources map[string]watcher.WatchResource + eventQueues map[string]*cooldownqueue.CooldownQueue + handlers []watcher.Watcher + skipNamespaceFunc SkipNamespaceFunc } var errWatchClosed = errors.New("watch channel closed") -func NewWatchHandler(k8sClient k8sclient.K8sClientInterface, cfg config.Config) *WatchHandler { +func NewWatchHandler(k8sClient k8sclient.K8sClientInterface, skipNamespaceFunc SkipNamespaceFunc) *WatchHandler { return &WatchHandler{ - k8sClient: k8sClient, - resources: make(map[string]watcher.WatchResource), - eventQueues: make(map[string]*cooldownqueue.CooldownQueue), - cfg: cfg, + k8sClient: k8sClient, + resources: make(map[string]watcher.WatchResource), + eventQueues: make(map[string]*cooldownqueue.CooldownQueue), + skipNamespaceFunc: skipNamespaceFunc, } } @@ -158,7 +159,7 @@ func (wh *WatchHandler) watchRetry(ctx context.Context, res schema.GroupVersionR return fmt.Errorf("watch error: %s", event.Object) } pod := event.Object.(*unstructured.Unstructured) - if wh.cfg.SkipNamespace(pod.GetNamespace()) { + if wh.skipNamespaceFunc(pod.GetNamespace()) { continue } eventQueue.Enqueue(event) @@ -187,7 +188,7 @@ func (wh *WatchHandler) getExistingStorageObjects(ctx context.Context, res schem if err := list.EachListItem(context.Background(), watchOpts, func(obj runtime.Object) error { pod := obj.(*unstructured.Unstructured) resourceVersion = pod.GetResourceVersion() - if wh.cfg.SkipNamespace(pod.GetNamespace()) { + if wh.skipNamespaceFunc(pod.GetNamespace()) { return nil } for _, handler := range wh.handlers { diff --git a/pkg/watcher/dynamicwatcher/watch_test.go b/pkg/watcher/dynamicwatcher/watch_test.go index 42f338f0..4754216f 100644 --- a/pkg/watcher/dynamicwatcher/watch_test.go +++ b/pkg/watcher/dynamicwatcher/watch_test.go @@ -7,7 +7,6 @@ import ( "time" "github.com/kubescape/node-agent/mocks" - "github.com/kubescape/node-agent/pkg/config" "github.com/kubescape/node-agent/pkg/watcher" "github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1" @@ -75,7 +74,9 @@ func startTest(t *testing.T, tc testObj) { k8sClient := k8sinterface.NewKubernetesApiMock() k8sClient.DynamicClient = dynamicfake.NewSimpleDynamicClient(scheme.Scheme, tc.preCreatedObjects...) - wh := NewWatchHandler(k8sClient, config.Config{}) + wh := NewWatchHandler(k8sClient, func(s string) bool { + return false + }) wh.AddAdaptor(a)