Merge pull request #444 from kubescape/feature/improve-api-addresss

Improving the way we fetch the api server address
kubescape · Dec 22, 2024 · 8ba0c61 · 8ba0c61
2 parents 30c92c0 + 18ece83
commit 8ba0c61
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 45 deletions.
diff --git a/pkg/objectcache/k8scache/k8scache.go b/pkg/objectcache/k8scache/k8scache.go
@@ -2,6 +2,8 @@ package k8scache
 
 import (
 	"context"
+	"fmt"
+	"os"
 
 	"github.com/kubescape/node-agent/pkg/k8sclient"
 	"github.com/kubescape/node-agent/pkg/objectcache"
@@ -104,12 +106,11 @@ func (k *K8sObjectCacheImpl) WatchResources() []watcher.WatchResource {
 }
 
 func (k *K8sObjectCacheImpl) setApiServerIpAddress() error {
-	apiAddress, err := k.k8sClient.GetKubernetesClient().CoreV1().Services("default").Get(context.Background(), "kubernetes", metav1.GetOptions{})
-	if err != nil {
-		return err
+	host := os.Getenv("KUBERNETES_SERVICE_HOST")
+	if host == "" {
+		return fmt.Errorf("KUBERNETES_SERVICE_HOST environment variable not set")
 	}
-	// TODO: is this the correct approach?
-	k.apiServerIpAddress = apiAddress.Spec.ClusterIP
+	k.apiServerIpAddress = host
 	return nil
 }
 

diff --git a/pkg/objectcache/k8scache/k8scache_test.go b/pkg/objectcache/k8scache/k8scache_test.go
@@ -182,51 +182,39 @@ func TestK8sObjectCacheImpl_GetApiServerIpAddress(t *testing.T) {
 }
 
 func TestK8sObjectCacheImpl_setApiServerIpAddress(t *testing.T) {
-
 	tests := []struct {
 		name               string
+		envValue           string
 		apiServerIpAddress string
-		service            corev1.Service
 		wantErr            bool
 	}{
 		{
-			name: "Test with valid service",
-			service: corev1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "kubernetes",
-					Namespace: "default",
-				},
-				Spec: corev1.ServiceSpec{
-					ClusterIP: "63.56.12.45",
-				},
-			},
-			apiServerIpAddress: "63.56.12.45",
+			name:               "Test with environment variable set",
+			envValue:           "10.0.0.1",
+			apiServerIpAddress: "10.0.0.1",
 			wantErr:            false,
 		},
 		{
-			name: "Test with valid service",
-			service: corev1.Service{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "kubernetes",
-					Namespace: "blabla",
-				},
-				Spec: corev1.ServiceSpec{
-					ClusterIP: "63.56.12.45",
-				},
-			},
+			name:               "Test with no environment variable",
+			envValue:           "",
 			apiServerIpAddress: "",
 			wantErr:            true,
 		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			// Setup environment for test
+			t.Setenv("KUBERNETES_SERVICE_HOST", tt.envValue)
+
 			k := &K8sObjectCacheImpl{
 				k8sClient: k8sinterface.NewKubernetesApiMock(),
 			}
-			k.k8sClient.GetKubernetesClient().CoreV1().Services(tt.service.GetNamespace()).Create(context.Background(), &tt.service, metav1.CreateOptions{})
+
 			if err := k.setApiServerIpAddress(); (err != nil) != tt.wantErr {
 				t.Errorf("K8sObjectCacheImpl.setApiServerIpAddress() error = %v, wantErr %v", err, tt.wantErr)
 			}
+
 			assert.Equal(t, tt.apiServerIpAddress, k.GetApiServerIpAddress())
 		})
 	}

diff --git a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go
@@ -26,22 +26,6 @@ const (
 
 var kubernetesClients = []string{
 	"kubectl",
-	"kubeadm",
-	"kubelet",
-	"kube-proxy",
-	"kube-apiserver",
-	"kube-controller-manager",
-	"kube-scheduler",
-	"crictl",
-	"docker",
-	"containerd",
-	"runc",
-	"ctr",
-	"containerd-shim",
-	"containerd-shim-runc-v2",
-	"containerd-shim-runc-v1",
-	"containerd-shim-runc-v0",
-	"containerd-shim-runc",
 }
 
 var R0007KubernetesClientExecutedDescriptor = ruleengine.RuleDescriptor{