From 3c7d8ac8b212833c866dd93f6dc1be3ac465e2ab Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sat, 21 Dec 2024 11:20:48 +0000 Subject: [PATCH 1/3] Improving the way we fetch the api server address Signed-off-by: Amit Schendel --- pkg/objectcache/k8scache/k8scache.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkg/objectcache/k8scache/k8scache.go b/pkg/objectcache/k8scache/k8scache.go index c79f9609..51d6d597 100644 --- a/pkg/objectcache/k8scache/k8scache.go +++ b/pkg/objectcache/k8scache/k8scache.go @@ -2,6 +2,8 @@ package k8scache import ( "context" + "fmt" + "os" "github.com/kubescape/node-agent/pkg/k8sclient" "github.com/kubescape/node-agent/pkg/objectcache" @@ -104,12 +106,11 @@ func (k *K8sObjectCacheImpl) WatchResources() []watcher.WatchResource { } func (k *K8sObjectCacheImpl) setApiServerIpAddress() error { - apiAddress, err := k.k8sClient.GetKubernetesClient().CoreV1().Services("default").Get(context.Background(), "kubernetes", metav1.GetOptions{}) - if err != nil { - return err + host := os.Getenv("KUBERNETES_SERVICE_HOST") + if host == "" { + return fmt.Errorf("KUBERNETES_SERVICE_HOST environment variable not set") } - // TODO: is this the correct approach? - k.apiServerIpAddress = apiAddress.Spec.ClusterIP + k.apiServerIpAddress = host return nil } From 8eb309ca0e489fec74f6bb372cdb01fd3572fbdf Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sat, 21 Dec 2024 11:26:46 +0000 Subject: [PATCH 2/3] Removing non k8s clients Signed-off-by: Amit Schendel --- .../v1/r0007_kubernetes_client_executed.go | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go index 4d3af669..c4f3a280 100644 --- a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go +++ b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go @@ -26,22 +26,6 @@ const ( var kubernetesClients = []string{ "kubectl", - "kubeadm", - "kubelet", - "kube-proxy", - "kube-apiserver", - "kube-controller-manager", - "kube-scheduler", - "crictl", - "docker", - "containerd", - "runc", - "ctr", - "containerd-shim", - "containerd-shim-runc-v2", - "containerd-shim-runc-v1", - "containerd-shim-runc-v0", - "containerd-shim-runc", } var R0007KubernetesClientExecutedDescriptor = ruleengine.RuleDescriptor{ From 18ece83a722ca09542eacbe2c61705c4a016f4c1 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Sat, 21 Dec 2024 11:45:00 +0000 Subject: [PATCH 3/3] Fixing test Signed-off-by: Amit Schendel --- pkg/objectcache/k8scache/k8scache_test.go | 36 ++++++++--------------- 1 file changed, 12 insertions(+), 24 deletions(-) diff --git a/pkg/objectcache/k8scache/k8scache_test.go b/pkg/objectcache/k8scache/k8scache_test.go index bcc48d2f..25012263 100644 --- a/pkg/objectcache/k8scache/k8scache_test.go +++ b/pkg/objectcache/k8scache/k8scache_test.go @@ -182,51 +182,39 @@ func TestK8sObjectCacheImpl_GetApiServerIpAddress(t *testing.T) { } func TestK8sObjectCacheImpl_setApiServerIpAddress(t *testing.T) { - tests := []struct { name string + envValue string apiServerIpAddress string - service corev1.Service wantErr bool }{ { - name: "Test with valid service", - service: corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: "kubernetes", - Namespace: "default", - }, - Spec: corev1.ServiceSpec{ - ClusterIP: "63.56.12.45", - }, - }, - apiServerIpAddress: "63.56.12.45", + name: "Test with environment variable set", + envValue: "10.0.0.1", + apiServerIpAddress: "10.0.0.1", wantErr: false, }, { - name: "Test with valid service", - service: corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ - Name: "kubernetes", - Namespace: "blabla", - }, - Spec: corev1.ServiceSpec{ - ClusterIP: "63.56.12.45", - }, - }, + name: "Test with no environment variable", + envValue: "", apiServerIpAddress: "", wantErr: true, }, } + for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + // Setup environment for test + t.Setenv("KUBERNETES_SERVICE_HOST", tt.envValue) + k := &K8sObjectCacheImpl{ k8sClient: k8sinterface.NewKubernetesApiMock(), } - k.k8sClient.GetKubernetesClient().CoreV1().Services(tt.service.GetNamespace()).Create(context.Background(), &tt.service, metav1.CreateOptions{}) + if err := k.setApiServerIpAddress(); (err != nil) != tt.wantErr { t.Errorf("K8sObjectCacheImpl.setApiServerIpAddress() error = %v, wantErr %v", err, tt.wantErr) } + assert.Equal(t, tt.apiServerIpAddress, k.GetApiServerIpAddress()) }) }