Skip to content

Commit

Permalink
Merge pull request #257 from kubescape/networkmanagerv2
Browse files Browse the repository at this point in the history
Change default MaxAlertsPerMinute
  • Loading branch information
David Wertenteil authored Apr 15, 2024
2 parents 35df577 + 8a5ed19 commit f4e099f
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 2 deletions.
2 changes: 1 addition & 1 deletion pkg/exporters/http_exporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func (config *HTTPExporterConfig) Validate() error {
config.TimeoutSeconds = 5
}
if config.MaxAlertsPerMinute == 0 {
config.MaxAlertsPerMinute = 10000
config.MaxAlertsPerMinute = 100
}
if config.Headers == nil {
config.Headers = make(map[string]string)
Expand Down
2 changes: 1 addition & 1 deletion pkg/exporters/http_exporter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,7 @@ func TestValidateHTTPExporterConfig(t *testing.T) {
assert.NoError(t, err)
assert.Equal(t, "POST", exp.config.Method)
assert.Equal(t, 5, exp.config.TimeoutSeconds)
assert.Equal(t, 10000, exp.config.MaxAlertsPerMinute)
assert.Equal(t, 100, exp.config.MaxAlertsPerMinute)
assert.Equal(t, map[string]string{}, exp.config.Headers)
assert.Equal(t, "cluster", exp.ClusterName)
assert.Equal(t, "node", exp.NodeName)
Expand Down
4 changes: 4 additions & 0 deletions pkg/rulebindingmanager/cache/cache.go
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,10 @@ func (c *RBCache) addPod(ctx context.Context, pod *corev1.Pod) {
}

for _, rb := range c.rbNameToRB.Values() {
if rb.GetNamespace() != "" && rb.GetNamespace() != pod.GetNamespace() {
// rule binding is not in the same namespace as the pod
continue
}
rbName := rbUniqueName(&rb)

// check pod selectors
Expand Down
61 changes: 61 additions & 0 deletions pkg/rulebindingmanager/cache/cache_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -937,6 +937,67 @@ func TestAddRuleBinding(t *testing.T) {
"other/nginx-77b4fdf86c-hp4x5",
},
},
{
name: "Add namespaced roleBinding",
rb: &typesv1.RuntimeAlertRuleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: "rb1",
Namespace: "other",
},
Spec: typesv1.RuntimeAlertRuleBindingSpec{
NamespaceSelector: metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "app",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"other"},
},
},
},
Rules: []typesv1.RuntimeAlertRuleBindingRule{
{
RuleID: "R0001",
},
{
RuleID: "R0002",
},
},
},
},
expectedNotifiedPods: []string{
"other/collection-94c495554-z8s5k",
"other/nginx-77b4fdf86c-hp4x5",
},
},
{
name: "Add namespaced roleBinding without pods",
rb: &typesv1.RuntimeAlertRuleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: "rb1",
Namespace: "blabla",
},
Spec: typesv1.RuntimeAlertRuleBindingSpec{
NamespaceSelector: metav1.LabelSelector{
MatchExpressions: []metav1.LabelSelectorRequirement{
{
Key: "app",
Operator: metav1.LabelSelectorOpIn,
Values: []string{"other"},
},
},
},
Rules: []typesv1.RuntimeAlertRuleBindingRule{
{
RuleID: "R0001",
},
{
RuleID: "R0002",
},
},
},
},
expectedNotifiedPods: []string{},
},
{
name: "Add roleBinding exclude namespace 'other'",
rb: &typesv1.RuntimeAlertRuleBinding{
Expand Down

0 comments on commit f4e099f

Please sign in to comment.