use pod-name:pod-ip as node identity for kubearmor daemon

to avoid the case, if kubearmor pod recreated for any reason and
pod deletion event received after pod added event then node will be
removed from current list of nodes/kubearmor-pods if node id is created
using node ip only.

Signed-off-by: rksharma95 <ramakant@accuknox.com>

Author: rksharma95

relay-server/go.mod

@@ -13,7 +13,6 @@ require (
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/dustin/go-humanize v1.0.1
 	github.com/elastic/go-elasticsearch/v7 v7.17.10
-	github.com/golang/protobuf v1.5.4
 	github.com/google/uuid v1.6.0
 	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20240412061210-e4422dd02342
 	github.com/kubearmor/KubeArmor/protobuf v0.0.0-20240315075053-fee50c9428b9
@@ -35,6 +34,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect

relay-server/server/k8sHandler.go

@@ -264,7 +264,8 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if pod.Status.PodIP != "" {
-				ipsChan <- pod.Status.PodIP
+				// generate id <pod-name>:<pod-ip>
+				ipsChan <- generateID(pod.Name, pod.Status.PodIP)
 			}
 		},
 		UpdateFunc: func(old, new interface{}) {
@@ -279,8 +280,10 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if newPod.Status.PodIP != "" && newPod.Status.PodIP != oldPod.Status.PodIP {
-				ipsChan <- newPod.Status.PodIP
-				DeleteClientEntry(oldPod.Status.PodIP)
+				if oldPod.Status.PodIP != "" {
+					DeleteClientEntry(generateID(oldPod.Name, oldPod.Status.PodIP))
+				}
+				ipsChan <- generateID(newPod.Name, newPod.Status.PodIP)
 			}
 		},
 		DeleteFunc: func(obj interface{}) {
@@ -290,7 +293,7 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if pod.Status.PodIP != "" {
-				DeleteClientEntry(pod.Status.PodIP)
+				DeleteClientEntry(generateID(pod.Name, pod.Status.PodIP))
 			}
 		},
 	})
@@ -310,7 +313,23 @@ func (kh *K8sHandler) findExistingKaPodsIp(ctx context.Context, ipsChan chan str
 
 	for _, pod := range pods.Items {
 		if pod.Status.PodIP != "" {
-			ipsChan <- pod.Status.PodIP
+			ipsChan <- generateID(pod.Name, pod.Status.PodIP)
 		}
 	}
 }
+
+// ===========
+// == utils ==
+// ===========
+
+func generateID(podName, podIP string) string {
+	return fmt.Sprintf("%s:%s", podName, podIP)
+}
+
+func extractIP(podID string) (string, error) {
+	id := strings.Split(podID, ":")
+	if len(id) != 2 {
+		return "", fmt.Errorf("invalid ID format: %s", podID)
+	}
+	return id[1], nil
+}

relay-server/server/relayServer.go

@@ -712,14 +712,18 @@ func DeleteClientEntry(nodeIP string) {
 // == KubeArmor == //
 // =============== //
 
-func connectToKubeArmor(nodeIP, port string) error {
+func connectToKubeArmor(nodeID, port string) error {
 
+	nodeIP, err := extractIP(nodeID)
+	if err != nil {
+		return err
+	}
 	// create connection info
 	server := nodeIP + ":" + port
 
 	for Running {
 		ClientListLock.RLock()
-		_, found := ClientList[nodeIP]
+		_, found := ClientList[nodeID]
 		ClientListLock.RUnlock()
 		if !found {
 			// KubeArmor with this IP is deleted or the IP has changed