Ignore target hostNetwork pods in the DNS capture flow (#231)

Author: omris94

src/mapper/pkg/resolvers/resolver_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/otterize/network-mapper/src/mapper/pkg/awsintentsholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/dnscache"
 	"github.com/otterize/network-mapper/src/mapper/pkg/externaltrafficholder"
+	"github.com/otterize/network-mapper/src/mapper/pkg/graph/model"
 	"github.com/otterize/network-mapper/src/mapper/pkg/incomingtrafficholder"
 	"github.com/otterize/network-mapper/src/mapper/pkg/intentsstore"
 	"github.com/otterize/network-mapper/src/mapper/pkg/kubefinder"
@@ -1212,6 +1213,27 @@ func (s *ResolverTestSuite) TestIntentsFilterByServer() {
 	s.Require().ElementsMatch(res.Intents, expectedIntents)
 }
 
+func (s *ResolverTestSuite) TestResolveOtterizeIdentityIgnoreHostNetworkPods() {
+	// Setup
+	serviceName := "test-service"
+	serviceIP := "10.0.0.10"
+	podIP := "1.1.1.3"
+
+	pod3 := s.AddPodWithHostNetwork("pod3", podIP, map[string]string{"app": "test"}, nil, true)
+	s.AddService(serviceName, map[string]string{"app": "test"}, serviceIP, []*v1.Pod{pod3})
+	s.Require().True(s.Mgr.GetCache().WaitForCacheSync(context.Background()))
+
+	service := &v1.Service{}
+	err := s.Mgr.GetClient().Get(context.Background(), types.NamespacedName{Name: "svc-" + serviceName, Namespace: s.TestNamespace}, service)
+	s.Require().NoError(err)
+
+	lastSeen := time.Now().Add(time.Minute)
+	_, ok, err := s.resolver.resolveOtterizeIdentityForDestinationAddress(context.Background(), model.Destination{LastSeen: lastSeen, Destination: fmt.Sprintf("%s.%s.svc.cluster.local", service.Name, service.Namespace)})
+	s.Require().False(ok)
+	s.Require().NoError(err)
+
+}
+
 func TestRunSuite(t *testing.T) {
 	suite.Run(t, new(ResolverTestSuite))
 }

src/mapper/pkg/resolvers/schema.helpers.resolvers.go

@@ -283,6 +283,10 @@ func (r *Resolver) resolveOtterizeIdentityForDestinationAddress(ctx context.Cont
 	}
 
 	filteredPods := lo.Filter(pods, func(pod corev1.Pod, _ int) bool {
+		if pod.Spec.HostNetwork {
+			logrus.Debugf("pod %s is in host network, ignoring", pod.Name)
+			return false
+		}
 		lastCreationTimeForUsToTrustIt := dest.LastSeen
 		if lo.IsEmpty(serviceName) {
 			// In this case the DNS was a "pod" DNS - which contains IP - and therefore less reliable.
@@ -593,7 +597,7 @@ func (r *Resolver) handleReportIstioConnectionResults(ctx context.Context, resul
 		}
 		dstPod, err := r.kubeFinder.ResolveIstioWorkloadToPod(ctx, result.DstWorkload, result.DstWorkloadNamespace)
 		if err != nil {
-			logrus.WithError(err).Debugf("Could not resolve workload %s to pod", result.SrcWorkload)
+			logrus.WithError(err).Debugf("Could not resolve workload %s to pod", result.DstWorkload)
 			continue
 		}
 		srcService, err := r.serviceIdResolver.ResolvePodToServiceIdentity(ctx, srcPod)
@@ -615,6 +619,9 @@ func (r *Resolver) handleReportIstioConnectionResults(ctx context.Context, resul
 
 		if dstService.OwnerObject != nil {
 			dstSvcIdentity.PodOwnerKind = model.GroupVersionKindFromKubeGVK(dstService.OwnerObject.GetObjectKind().GroupVersionKind())
+			if result.DstServiceName != "" {
+				dstSvcIdentity.KubernetesService = &result.DstServiceName
+			}
 		}
 
 		intent := model.Intent{

src/shared/testbase/testsuitebase.go

@@ -132,6 +132,47 @@ func (s *ControllerManagerTestSuiteBase) AddPod(name string, podIp string, label
 	return podCopy
 }
 
+func (s *ControllerManagerTestSuiteBase) AddPodWithHostNetwork(name, ip string, labels, annotations map[string]string, hostNetwork bool) *corev1.Pod {
+	pod := &corev1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        name,
+			Namespace:   s.TestNamespace,
+			Labels:      labels,
+			Annotations: annotations,
+		},
+		Spec: corev1.PodSpec{
+			HostNetwork: hostNetwork,
+			Containers: []corev1.Container{
+				{
+					Name:            name,
+					Image:           "nginx",
+					ImagePullPolicy: "Always",
+				},
+			},
+		},
+		Status: corev1.PodStatus{
+			PodIP: ip,
+			PodIPs: []corev1.PodIP{
+				{IP: ip},
+			},
+		},
+	}
+	s.Require().NoError(s.Mgr.GetClient().Create(context.Background(), pod))
+
+	// Prevents race - UpdateStatus can alter the pod.
+	podCopy := pod.DeepCopy()
+	if ip != "" {
+		pod.Status.PodIP = ip
+		pod.Status.PodIPs = []corev1.PodIP{{IP: ip}}
+		pod.Status.Phase = corev1.PodRunning
+		pod.Status.DeepCopyInto(&podCopy.Status)
+		_, err := s.K8sDirectClient.CoreV1().Pods(s.TestNamespace).UpdateStatus(context.Background(), pod, metav1.UpdateOptions{})
+		s.Require().NoError(err)
+	}
+	s.waitForObjectToBeCreated(pod)
+	return pod
+}
+
 func (s *ControllerManagerTestSuiteBase) AddEndpoints(name string, pods []*corev1.Pod, port *int) *corev1.Endpoints {
 	addresses := lo.Map(pods, func(pod *corev1.Pod, _ int) corev1.EndpointAddress {
 		return corev1.EndpointAddress{IP: pod.Status.PodIP, TargetRef: &corev1.ObjectReference{Kind: "Pod", Name: pod.Name, Namespace: pod.Namespace}}