snyk
diff --git a/‎Dockerfile‎
Lines changed: 0 additions & 5 deletions b/‎Dockerfile‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎package-lock.json‎
Lines changed: 6 additions & 96 deletions b/‎package-lock.json‎
Lines changed: 6 additions & 96 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎snyk-monitor/templates/clusterrole.yaml‎
Lines changed: 8 additions & 0 deletions b/‎snyk-monitor/templates/clusterrole.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎snyk-monitor/templates/role.yaml‎
Lines changed: 8 additions & 0 deletions b/‎snyk-monitor/templates/role.yaml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎snyk-operator/deploy/olm-catalog/snyk-operator/0.0.0/snyk-operator.v0.0.0.clusterserviceversion.yaml‎
Lines changed: 6 additions & 0 deletions b/‎snyk-operator/deploy/olm-catalog/snyk-operator/0.0.0/snyk-operator.v0.0.0.clusterserviceversion.yaml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/index.ts‎
Lines changed: 6 additions & 6 deletions b/‎src/index.ts‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎src/supervisor/types.ts‎
Lines changed: 19 additions & 3 deletions b/‎src/supervisor/types.ts‎
Lines changed: 19 additions & 3 deletions
diff --git a/‎src/supervisor/watchers/handlers/deployment-config.ts‎
Lines changed: 32 additions & 0 deletions b/‎src/supervisor/watchers/handlers/deployment-config.ts‎
Lines changed: 32 additions & 0 deletions
@@ -34,9 +34,6 @@ RUN chmod 755 /usr/bin/dumb-init
 RUN groupadd -g 10001 snyk
 RUN useradd -g snyk -d /srv/app -u 10001 snyk
 
-# @kubernetes/[email protected] started using net-keepalive, which requires the following packages to build modules
-RUN yum --disableplugin=subscription-manager install -y make gcc gcc-c++
-
 WORKDIR /srv/app
 
 COPY --chown=snyk:snyk --from=skopeo-build /usr/bin/skopeo /usr/bin/skopeo
@@ -53,8 +50,6 @@ RUN mkdir -p .config
 
 RUN npm install
 
-RUN yum remove -y make gcc gcc-c++
-
 # add the rest of the app files
 ADD --chown=snyk:snyk . .
 
 
@@ -33,7 +33,7 @@
     "lint": "eslint \"src/**/*.ts\" && (cd test && eslint \"**/*.ts\")"
   },
   "dependencies": {
-    "@kubernetes/client-node": "^0.14.2",
+    "@kubernetes/client-node": "^0.14.3",
     "@snyk/dep-graph": "^1.28.0",
     "async": "^3.2.0",
     "aws-sdk": "^2.873.0",
 
@@ -53,6 +53,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - apps.openshift.io
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
 {{- if .Values.psp.enabled }}
 - apiGroups:
   - policy
 
@@ -51,6 +51,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - apps.openshift.io
+  resources:
+  - deploymentconfigs
+  verbs:
+  - get
+  - list
+  - watch
 {{- if .Values.psp.enabled }}
 - apiGroups:
   - policy
 
@@ -221,6 +221,12 @@ spec:
                 - "*"
               verbs:
                 - "*"
+            - apiGroups:
+                - apps.openshift.io
+              resources:
+                - deploymentconfigs
+              verbs:
+                - "*"
           serviceAccountName: snyk-operator
       deployments:
         - name: snyk-operator
 
@@ -23,15 +23,15 @@ process.on('uncaughtException', (err) => {
   }
 });
 
-process.on('unhandledRejection', (reason) => {
+process.on('unhandledRejection', (reason, promise) => {
   if (state.shutdownInProgress) {
     return;
   }
 
   try {
-    logger.error({reason}, 'UNHANDLED REJECTION!');
+    logger.error({ reason, promise }, 'UNHANDLED REJECTION!');
   } catch (ignore) {
-    console.log('UNHANDLED REJECTION!', reason);
+    console.log('UNHANDLED REJECTION!', reason, promise);
   } finally {
     process.exit(1);
   }
@@ -47,10 +47,10 @@ function cleanUpTempStorage() {
   }
 };
 
-function monitor(): void {
+async function monitor(): Promise<void> {
   try {
     logger.info({cluster: currentClusterName}, 'starting to monitor');
-    beginWatchingWorkloads();
+    await beginWatchingWorkloads();
   } catch (error) {
     logger.error({error}, 'an error occurred while monitoring the cluster');
     process.exit(1);
@@ -63,5 +63,5 @@ cleanUpTempStorage();
 // Allow running in an async context
 setImmediate(async function setUpAndMonitor(): Promise<void> {
   await loadAndSendWorkloadAutoImportPolicy();
-  monitor();
+  await monitor();
 });
@@ -1,6 +1,15 @@
-import { IncomingMessage }  from 'http';
-import { AppsV1Api, BatchV1Api, BatchV1beta1Api, CoreV1Api, KubeConfig,
-  V1ObjectMeta, V1OwnerReference, V1PodSpec } from '@kubernetes/client-node';
+import { IncomingMessage } from 'http';
+import {
+  AppsV1Api,
+  BatchV1Api,
+  BatchV1beta1Api,
+  CoreV1Api,
+  CustomObjectsApi,
+  KubeConfig,
+  V1ObjectMeta,
+  V1OwnerReference,
+  V1PodSpec,
+} from '@kubernetes/client-node';
 
 export enum WorkloadKind {
   Deployment = 'Deployment',
@@ -11,6 +20,7 @@ export enum WorkloadKind {
   CronJob = 'CronJob',
   ReplicationController = 'ReplicationController',
   Pod = 'Pod',
+  DeploymentConfig = 'DeploymentConfig',
 }
 
 export interface IRequestError {
@@ -32,6 +42,7 @@ export interface IK8sClients {
   readonly coreClient: CoreV1Api;
   readonly batchClient: BatchV1Api;
   readonly batchUnstableClient: BatchV1beta1Api;
+  readonly customObjectsClient: CustomObjectsApi;
 }
 
 export class K8sClients implements IK8sClients {
@@ -41,12 +52,17 @@ export class K8sClients implements IK8sClients {
   // TODO: Keep an eye on this! We need v1beta1 API for CronJobs.
   // https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning
   // CronJobs will appear in v2 API, but for now there' only v2alpha1, so it's a bad idea to use it.
+  // TODO: https://kubernetes.io/blog/2021/04/09/kubernetes-release-1.21-cronjob-ga/
+  // CronJobs are now GA in Kubernetes 1.21 in the batch/v1 API, we should add support for it!
   public readonly batchUnstableClient: BatchV1beta1Api;
+  /** This client is used to access Custom Resources in the cluster, e.g. DeploymentConfig on OpenShift. */
+  public readonly customObjectsClient: CustomObjectsApi;
 
   constructor(config: KubeConfig) {
     this.appsClient = config.makeApiClient(AppsV1Api);
     this.coreClient = config.makeApiClient(CoreV1Api);
     this.batchClient = config.makeApiClient(BatchV1Api);
     this.batchUnstableClient = config.makeApiClient(BatchV1beta1Api);
+    this.customObjectsClient = config.makeApiClient(CustomObjectsApi);
   }
 }
@@ -0,0 +1,32 @@
+import { deleteWorkload } from './workload';
+import { WorkloadKind } from '../../types';
+import { FALSY_WORKLOAD_NAME_MARKER, V1DeploymentConfig } from './types';
+
+export async function deploymentConfigWatchHandler(
+  deploymentConfig: V1DeploymentConfig,
+): Promise<void> {
+  if (
+    !deploymentConfig.metadata ||
+    !deploymentConfig.spec ||
+    !deploymentConfig.spec.template.metadata ||
+    !deploymentConfig.spec.template.spec ||
+    !deploymentConfig.status
+  ) {
+    return;
+  }
+
+  const workloadName =
+    deploymentConfig.metadata.name || FALSY_WORKLOAD_NAME_MARKER;
+
+  await deleteWorkload(
+    {
+      kind: WorkloadKind.DeploymentConfig,
+      objectMeta: deploymentConfig.metadata,
+      specMeta: deploymentConfig.spec.template.metadata,
+      ownerRefs: deploymentConfig.metadata.ownerReferences,
+      revision: deploymentConfig.status.observedGeneration,
+      podSpec: deploymentConfig.spec.template.spec,
+    },
+    workloadName,
+  );
+}