Merge pull request #994 from snyk/feat/cronjobs

KatieArmstr · web-flow · commit 40f6cab7bca7 · 2022-01-25T17:31:42.000Z
[RUN-1518] Add support for CronJobs in batch/v1 API
diff --git a/src/supervisor/types.ts b/src/supervisor/types.ts
@@ -2,7 +2,6 @@ import { IncomingMessage } from 'http';
 import {
   AppsV1Api,
   BatchV1Api,
-  BatchV1beta1Api,
   CoreV1Api,
   CustomObjectsApi,
   KubeConfig,
@@ -41,28 +40,20 @@ export interface IK8sClients {
   readonly appsClient: AppsV1Api;
   readonly coreClient: CoreV1Api;
   readonly batchClient: BatchV1Api;
-  readonly batchUnstableClient: BatchV1beta1Api;
   readonly customObjectsClient: CustomObjectsApi;
 }
 
 export class K8sClients implements IK8sClients {
   public readonly appsClient: AppsV1Api;
   public readonly coreClient: CoreV1Api;
   public readonly batchClient: BatchV1Api;
-  // TODO: Keep an eye on this! We need v1beta1 API for CronJobs.
-  // https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning
-  // CronJobs will appear in v2 API, but for now there' only v2alpha1, so it's a bad idea to use it.
-  // TODO: https://kubernetes.io/blog/2021/04/09/kubernetes-release-1.21-cronjob-ga/
-  // CronJobs are now GA in Kubernetes 1.21 in the batch/v1 API, we should add support for it!
-  public readonly batchUnstableClient: BatchV1beta1Api;
   /** This client is used to access Custom Resources in the cluster, e.g. DeploymentConfig on OpenShift. */
   public readonly customObjectsClient: CustomObjectsApi;
 
   constructor(config: KubeConfig) {
     this.appsClient = config.makeApiClient(AppsV1Api);
     this.coreClient = config.makeApiClient(CoreV1Api);
     this.batchClient = config.makeApiClient(BatchV1Api);
-    this.batchUnstableClient = config.makeApiClient(BatchV1beta1Api);
     this.customObjectsClient = config.makeApiClient(CustomObjectsApi);
   }
 }
diff --git a/src/supervisor/watchers/handlers/cron-job.ts b/src/supervisor/watchers/handlers/cron-job.ts
@@ -1,4 +1,4 @@
-import { V1beta1CronJob, V1beta1CronJobList } from '@kubernetes/client-node';
+import { V1CronJob, V1CronJobList } from '@kubernetes/client-node';
 import { deleteWorkload, trimWorkload } from './workload';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
@@ -13,25 +13,21 @@ import {
 
 export async function paginatedCronJobList(namespace: string): Promise<{
   response: IncomingMessage;
-  body: V1beta1CronJobList;
+  body: V1CronJobList;
 }> {
-  const v1CronJobList = new V1beta1CronJobList();
-  v1CronJobList.apiVersion = 'batch/v1beta1';
+  const v1CronJobList = new V1CronJobList();
+  v1CronJobList.apiVersion = 'batch/v1';
   v1CronJobList.kind = 'CronJobList';
-  v1CronJobList.items = new Array<V1beta1CronJob>();
+  v1CronJobList.items = new Array<V1CronJob>();
 
   return await paginatedList(
     namespace,
     v1CronJobList,
-    k8sApi.batchUnstableClient.listNamespacedCronJob.bind(
-      k8sApi.batchUnstableClient,
-    ),
+    k8sApi.batchClient.listNamespacedCronJob.bind(k8sApi.batchClient),
   );
 }
 
-export async function cronJobWatchHandler(
-  cronJob: V1beta1CronJob,
-): Promise<void> {
+export async function cronJobWatchHandler(cronJob: V1CronJob): Promise<void> {
   cronJob = trimWorkload(cronJob);
 
   if (
diff --git a/src/supervisor/watchers/handlers/index.ts b/src/supervisor/watchers/handlers/index.ts
@@ -69,7 +69,7 @@ const workloadWatchMetadata: Readonly<IWorkloadWatchMetadata> = {
       paginatedReplicationControllerList(namespace),
   },
   [WorkloadKind.CronJob]: {
-    endpoint: '/apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs',
+    endpoint: '/apis/batch/v1/watch/namespaces/{namespace}/cronjobs',
     handlers: {
       [DELETE]: cronJobWatchHandler,
     },
diff --git a/src/supervisor/workload-reader.ts b/src/supervisor/workload-reader.ts
@@ -206,13 +206,10 @@ const jobReader: IWorkloadReaderFunc = async (workloadName, namespace) => {
   return metadata;
 };
 
-// Keep an eye on this! We need v1beta1 API for CronJobs.
-// https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning
-// CronJobs will appear in v2 API, but for now there' only v2alpha1, so it's a bad idea to use it.
+// cronJobReader can read v1 and v1beta1 CronJobs
 const cronJobReader: IWorkloadReaderFunc = async (workloadName, namespace) => {
   const cronJobResult = await kubernetesApiWrappers.retryKubernetesApiRequest(
-    () =>
-      k8sApi.batchUnstableClient.readNamespacedCronJob(workloadName, namespace),
+    () => k8sApi.batchClient.readNamespacedCronJob(workloadName, namespace),
   );
   const cronJob = trimWorkload(cronJobResult.body);
 
diff --git a/test/fixtures/cronjob-v1beta1.yaml b/test/fixtures/cronjob-v1beta1.yaml
@@ -0,0 +1,23 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: cron-job-v1beta1
+  namespace: services
+  labels:
+    app.kubernetes.io/name: cron-job-v1beta1
+spec:
+  schedule: '* * * * *'
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: cron-job-v1beta1
+        spec:
+          containers:
+            - name: cron-job-v1beta1
+              image: busybox
+              imagePullPolicy: IfNotPresent
+              command: ['/bin/sleep']
+              args: ['180']
+          restartPolicy: OnFailure
diff --git a/test/fixtures/cronjob.yaml b/test/fixtures/cronjob.yaml
@@ -0,0 +1,23 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cron-job
+  namespace: services
+  labels:
+    app.kubernetes.io/name: cron-job
+spec:
+  schedule: '* * * * *'
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: cron-job
+        spec:
+          containers:
+            - name: cron-job
+              image: busybox
+              imagePullPolicy: IfNotPresent
+              command: ['/bin/sleep']
+              args: ['180']
+          restartPolicy: OnFailure
diff --git a/test/helpers/kubectl.ts b/test/helpers/kubectl.ts
@@ -231,7 +231,7 @@ export async function waitForDeployment(
   namespace: string,
 ): Promise<void> {
   console.log(`Trying to find deployment ${name} in namespace ${namespace}`);
-  for (let attempt = 0; attempt < 120; attempt++) {
+  for (let attempt = 0; attempt < 180; attempt++) {
     try {
       await exec(`./kubectl get deployment.apps/${name} -n ${namespace}`);
     } catch (error) {
diff --git a/test/integration/kubernetes.spec.ts b/test/integration/kubernetes.spec.ts
@@ -50,6 +50,8 @@ test('deploy sample workloads', async () => {
     kubectl.applyK8sYaml('./test/fixtures/centos-deployment.yaml'),
     kubectl.applyK8sYaml('./test/fixtures/scratch-deployment.yaml'),
     kubectl.applyK8sYaml('./test/fixtures/consul-deployment.yaml'),
+    kubectl.applyK8sYaml('./test/fixtures/cronjob.yaml'),
+    kubectl.applyK8sYaml('./test/fixtures/cronjob-v1beta1.yaml'),
     kubectl.createPodFromImage(
       'alpine-from-sha',
       someImageWithSha,
@@ -112,7 +114,6 @@ test('snyk-monitor sends data to kubernetes-upstream', async () => {
   const validatorFn: WorkloadLocatorValidator = (workloads) => {
     return (
       workloads !== undefined &&
-      workloads.length === 8 &&
       workloads.find(
         (workload) =>
           workload.name === 'alpine' && workload.type === WorkloadKind.Pod,
@@ -150,6 +151,16 @@ test('snyk-monitor sends data to kubernetes-upstream', async () => {
         (workload) =>
           workload.name === 'consul' &&
           workload.type === WorkloadKind.Deployment,
+      ) !== undefined &&
+      workloads.find(
+        (workload) =>
+          workload.name === 'cron-job' &&
+          workload.type === WorkloadKind.CronJob,
+      ) !== undefined &&
+      workloads.find(
+        (workload) =>
+          workload.name === 'cron-job-v1beta1' &&
+          workload.type === WorkloadKind.CronJob,
       ) !== undefined
     );
   };
@@ -226,6 +237,33 @@ test('snyk-monitor sends data to kubernetes-upstream', async () => {
       target: { image: 'docker-image|docker.io/snyk/runtime-fixtures' },
     },
   ]);
+
+  const scanResultsCronJob = await getUpstreamResponseBody(
+    `api/v1/scan-results/${integrationId}/Default%20cluster/services/CronJob/cron-job`,
+  );
+  expect(scanResultsCronJob.workloadScanResults['busybox']).toEqual<
+    ScanResult[]
+  >([
+    {
+      identity: { type: 'linux', args: { platform: 'linux/amd64' } },
+      facts: expect.any(Array),
+      target: { image: 'docker-image|busybox' },
+    },
+  ]);
+
+  // the v1 reader works for both v1 and v1beta1
+  const scanResultsCronJobBeta = await getUpstreamResponseBody(
+    `api/v1/scan-results/${integrationId}/Default%20cluster/services/CronJob/cron-job-v1beta1`,
+  );
+  expect(scanResultsCronJobBeta.workloadScanResults['busybox']).toEqual<
+    ScanResult[]
+  >([
+    {
+      identity: { type: 'linux', args: { platform: 'linux/amd64' } },
+      facts: expect.any(Array),
+      target: { image: 'docker-image|busybox' },
+    },
+  ]);
 });
 
 test('snyk-monitor sends binary hashes to kubernetes-upstream after adding another deployment', async () => {
diff --git a/test/setup/platforms/kind.ts b/test/setup/platforms/kind.ts
@@ -8,7 +8,7 @@ const clusterName = 'kind';
 
 export async function setupTester(): Promise<void> {
   const osDistro = platform();
-  await download(osDistro, 'v0.8.1');
+  await download(osDistro, 'v0.11.1');
 }
 
 export async function createCluster(version: string): Promise<void> {

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ const clusterName = 'kind';`
`8`	`8`
`9`	`9`	`export async function setupTester(): Promise<void> {`
`10`	`10`	`const osDistro = platform();`
`11`		`- await download(osDistro, 'v0.8.1');`
	`11`	`+ await download(osDistro, 'v0.11.1');`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`export async function createCluster(version: string): Promise<void> {`