feat: watch workloads using the Informer API

Create a map that abstracts away watched resources' details (e.g. endpoint, type, K8s listing function).
For every workload, look into the map and setup Informers.

The Informer is a wrapper around the K8s Watch API that helps restart killed watches and efficiently keeps track of changes to a workload.
Using this API fixes the problem of Watches dying and eventually ending the kubernetes-monitor process while also notifying only on real workload changes (not just any change).

Author: ivanstanev

src/kube-scanner/watchers/handlers/cron-job.ts

@@ -1,14 +1,9 @@
 import { V1beta1CronJob } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function cronJobWatchHandler(eventType: string, cronJob: V1beta1CronJob) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function cronJobWatchHandler(cronJob: V1beta1CronJob) {
   if (!cronJob.metadata || !cronJob.spec || !cronJob.spec.jobTemplate.spec ||
       !cronJob.spec.jobTemplate.metadata || !cronJob.spec.jobTemplate.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/daemon-set.ts

@@ -1,14 +1,9 @@
 import { V1DaemonSet } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function daemonSetWatchHandler(eventType: string, daemonSet: V1DaemonSet) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function daemonSetWatchHandler(daemonSet: V1DaemonSet) {
   if (!daemonSet.metadata || !daemonSet.spec || !daemonSet.spec.template.metadata ||
       !daemonSet.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/deployment.ts

@@ -1,14 +1,9 @@
 import { V1Deployment } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function deploymentWatchHandler(eventType: string, deployment: V1Deployment) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function deploymentWatchHandler(deployment: V1Deployment) {
   if (!deployment.metadata || !deployment.spec || !deployment.spec.template.metadata ||
       !deployment.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/index.ts

@@ -1,7 +1,117 @@
+import { makeInformer, ADD, DELETE, UPDATE, KubernetesObject } from '@kubernetes/client-node';
 import logger = require('../../../common/logger');
 import WorkloadWorker = require('../../../kube-scanner');
 import { buildWorkloadMetadata } from '../../metadata-extractor';
-import { KubeObjectMetadata } from '../../types';
+import { KubeObjectMetadata, WorkloadKind } from '../../types';
+import { podWatchHandler } from './pod';
+import { cronJobWatchHandler } from './cron-job';
+import { daemonSetWatchHandler } from './daemon-set';
+import { deploymentWatchHandler } from './deployment';
+import { jobWatchHandler } from './job';
+import { replicaSetWatchHandler } from './replica-set';
+import { replicationControllerWatchHandler } from './replication-controller';
+import { statefulSetWatchHandler } from './stateful-set';
+import { k8sApi, kubeConfig } from '../../cluster';
+import { IWorkloadWatchMetadata, FALSY_WORKLOAD_NAME_MARKER } from './types';
+
+/**
+ * This map is used in combination with the kubernetes-client Informer API
+ * to abstract which resources to watch, what their endpoint is, how to grab
+ * a list of the resources, and which watch actions to handle (e.g. a newly added resource).
+ *
+ * The Informer API is just a wrapper around Kubernetes watches that makes sure the watch
+ * gets restarted if it dies and it also efficiently tracks changes to the watched workloads
+ * by comparing their resourceVersion.
+ *
+ * The map is keyed by the "WorkloadKind" -- the type of resource we want to watch.
+ * Legal verbs for the "handlers" are pulled from '@kubernetes/client-node'. You can
+ * set a different handler for every verb.
+ * (e.g. ADD-ed workloads are processed differently than DELETE-d ones)
+ *
+ * The "listFunc" is a callback used by the kubernetes-client to grab the watched resource
+ * whenever Kubernetes fires a "workload changed" event and it uses the result to figure out
+ * if the workload actually changed (by inspecting the resourceVersion).
+ */
+const workloadWatchMetadata: Readonly<IWorkloadWatchMetadata> = {
+  [WorkloadKind.Pod]: {
+    endpoint: '/api/v1/namespaces/{namespace}/pods',
+    handlers: {
+      [ADD]: podWatchHandler,
+      [UPDATE]: podWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.coreClient.listNamespacedPod(namespace),
+  },
+  [WorkloadKind.ReplicationController]: {
+    endpoint: '/api/v1/watch/namespaces/{namespace}/replicationcontrollers',
+    handlers: {
+      [DELETE]: replicationControllerWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.coreClient.listNamespacedReplicationController(namespace),
+  },
+  [WorkloadKind.CronJob]: {
+    endpoint: '/apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs',
+    handlers: {
+      [DELETE]: cronJobWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.batchUnstableClient.listNamespacedCronJob(namespace),
+  },
+  [WorkloadKind.Job]: {
+    endpoint: '/apis/batch/v1/watch/namespaces/{namespace}/jobs',
+    handlers: {
+      [DELETE]: jobWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.batchClient.listNamespacedJob(namespace),
+  },
+  [WorkloadKind.DaemonSet]: {
+    endpoint: '/apis/apps/v1/watch/namespaces/{namespace}/daemonsets',
+    handlers: {
+      [DELETE]: daemonSetWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.appsClient.listNamespacedDaemonSet(namespace),
+  },
+  [WorkloadKind.Deployment]: {
+    endpoint: '/apis/apps/v1/watch/namespaces/{namespace}/deployments',
+    handlers: {
+      [DELETE]: deploymentWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.appsClient.listNamespacedDeployment(namespace),
+  },
+  [WorkloadKind.ReplicaSet]: {
+    endpoint: '/apis/apps/v1/watch/namespaces/{namespace}/replicasets',
+    handlers: {
+      [DELETE]: replicaSetWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.appsClient.listNamespacedReplicaSet(namespace),
+  },
+  [WorkloadKind.StatefulSet]: {
+    endpoint: '/apis/apps/v1/watch/namespaces/{namespace}/statefulsets',
+    handlers: {
+      [DELETE]: statefulSetWatchHandler,
+    },
+    listFactory: (namespace) => () => k8sApi.appsClient.listNamespacedStatefulSet(namespace),
+  },
+};
+
+export function setupInformer(namespace: string, workloadKind: WorkloadKind) {
+  const workloadMetadata = workloadWatchMetadata[workloadKind];
+  const namespacedEndpoint = workloadMetadata.endpoint.replace('{namespace}', namespace);
+
+  const informer = makeInformer<KubernetesObject>(kubeConfig, namespacedEndpoint,
+    workloadMetadata.listFactory(namespace));
+
+  for (const informerVerb of Object.keys(workloadMetadata.handlers)) {
+    informer.on(informerVerb, async (watchedWorkload) => {
+      try {
+        await workloadMetadata.handlers[informerVerb](watchedWorkload);
+      } catch (error) {
+        const name = watchedWorkload.metadata && watchedWorkload.metadata.name || FALSY_WORKLOAD_NAME_MARKER;
+        logger.warn({error, namespace, name, workloadKind}, 'could not execute the informer handler for a workload');
+      }
+    });
+  }
+
+  informer.start();
+}
 
 export async function deleteWorkload(kubernetesMetadata: KubeObjectMetadata, workloadName: string) {
   try {

src/kube-scanner/watchers/handlers/job.ts

@@ -1,14 +1,9 @@
 import { V1Job } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function jobWatchHandler(eventType: string, job: V1Job) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function jobWatchHandler(job: V1Job) {
   if (!job.metadata || !job.spec || !job.spec.template.metadata || !job.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!
     return;

src/kube-scanner/watchers/handlers/pod.ts

@@ -5,7 +5,7 @@ import logger = require('../../../common/logger');
 import WorkloadWorker = require('../../../kube-scanner');
 import { IKubeImage } from '../../../transmitter/types';
 import { buildMetadataForWorkload } from '../../metadata-extractor';
-import { PodPhase, WatchEventType } from '../types';
+import { PodPhase } from '../types';
 import state = require('../../../state');
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
@@ -43,9 +43,9 @@ async function handleReadyPod(workloadWorker: WorkloadWorker, workloadMetadata:
   }
 }
 
-export async function podWatchHandler(eventType: string, pod: V1Pod) {
+export async function podWatchHandler(pod: V1Pod) {
   // This tones down the number of scans whenever a Pod is about to be scheduled by K8s
-  if (eventType !== WatchEventType.Deleted && !isPodReady(pod)) {
+  if (!isPodReady(pod)) {
     return;
   }
 
@@ -61,21 +61,7 @@ export async function podWatchHandler(eventType: string, pod: V1Pod) {
 
     const workloadName = workloadMetadata[0].name;
     const workloadWorker = new WorkloadWorker(workloadName);
-
-    switch (eventType) {
-      case WatchEventType.Added:
-      case WatchEventType.Modified:
-        await handleReadyPod(workloadWorker, workloadMetadata);
-        break;
-      case WatchEventType.Error:
-        break;
-      case WatchEventType.Bookmark:
-        break;
-      case WatchEventType.Deleted:
-        break;
-      default:
-        break;
-    }
+    await handleReadyPod(workloadWorker, workloadMetadata);
   } catch (error) {
     logger.error({error, podName}, 'Could not build image metadata for pod');
   }

src/kube-scanner/watchers/handlers/replica-set.ts

@@ -1,14 +1,9 @@
 import { V1ReplicaSet } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function replicaSetWatchHandler(eventType: string, replicaSet: V1ReplicaSet) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function replicaSetWatchHandler(replicaSet: V1ReplicaSet) {
   if (!replicaSet.metadata || !replicaSet.spec || !replicaSet.spec.template ||
       !replicaSet.spec.template.metadata || !replicaSet.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/replication-controller.ts

@@ -1,15 +1,9 @@
 import { V1ReplicationController } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function replicationControllerWatchHandler(
-    eventType: string, replicationController: V1ReplicationController) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function replicationControllerWatchHandler(replicationController: V1ReplicationController) {
   if (!replicationController.metadata || !replicationController.spec || !replicationController.spec.template ||
       !replicationController.spec.template.metadata || !replicationController.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/stateful-set.ts

@@ -1,14 +1,9 @@
 import { V1StatefulSet } from '@kubernetes/client-node';
-import { WatchEventType } from '../types';
 import { deleteWorkload } from './index';
 import { WorkloadKind } from '../../types';
 import { FALSY_WORKLOAD_NAME_MARKER } from './types';
 
-export async function statefulSetWatchHandler(eventType: string, statefulSet: V1StatefulSet) {
-  if (eventType !== WatchEventType.Deleted) {
-    return;
-  }
-
+export async function statefulSetWatchHandler(statefulSet: V1StatefulSet) {
   if (!statefulSet.metadata || !statefulSet.spec || !statefulSet.spec.template.metadata ||
       !statefulSet.spec.template.spec) {
     // TODO(ivanstanev): possibly log this. It shouldn't happen but we should track it!

src/kube-scanner/watchers/handlers/types.ts

@@ -1 +1,18 @@
 export const FALSY_WORKLOAD_NAME_MARKER = 'falsy workload name';
+
+type WorkloadHandlerFunc = (workload: any) => Promise<void>;
+
+type ListWorkloadFunctionFactory = (namespace: string) => () => Promise<{
+  response: any;
+  body: any;
+}>;
+
+export interface IWorkloadWatchMetadata {
+  [workloadKind: string]: {
+    endpoint: string,
+    handlers: {
+      [kubernetesInformerVerb: string]: WorkloadHandlerFunc,
+    },
+    listFactory: ListWorkloadFunctionFactory;
+  };
+}