Skip to content

Commit c643399

Browse files
talik077talik077
committed
feat: extract and send workload pod spec
pod spec object contains valuable information about pod's security configuration. such attributes may be the containers, hostNetwork, serviceAccountName, securityContext and more. by sending the whole spec to homebase, it would be easier to release new features based on that information without relying on kubernetes-monitor's version.
1 parent 56a75a8 commit c643399

File tree

12 files changed

+25
-19
lines changed

12 files changed

+25
-19
lines changed

src/kube-scanner/metadata-extractor.ts

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,11 +13,11 @@ export function buildImageMetadata(
1313
workloadMeta: KubeObjectMetadata,
1414
containerStatuses: V1ContainerStatus[],
1515
): IWorkload[] {
16-
const { kind, objectMeta, specMeta, containers, revision } = workloadMeta;
16+
const { kind, objectMeta, specMeta, revision, podSpec } = workloadMeta;
1717
const { name, namespace, labels, annotations, uid } = objectMeta;
1818

1919
const containerNameToSpec: {[key: string]: V1Container} = {};
20-
for (const container of containers) {
20+
for (const container of podSpec.containers) {
2121
containerNameToSpec[container.name] = container;
2222
}
2323

@@ -40,6 +40,7 @@ export function buildImageMetadata(
4040
imageId: containerNameToStatus[containerName].imageID,
4141
cluster: currentClusterName,
4242
revision,
43+
podSpec,
4344
} as IWorkload),
4445
);
4546
return images;
@@ -113,7 +114,7 @@ export async function buildMetadataForWorkload(pod: V1Pod): Promise<IWorkload[]
113114
// do not have the "template" property.
114115
specMeta: pod.metadata,
115116
ownerRefs: [],
116-
containers: pod.spec.containers,
117+
podSpec: pod.spec,
117118
},
118119
pod.status.containerStatuses,
119120
);

src/kube-scanner/types.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import { AppsV1Api, BatchV1Api, BatchV1beta1Api, CoreV1Api, KubeConfig,
2-
V1Container, V1ObjectMeta, V1OwnerReference } from '@kubernetes/client-node';
2+
V1ObjectMeta, V1OwnerReference, V1PodSpec } from '@kubernetes/client-node';
33

44
export enum WorkloadKind {
55
Deployment = 'Deployment',
@@ -35,7 +35,7 @@ export interface KubeObjectMetadata {
3535
kind: string;
3636
objectMeta: V1ObjectMeta;
3737
specMeta: V1ObjectMeta;
38-
containers: V1Container[];
38+
podSpec: V1PodSpec;
3939
ownerRefs: V1OwnerReference[] | undefined;
4040
revision?: number;
4141
}

src/kube-scanner/watchers/handlers/cron-job.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ export async function cronJobWatchHandler(cronJob: V1beta1CronJob) {
1616
kind: WorkloadKind.CronJob,
1717
objectMeta: cronJob.metadata,
1818
specMeta: cronJob.spec.jobTemplate.metadata,
19-
containers: cronJob.spec.jobTemplate.spec.template.spec.containers,
2019
ownerRefs: cronJob.metadata.ownerReferences,
20+
podSpec: cronJob.spec.jobTemplate.spec.template.spec,
2121
}, workloadName);
2222
}

src/kube-scanner/watchers/handlers/daemon-set.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ export async function daemonSetWatchHandler(daemonSet: V1DaemonSet) {
1616
kind: WorkloadKind.DaemonSet,
1717
objectMeta: daemonSet.metadata,
1818
specMeta: daemonSet.spec.template.metadata,
19-
containers: daemonSet.spec.template.spec.containers,
2019
ownerRefs: daemonSet.metadata.ownerReferences,
2120
revision: daemonSet.status.observedGeneration,
21+
podSpec: daemonSet.spec.template.spec,
2222
}, workloadName);
2323
}

src/kube-scanner/watchers/handlers/deployment.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ export async function deploymentWatchHandler(deployment: V1Deployment) {
1616
kind: WorkloadKind.Deployment,
1717
objectMeta: deployment.metadata,
1818
specMeta: deployment.spec.template.metadata,
19-
containers: deployment.spec.template.spec.containers,
2019
ownerRefs: deployment.metadata.ownerReferences,
2120
revision: deployment.status.observedGeneration,
21+
podSpec: deployment.spec.template.spec,
2222
}, workloadName);
2323
}

src/kube-scanner/watchers/handlers/job.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ export async function jobWatchHandler(job: V1Job) {
1515
kind: WorkloadKind.Job,
1616
objectMeta: job.metadata,
1717
specMeta: job.spec.template.metadata,
18-
containers: job.spec.template.spec.containers,
1918
ownerRefs: job.metadata.ownerReferences,
19+
podSpec: job.spec.template.spec,
2020
}, workloadName);
2121
}

src/kube-scanner/watchers/handlers/replica-set.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ export async function replicaSetWatchHandler(replicaSet: V1ReplicaSet) {
1616
kind: WorkloadKind.ReplicaSet,
1717
objectMeta: replicaSet.metadata,
1818
specMeta: replicaSet.spec.template.metadata,
19-
containers: replicaSet.spec.template.spec.containers,
2019
ownerRefs: replicaSet.metadata.ownerReferences,
2120
revision: replicaSet.status.observedGeneration,
21+
podSpec: replicaSet.spec.template.spec,
2222
}, workloadName);
2323
}

src/kube-scanner/watchers/handlers/replication-controller.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,8 @@ export async function replicationControllerWatchHandler(replicationController: V
1717
kind: WorkloadKind.ReplicationController,
1818
objectMeta: replicationController.metadata,
1919
specMeta: replicationController.spec.template.metadata,
20-
containers: replicationController.spec.template.spec.containers,
2120
ownerRefs: replicationController.metadata.ownerReferences,
2221
revision: replicationController.status.observedGeneration,
22+
podSpec: replicationController.spec.template.spec,
2323
}, workloadName);
2424
}

src/kube-scanner/watchers/handlers/stateful-set.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ export async function statefulSetWatchHandler(statefulSet: V1StatefulSet) {
1616
kind: WorkloadKind.StatefulSet,
1717
objectMeta: statefulSet.metadata,
1818
specMeta: statefulSet.spec.template.metadata,
19-
containers: statefulSet.spec.template.spec.containers,
2019
ownerRefs: statefulSet.metadata.ownerReferences,
2120
revision: statefulSet.status.observedGeneration,
21+
podSpec: statefulSet.spec.template.spec,
2222
}, workloadName);
2323
}

src/kube-scanner/workload-reader.ts

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,9 @@ const deploymentReader: IWorkloadReaderFunc = async (workloadName, namespace) =>
2222
kind: WorkloadKind.Deployment,
2323
objectMeta: deployment.metadata,
2424
specMeta: deployment.spec.template.metadata,
25-
containers: deployment.spec.template.spec.containers,
2625
ownerRefs: deployment.metadata.ownerReferences,
2726
revision: deployment.status.observedGeneration,
27+
podSpec: deployment.spec.template.spec,
2828
};
2929
};
3030

@@ -43,9 +43,9 @@ const replicaSetReader: IWorkloadReaderFunc = async (workloadName, namespace) =>
4343
kind: WorkloadKind.ReplicaSet,
4444
objectMeta: replicaSet.metadata,
4545
specMeta: replicaSet.spec.template.metadata,
46-
containers: replicaSet.spec.template.spec.containers,
4746
ownerRefs: replicaSet.metadata.ownerReferences,
4847
revision: replicaSet.status.observedGeneration,
48+
podSpec: replicaSet.spec.template.spec,
4949
};
5050
};
5151

@@ -64,9 +64,9 @@ const statefulSetReader: IWorkloadReaderFunc = async (workloadName, namespace) =
6464
kind: WorkloadKind.StatefulSet,
6565
objectMeta: statefulSet.metadata,
6666
specMeta: statefulSet.spec.template.metadata,
67-
containers: statefulSet.spec.template.spec.containers,
6867
ownerRefs: statefulSet.metadata.ownerReferences,
6968
revision: statefulSet.status.observedGeneration,
69+
podSpec: statefulSet.spec.template.spec,
7070
};
7171
};
7272

@@ -85,9 +85,9 @@ const daemonSetReader: IWorkloadReaderFunc = async (workloadName, namespace) =>
8585
kind: WorkloadKind.DaemonSet,
8686
objectMeta: daemonSet.metadata,
8787
specMeta: daemonSet.spec.template.metadata,
88-
containers: daemonSet.spec.template.spec.containers,
8988
ownerRefs: daemonSet.metadata.ownerReferences,
9089
revision: daemonSet.status.observedGeneration,
90+
podSpec: daemonSet.spec.template.spec,
9191
};
9292
};
9393

@@ -105,8 +105,8 @@ const jobReader: IWorkloadReaderFunc = async (workloadName, namespace) => {
105105
kind: WorkloadKind.Job,
106106
objectMeta: job.metadata,
107107
specMeta: job.spec.template.metadata,
108-
containers: job.spec.template.spec.containers,
109108
ownerRefs: job.metadata.ownerReferences,
109+
podSpec: job.spec.template.spec,
110110
};
111111
};
112112

@@ -128,8 +128,8 @@ const cronJobReader: IWorkloadReaderFunc = async (workloadName, namespace) => {
128128
kind: WorkloadKind.CronJob,
129129
objectMeta: cronJob.metadata,
130130
specMeta: cronJob.spec.jobTemplate.metadata,
131-
containers: cronJob.spec.jobTemplate.spec.template.spec.containers,
132131
ownerRefs: cronJob.metadata.ownerReferences,
132+
podSpec: cronJob.spec.jobTemplate.spec.template.spec,
133133
};
134134
};
135135

@@ -149,9 +149,9 @@ const replicationControllerReader: IWorkloadReaderFunc = async (workloadName, na
149149
kind: WorkloadKind.ReplicationController,
150150
objectMeta: replicationController.metadata,
151151
specMeta: replicationController.spec.template.metadata,
152-
containers: replicationController.spec.template.spec.containers,
153152
ownerRefs: replicationController.metadata.ownerReferences,
154153
revision: replicationController.status.observedGeneration,
154+
podSpec: replicationController.spec.template.spec,
155155
};
156156
};
157157

0 commit comments

Comments
 (0)