Skip to content

Commit 7b545bc

Browse files
SD-13SD-13
authored
Merge branch 'main' into wrong-hyperlink
2 parents e579936 + ae5ff26 commit 7b545bc

File tree

2 files changed

+27
-14
lines changed

2 files changed

+27
-14
lines changed

KubeArmor/.goreleaser.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ builds:
88
goarch:
99
- amd64
1010
- arm64
11+
env:
12+
- CGO_ENABLED=0
1113

1214
signs:
1315
- cmd: cosign

KubeArmor/core/kubeUpdate.go

+25-14
Original file line numberDiff line numberDiff line change
@@ -550,9 +550,6 @@ func (dm *KubeArmorDaemon) HandleUnknownNamespaceNsMap(container *tp.Container)
550550

551551
// WatchK8sPods Function
552552
func (dm *KubeArmorDaemon) WatchK8sPods() {
553-
var controllerName, controller, namespace string
554-
var err error
555-
556553
nodeName := os.Getenv("KUBEARMOR_NODENAME")
557554
if nodeName == "" {
558555
nodeName = cfg.GlobalCfg.Host
@@ -591,29 +588,43 @@ func (dm *KubeArmorDaemon) WatchK8sPods() {
591588
pod.Metadata["namespaceName"] = event.Object.ObjectMeta.Namespace
592589
pod.Metadata["podName"] = event.Object.ObjectMeta.Name
593590

591+
var controllerName, controller, namespace string
592+
var err error
593+
594594
if event.Type == "ADDED" {
595595
controllerName, controller, namespace, err = getTopLevelOwner(event.Object.ObjectMeta, event.Object.Namespace, event.Object.Kind)
596596
if err != nil {
597597
dm.Logger.Warnf("Failed to get ownerRef (%s, %s)", event.Object.ObjectMeta.Name, err.Error())
598598
}
599+
600+
owner := tp.PodOwner{
601+
Name: controllerName,
602+
Ref: controller,
603+
Namespace: namespace,
604+
}
605+
606+
dm.OwnerInfo[pod.Metadata["podName"]] = owner
607+
podOwnerName = controllerName
599608
}
600-
_, err := K8s.K8sClient.CoreV1().Pods(namespace).Get(context.Background(), event.Object.ObjectMeta.Name, metav1.GetOptions{})
601-
if err == nil && (event.Type == "MODIFIED" || event.Type != "DELETED") {
609+
610+
// for event = "MODIFIED" we first check pod's existence to update current dm.OwnerInfo of the pod, because when pod is in terminating state then we cannot get the owner info from it.
611+
// we do not update owner info in terminating state. After pod is deleted we delete the owner info from the map.
612+
_, err = K8s.K8sClient.CoreV1().Pods(namespace).Get(context.Background(), event.Object.ObjectMeta.Name, metav1.GetOptions{})
613+
if err == nil && event.Type == "MODIFIED" {
602614
controllerName, controller, namespace, err = getTopLevelOwner(event.Object.ObjectMeta, event.Object.Namespace, event.Object.Kind)
603615
if err != nil {
604616
dm.Logger.Warnf("Failed to get ownerRef (%s, %s)", event.Object.ObjectMeta.Name, err.Error())
605617
}
606-
}
607-
608-
owner := tp.PodOwner{
609-
Name: controllerName,
610-
Ref: controller,
611-
Namespace: namespace,
612-
}
613618

614-
dm.OwnerInfo[pod.Metadata["podName"]] = owner
619+
owner := tp.PodOwner{
620+
Name: controllerName,
621+
Ref: controller,
622+
Namespace: namespace,
623+
}
615624

616-
podOwnerName = controllerName
625+
dm.OwnerInfo[pod.Metadata["podName"]] = owner
626+
podOwnerName = controllerName
627+
}
617628

618629
//get the owner , then check if that owner has owner if...do it recusivelt until you get the no owner
619630

0 commit comments

Comments
 (0)