From 11c136de07dbcd7c077a508612e6e874b27de721 Mon Sep 17 00:00:00 2001 From: jnathangreeg Date: Sun, 25 Aug 2024 14:21:59 +0300 Subject: [PATCH 1/2] Add comment Signed-off-by: jnathangreeg --- admission/rules/v1/r2000_exec_to_pod.go | 1 + 1 file changed, 1 insertion(+) diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go index 076a81d..52171cd 100644 --- a/admission/rules/v1/r2000_exec_to_pod.go +++ b/admission/rules/v1/r2000_exec_to_pod.go @@ -109,6 +109,7 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ PodName: event.GetName(), Namespace: event.GetNamespace(), + // new fields for incidents aggregation WorkloadName: workloadName, WorkloadNamespace: workloadNamespace, WorkloadKind: workloadKind, From e5289594372193b86e8669ea412e025e973480d5 Mon Sep 17 00:00:00 2001 From: jnathangreeg Date: Sun, 25 Aug 2024 14:37:38 +0300 Subject: [PATCH 2/2] Add comments Signed-off-by: jnathangreeg --- admission/rules/v1/helpers.go | 5 ++++- admission/rules/v1/r2000_exec_to_pod.go | 5 ++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/admission/rules/v1/helpers.go b/admission/rules/v1/helpers.go index 03b20c2..50a1854 100644 --- a/admission/rules/v1/helpers.go +++ b/admission/rules/v1/helpers.go @@ -10,6 +10,7 @@ import ( "k8s.io/client-go/kubernetes" ) +// GetControllerDetails returns the kind, name, namespace, and node name of the controller that owns the pod. func GetControllerDetails(event admission.Attributes, clientset kubernetes.Interface) (string, string, string, string, error) { podName, namespace := event.GetName(), event.GetNamespace() @@ -28,6 +29,7 @@ func GetControllerDetails(event admission.Attributes, clientset kubernetes.Inter return workloadKind, workloadName, workloadNamespace, nodeName, nil } +// GetPodDetails returns the pod details from the Kubernetes API server. func GetPodDetails(clientset kubernetes.Interface, podName, namespace string) (*v1.Pod, error) { pod, err := clientset.CoreV1().Pods(namespace).Get(context.TODO(), podName, metav1.GetOptions{}) if err != nil { @@ -36,6 +38,7 @@ func GetPodDetails(clientset kubernetes.Interface, podName, namespace string) (* return pod, nil } +// ExtractPodOwner returns the kind, name, and namespace of the controller that owns the pod. func ExtractPodOwner(pod *v1.Pod, clientset kubernetes.Interface) (string, string, string) { for _, ownerRef := range pod.OwnerReferences { switch ownerRef.Kind { @@ -49,7 +52,6 @@ func ExtractPodOwner(pod *v1.Pod, clientset kubernetes.Interface) (string, strin } return "", "", "" } - func resolveReplicaSet(ownerRef metav1.OwnerReference, namespace string, clientset kubernetes.Interface) (string, string, string) { rs, err := clientset.AppsV1().ReplicaSets(namespace).Get(context.TODO(), ownerRef.Name, metav1.GetOptions{}) if err == nil && len(rs.OwnerReferences) > 0 && rs.OwnerReferences[0].Kind == "Deployment" { @@ -58,6 +60,7 @@ func resolveReplicaSet(ownerRef metav1.OwnerReference, namespace string, clients return "ReplicaSet", ownerRef.Name, namespace } +// resolveJob returns the kind, name, and namespace of the controller that owns the job. func resolveJob(ownerRef metav1.OwnerReference, namespace string, clientset kubernetes.Interface) (string, string, string) { job, err := clientset.BatchV1().Jobs(namespace).Get(context.TODO(), ownerRef.Name, metav1.GetOptions{}) if err == nil && len(job.OwnerReferences) > 0 && job.OwnerReferences[0].Kind == "CronJob" { diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go index 52171cd..861b627 100644 --- a/admission/rules/v1/r2000_exec_to_pod.go +++ b/admission/rules/v1/r2000_exec_to_pod.go @@ -107,9 +107,8 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte RuleDescription: fmt.Sprintf("Exec to pod detected on pod %s", event.GetName()), }, RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{ - PodName: event.GetName(), - Namespace: event.GetNamespace(), - // new fields for incidents aggregation + PodName: event.GetName(), + Namespace: event.GetNamespace(), WorkloadName: workloadName, WorkloadNamespace: workloadNamespace, WorkloadKind: workloadKind,