Merge pull request #296 from kubescape/profiles

use all statuses, add fallback annotation for app
kubescape · May 27, 2024 · 789d536 · 789d536
2 parents 0aa3ecd + ae7761d
commit 789d536
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 14 deletions.
diff --git a/pkg/containerwatcher/v1/ig_k8sclient.go b/pkg/containerwatcher/v1/ig_k8sclient.go
@@ -1,12 +1,13 @@
 package containerwatcher
 
 import (
+	"node-agent/pkg/utils"
+	"slices"
 	"strings"
 
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
 	"github.com/inspektor-gadget/inspektor-gadget/pkg/types"
 	corev1 "k8s.io/api/core/v1"
-	v1 "k8s.io/api/core/v1"
 )
 
 type IGK8sClient interface {
@@ -26,13 +27,9 @@ func NewIGK8sClientMock() *IGK8sClientMock {
 
 // GetNonRunningContainers returns the list of containers IDs that are not running.
 func (k *IGK8sClientMock) GetNonRunningContainers(pod *corev1.Pod) []string {
-	ret := []string{}
+	var ret []string
 
-	containerStatuses := append([]v1.ContainerStatus{}, pod.Status.InitContainerStatuses...)
-	containerStatuses = append(containerStatuses, pod.Status.ContainerStatuses...)
-	containerStatuses = append(containerStatuses, pod.Status.EphemeralContainerStatuses...)
-
-	for _, s := range containerStatuses {
+	for _, s := range utils.GetContainerStatuses(pod.Status) {
 		if s.ContainerID != "" && s.State.Running == nil {
 			id := trimRuntimePrefix(s.ContainerID)
 			if id == "" {
@@ -48,15 +45,15 @@ func (k *IGK8sClientMock) GetNonRunningContainers(pod *corev1.Pod) []string {
 
 // GetRunningContainers returns a list of the containers of a given Pod that are running.
 func (k *IGK8sClientMock) GetRunningContainers(pod *corev1.Pod) []containercollection.Container {
-	containers := []containercollection.Container{}
+	var containers []containercollection.Container
 
 	labels := map[string]string{}
 	for k, v := range pod.ObjectMeta.Labels {
 		labels[k] = v
 	}
 
-	containerStatuses := append([]v1.Container{}, pod.Spec.InitContainers...)
-	containerStatuses = append(containerStatuses, pod.Spec.Containers...)
+	containerStatuses := slices.Concat(pod.Spec.InitContainers,
+		pod.Spec.Containers)
 
 	for _, s := range containerStatuses {
 

diff --git a/pkg/nodeprofilemanager/v1/nodeprofile_manager.go b/pkg/nodeprofilemanager/v1/nodeprofile_manager.go
@@ -76,10 +76,15 @@ func (n *NodeProfileManager) getProfile() (*armotypes.NodeProfile, error) {
 	for _, pod := range n.k8sObjectCache.GetPods() {
 		var app string
 		if pod.Labels != nil {
-			app = pod.Labels["app"]
+			for _, k := range []string{"app", "app.kubernetes.io/name"} {
+				if v, ok := pod.Labels[k]; ok {
+					app = v
+					break
+				}
+			}
 		}
 		state, reason, message, transitionTime := getPodState(pod.Status.Conditions)
-		statusesMap := mapContainerStatuses(pod.Status.ContainerStatuses)
+		statusesMap := mapContainerStatuses(utils.GetContainerStatuses(pod.Status))
 		podStatus := armotypes.PodStatus{
 			CustomerGUID:               n.clusterData.AccountID,
 			Cluster:                    n.clusterData.ClusterName,

diff --git a/pkg/relevancymanager/v1/relevancy_manager.go b/pkg/relevancymanager/v1/relevancy_manager.go
@@ -362,7 +362,7 @@ func (rm *RelevancyManager) ReportFileOpen(containerID, k8sContainerID, file str
 }
 
 func (rm *RelevancyManager) HasRelevancyCalculating(pod *v1.Pod) bool {
-	for _, c := range pod.Status.ContainerStatuses {
+	for _, c := range utils.GetContainerStatuses(pod.Status) {
 		if rm.watchedContainerChannels.Has(utils.TrimRuntimePrefix(c.ContainerID)) {
 			return true
 		}

diff --git a/pkg/rulemanager/v1/rule_manager.go b/pkg/rulemanager/v1/rule_manager.go
@@ -566,7 +566,7 @@ func (rm *RuleManager) HasApplicableRuleBindings(namespace, name string) bool {
 }
 
 func (rm *RuleManager) HasFinalApplicationProfile(pod *corev1.Pod) bool {
-	for _, c := range pod.Status.ContainerStatuses {
+	for _, c := range utils.GetContainerStatuses(pod.Status) {
 		ap := rm.objectCache.ApplicationProfileCache().GetApplicationProfile(utils.TrimRuntimePrefix(c.ContainerID))
 		if ap != nil {
 			if status, ok := ap.Annotations[helpersv1.StatusMetadataKey]; ok {

diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go
@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -661,3 +662,7 @@ func TrimRuntimePrefix(id string) string {
 
 	return parts[1]
 }
+
+func GetContainerStatuses(podStatus v1.PodStatus) []v1.ContainerStatus {
+	return slices.Concat(podStatus.ContainerStatuses, podStatus.InitContainerStatuses, podStatus.EphemeralContainerStatuses)
+}