fix logic for missing kubearmor-relay deployment

Signed-off-by: Ankur Kothiwal <ankur.kothiwal99@gmail.com>
accuknox · Apr 6, 2023 · 8168adb · 8168adb
1 parent ce80984
commit 8168adb
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/src/cluster/k8sClientHandler.go b/src/cluster/k8sClientHandler.go
@@ -491,7 +491,8 @@ func GetKubearmorRelayURL() string {
 		log.Error().Msg(err.Error())
 		return ""
 	}
-	if pods == nil {
+	if pods == nil || len(pods.Items) == 0 {
+		log.Error().Msgf("Unable to find kubearmor-relay")
 		return ""
 	}
 	namespace = pods.Items[0].Namespace

diff --git a/src/plugin/kubearmor.go b/src/plugin/kubearmor.go
@@ -19,6 +19,7 @@ import (
 	"github.com/accuknox/auto-policy-discovery/src/types"
 	pb "github.com/kubearmor/KubeArmor/protobuf"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials/insecure"
 )
 
 // Global Variable
@@ -313,21 +314,26 @@ func ConvertKubeArmorLogToKnoxSystemLog(relayLog *pb.Alert) (types.KnoxSystemLog
 func ConnectKubeArmorRelay(cfg types.ConfigKubeArmorRelay) *grpc.ClientConn {
 	addr := net.JoinHostPort(cfg.KubeArmorRelayURL, cfg.KubeArmorRelayPort)
 
-	conn, err := grpc.Dial(addr, grpc.WithInsecure())
+	// Check for kubearmor-relay with 30s timeout
+	ctx, cf1 := context.WithTimeout(context.Background(), time.Second*30)
+	defer cf1()
+
+	// Blocking grpc Dial: in case of a bad connection, fails with timeout
+	conn, err := grpc.DialContext(ctx, addr, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock())
 	if err != nil {
-		log.Error().Msg("err connecting kubearmor relay. " + err.Error())
+		log.Error().Msg("Error connecting kubearmor relay: " + err.Error())
 		return nil
 	}
 
-	log.Info().Msg("connected to kubearmor relay " + addr)
+	log.Info().Msg("Connected to kubearmor relay " + addr)
 	return conn
 }
 
 func GetSystemAlertsFromKubeArmorRelay(trigger int) []*pb.Alert {
 	results := []*pb.Alert{}
 	KubeArmorRelayLogsMutex.Lock()
 	if len(KubeArmorRelayLogs) == 0 {
-		log.Info().Msgf("KubeArmor Relay traffic flow not exist")
+		log.Info().Msgf("KubeArmor Relay traffic flow does not exist")
 		KubeArmorRelayLogsMutex.Unlock()
 		return results
 	}

diff --git a/src/systempolicy/systemPolicy.go b/src/systempolicy/systemPolicy.go
@@ -1464,6 +1464,17 @@ func StartSystemLogRcvr() {
 	for {
 		if cfg.GetCfgSystemLogFrom() == "kubearmor" {
 			url := cluster.GetKubearmorRelayURL()
+			if url == "" {
+				log.Error().Msg("kubearmor-relay url not found, retrying...")
+				for i := 0; i < 6; i++ {
+					time.Sleep(10 * time.Second)
+					url = cluster.GetKubearmorRelayURL()
+					if url != "" {
+						break
+					}
+				}
+				return
+			}
 			plugin.StartKubeArmorRelay(SystemStopChan, types.ConfigKubeArmorRelay{
 				KubeArmorRelayURL:  url,
 				KubeArmorRelayPort: cfg.CurrentCfg.ConfigKubeArmorRelay.KubeArmorRelayPort,