-
Notifications
You must be signed in to change notification settings - Fork 51
/
helpers.go
83 lines (64 loc) · 1.85 KB
/
helpers.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package dockermonitor
import (
"go.aporeto.io/trireme-lib/common"
"go.aporeto.io/trireme-lib/monitor/constants"
"go.aporeto.io/trireme-lib/policy"
"go.uber.org/zap"
)
// getPausePUID returns puid of pause container.
func getPausePUID(extensions policy.ExtendedMap) string {
if extensions == nil {
return ""
}
if puid, ok := extensions.Get(constants.DockerHostPUID); ok {
zap.L().Debug("puid of pause container is", zap.String("puid", puid))
return puid
}
return ""
}
// PolicyExtensions retrieves policy extensions
func policyExtensions(runtime policy.RuntimeReader) (extensions policy.ExtendedMap) {
if runtime == nil {
return nil
}
if runtime.Options().PolicyExtensions == nil {
return nil
}
if extensions, ok := runtime.Options().PolicyExtensions.(policy.ExtendedMap); ok {
return extensions
}
return nil
}
// IsHostNetworkContainer returns true if container has hostnetwork set
// to true or is linked to container with hostnetwork set to true.
func isHostNetworkContainer(runtime policy.RuntimeReader) bool {
return runtime.PUType() == common.LinuxProcessPU || (getPausePUID(policyExtensions(runtime)) != "")
}
// IsKubernetesContainer checks if the container is in K8s.
func isKubernetesContainer(labels map[string]string) bool {
if _, ok := labels[constants.K8sPodNamespace]; ok {
return true
}
return false
}
// KubePodIdentifier returns identifier for K8s pod.
func kubePodIdentifier(labels map[string]string) string {
if !isKubernetesContainer(labels) {
return ""
}
podName := ""
podNamespace := ""
podNamespace, ok := labels[constants.K8sPodNamespace]
if !ok {
podNamespace = ""
}
podName, ok = labels[constants.K8sPodName]
if !ok {
podName = ""
}
if podName == "" || podNamespace == "" {
zap.L().Warn("K8s pod does not have podname/podnamespace labels")
return ""
}
return podNamespace + "/" + podName
}