diff --git a/README.md b/README.md index dda6465..766292f 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ It then inspects all of the volumes in the containers and looks for any volume w Supported workload types: * Pods +* ReplicaSets * Deployments * StatefulSets * DaemonSets diff --git a/main.go b/main.go index f8a89a7..b53fd2d 100644 --- a/main.go +++ b/main.go @@ -154,10 +154,11 @@ func runCluster(requestedNamespace string, w *tabwriter.Writer, verbose int) (bo func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset, w *tabwriter.Writer, verbose int) (bool, error) { - var sockFoundPod, sockFoundDeploy, sockFoundStatefulSet, sockFoundJob, sockFoundCron bool + sockFound := false namespaceName := namespace.ObjectMeta.Name + nsReplicasets := make(map[string]*appsv1.ReplicaSet) nsDeployments := make(map[string]*appsv1.Deployment) nsDaemonsets := make(map[string]*appsv1.DaemonSet) nsStatefulsets := make(map[string]*appsv1.StatefulSet) @@ -197,6 +198,11 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset, continue } + if len(replica.OwnerReferences) == 0 { + nsReplicasets[replica.Name] = replica + continue + } + deployment, deployErr := clientset.AppsV1().Deployments(namespace.Name).Get(context.TODO(), replica.OwnerReferences[0].Name, metav1.GetOptions{}) if deployErr != nil { errorList = append(errorList, deployErr) @@ -267,13 +273,28 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset, } } else { // Look up raw pods for volumes here - sockFoundPod = printVolumes(w, p.Spec.Volumes, namespaceName, "pod", p.Name, verbose) + found := printVolumes(w, p.Spec.Volumes, namespaceName, "pod", p.Name, verbose) + if found { + sockFound = true + } } } } + + // loop through all the unique ReplicaSets in the namespace + for _, replica := range nsReplicasets { + found := printVolumes(w, replica.Spec.Template.Spec.Volumes, namespaceName, "replicaset", replica.Name, verbose) + if found { + sockFound = true + } + } + // loop through all the unique deployments we found for volumes for _, deploy := range nsDeployments { - sockFoundDeploy = printVolumes(w, deploy.Spec.Template.Spec.Volumes, namespaceName, "deployment", deploy.Name, verbose) + found := printVolumes(w, deploy.Spec.Template.Spec.Volumes, namespaceName, "deployment", deploy.Name, verbose) + if found { + sockFound = true + } } // loop through all the unique DaemonSets in the namespace @@ -284,6 +305,7 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset, // fmt.Printf("testing %s\n", v.VolumeSource.HostPath.Path) if containsDockerSock(v.VolumeSource.HostPath.Path) { fmt.Fprintf(w, "%s\t%s\t%s\t%s\t\n", namespaceName, "daemonset", daemonset.Name, "mounted") + sockFound = true break } } @@ -296,27 +318,32 @@ func printResources(namespace corev1.Namespace, clientset *kubernetes.Clientset, // loop through all the unique StatefulSets in the namespace for _, statefulset := range nsStatefulsets { - sockFoundStatefulSet = printVolumes(w, statefulset.Spec.Template.Spec.Volumes, namespaceName, "statefulset", statefulset.Name, verbose) + found := printVolumes(w, statefulset.Spec.Template.Spec.Volumes, namespaceName, "statefulset", statefulset.Name, verbose) + if found { + sockFound = true + } } // loop through all the unique Jobs in the namespace for _, job := range nsJobs { - sockFoundJob = printVolumes(w, job.Spec.Template.Spec.Volumes, namespaceName, "job", job.Name, verbose) + found := printVolumes(w, job.Spec.Template.Spec.Volumes, namespaceName, "job", job.Name, verbose) + if found { + sockFound = true + } } // loop through all the unique CronJobs in the namespace for _, cron := range nsCronJobs { - sockFoundCron = printVolumes(w, cron.Spec.JobTemplate.Spec.Template.Spec.Volumes, namespaceName, "cron", cron.Name, verbose) + found := printVolumes(w, cron.Spec.JobTemplate.Spec.Template.Spec.Volumes, namespaceName, "cron", cron.Name, verbose) + if found { + sockFound = true + } } if len(errorList) > 0 { return false, utilerrors.NewAggregate(errorList) } - if sockFoundPod || sockFoundDeploy || sockFoundStatefulSet || sockFoundJob || sockFoundCron { - return true, nil - } else { - return false, nil - } + return sockFound, nil } func containsDockerSock(s string) bool { diff --git a/test/eksctl.yaml b/tests/eksctl.yaml similarity index 100% rename from test/eksctl.yaml rename to tests/eksctl.yaml diff --git a/test/manifests/docker-volume.cronjob.yaml b/tests/manifests/docker-volume.cronjob.yaml similarity index 100% rename from test/manifests/docker-volume.cronjob.yaml rename to tests/manifests/docker-volume.cronjob.yaml diff --git a/test/manifests/docker-volume.daemonset.yaml b/tests/manifests/docker-volume.daemonset.yaml similarity index 100% rename from test/manifests/docker-volume.daemonset.yaml rename to tests/manifests/docker-volume.daemonset.yaml diff --git a/test/manifests/docker-volume.deploy.test1.yaml b/tests/manifests/docker-volume.deploy.test1.yaml similarity index 100% rename from test/manifests/docker-volume.deploy.test1.yaml rename to tests/manifests/docker-volume.deploy.test1.yaml diff --git a/test/manifests/docker-volume.deploy.yaml b/tests/manifests/docker-volume.deploy.yaml similarity index 100% rename from test/manifests/docker-volume.deploy.yaml rename to tests/manifests/docker-volume.deploy.yaml diff --git a/test/manifests/docker-volume.job.yaml b/tests/manifests/docker-volume.job.yaml similarity index 100% rename from test/manifests/docker-volume.job.yaml rename to tests/manifests/docker-volume.job.yaml diff --git a/test/manifests/docker-volume.pod.kube-system.yaml b/tests/manifests/docker-volume.pod.kube-system.yaml similarity index 100% rename from test/manifests/docker-volume.pod.kube-system.yaml rename to tests/manifests/docker-volume.pod.kube-system.yaml diff --git a/tests/manifests/docker-volume.replicaset.yaml b/tests/manifests/docker-volume.replicaset.yaml new file mode 100644 index 0000000..6c6427b --- /dev/null +++ b/tests/manifests/docker-volume.replicaset.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: apps/v1 +kind: ReplicaSet +metadata: + name: replicaset-docker-volume + labels: + app: rs +spec: + replicas: 3 + selector: + matchLabels: + app: rs + template: + metadata: + labels: + app: rs + spec: + containers: + - name: pause + image: public.ecr.aws/eks-distro/kubernetes/pause:v1.21.5-eks-1-21-8 + ports: + - containerPort: 80 + volumeMounts: + - name: dockersock + mountPath: "/var/run/docker.sock" + volumes: + - name: dockersock + hostPath: + path: /var/run/docker.sock diff --git a/test/manifests/docker-volume.statefulset.yaml b/tests/manifests/docker-volume.statefulset.yaml similarity index 100% rename from test/manifests/docker-volume.statefulset.yaml rename to tests/manifests/docker-volume.statefulset.yaml diff --git a/test/manifests/empty-volume.pod.yaml b/tests/manifests/empty-volume.pod.yaml similarity index 100% rename from test/manifests/empty-volume.pod.yaml rename to tests/manifests/empty-volume.pod.yaml diff --git a/test/manifests/no-volume.deploy.yaml b/tests/manifests/no-volume.deploy.yaml similarity index 100% rename from test/manifests/no-volume.deploy.yaml rename to tests/manifests/no-volume.deploy.yaml