/
ds.go
134 lines (114 loc) Β· 3.42 KB
/
ds.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Popeye
package sanitize
import (
"context"
"github.com/derailed/popeye/internal"
"github.com/derailed/popeye/internal/client"
"github.com/derailed/popeye/internal/issues"
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
)
type (
// DaemonSet tracks DaemonSet sanitization.
DaemonSet struct {
*issues.Collector
DaemonSetLister
}
// DaemonLister list DaemonSets.
DaemonLister interface {
ListDaemonSets() map[string]*appsv1.DaemonSet
ListServiceAccounts() map[string]*v1.ServiceAccount
}
// DaemonSetLister list available DaemonSets on a cluster.
DaemonSetLister interface {
PodLimiter
PodsMetricsLister
PodSelectorLister
ConfigLister
DaemonLister
}
)
// NewDaemonSet returns a new sanitizer.
func NewDaemonSet(co *issues.Collector, lister DaemonSetLister) *DaemonSet {
return &DaemonSet{
Collector: co,
DaemonSetLister: lister,
}
}
// Sanitize cleanse the resource.
func (d *DaemonSet) Sanitize(ctx context.Context) error {
over := pullOverAllocs(ctx)
for fqn, ds := range d.ListDaemonSets() {
d.InitOutcome(fqn)
ctx = internal.WithFQN(ctx, fqn)
d.checkDaemonSet(ctx, ds)
d.checkDeprecation(ctx, ds)
d.checkContainers(ctx, ds.Spec.Template.Spec)
pmx := client.PodsMetrics{}
podsMetrics(d, pmx)
d.checkUtilization(ctx, over, ds, pmx)
if d.NoConcerns(fqn) && d.Config.ExcludeFQN(internal.MustExtractSectionGVR(ctx), fqn) {
d.ClearOutcome(fqn)
}
}
return nil
}
func (d *DaemonSet) checkDaemonSet(ctx context.Context, ds *appsv1.DaemonSet) {
if ds.Spec.Template.Spec.ServiceAccountName == "" {
return
}
if _, ok := d.ListServiceAccounts()[client.FQN(ds.Namespace, ds.Spec.Template.Spec.ServiceAccountName)]; !ok {
d.AddCode(ctx, 507, ds.Spec.Template.Spec.ServiceAccountName)
}
}
func (d *DaemonSet) checkDeprecation(ctx context.Context, ds *appsv1.DaemonSet) {
const current = "apps/v1"
rev, err := resourceRev(internal.MustExtractFQN(ctx), "DaemonSet", ds.Annotations)
if err != nil {
if rev = revFromLink(ds.SelfLink); rev == "" {
return
}
}
if rev != current {
d.AddCode(ctx, 403, "DaemonSet", rev, current)
}
}
// CheckContainers runs thru deployment template and checks pod configuration.
func (d *DaemonSet) checkContainers(ctx context.Context, spec v1.PodSpec) {
c := NewContainer(internal.MustExtractFQN(ctx), d)
for _, co := range spec.InitContainers {
c.sanitize(ctx, co, false)
}
for _, co := range spec.Containers {
c.sanitize(ctx, co, false)
}
}
// CheckUtilization checks deployments requested resources vs current utilization.
func (d *DaemonSet) checkUtilization(ctx context.Context, over bool, ds *appsv1.DaemonSet, pmx client.PodsMetrics) {
mx := d.daemonsetUsage(ds, pmx)
if mx.RequestCPU.IsZero() && mx.RequestMEM.IsZero() {
return
}
checkCPU(ctx, d, over, mx)
checkMEM(ctx, d, over, mx)
}
// DaemonSetUsage finds deployment running pods and compute current vs requested resource usage.
func (d *DaemonSet) daemonsetUsage(ds *appsv1.DaemonSet, pmx client.PodsMetrics) ConsumptionMetrics {
var mx ConsumptionMetrics
for pfqn, pod := range d.ListPodsBySelector(ds.Namespace, ds.Spec.Selector) {
cpu, mem := computePodResources(pod.Spec)
mx.QOS = pod.Status.QOSClass
mx.RequestCPU.Add(cpu)
mx.RequestMEM.Add(mem)
ccx, ok := pmx[pfqn]
if !ok {
continue
}
for _, cx := range ccx {
mx.CurrentCPU.Add(cx.CurrentCPU)
mx.CurrentMEM.Add(cx.CurrentMEM)
}
}
return mx
}