Skip to content

Commit

Permalink
Merge pull request #78 from kubescape/volumes_functions
Browse files Browse the repository at this point in the history 
workload volume functions
  • Loading branch information
@kooomix
kooomix committed Oct 24, 2023
2 parents df95b95 + 22b5568 commit f3bf751
Show file tree
Hide file tree
Showing 4 changed files with 360 additions and 17 deletions.
134 changes: 134 additions & 0 deletions workloadinterface/testdata/workloadmethods/podmountnohostvolume.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2023-08-08T13:15:52Z",
"generateName": "mysql-8664b6d846-",
"labels": {
"app": "mysql",
"pod-template-hash": "8664b6d846"
},
"name": "mysql-8664b6d846-zfwhm",
"namespace": "default",
"ownerReferences": [
{
"apiVersion": "apps/v1",
"blockOwnerDeletion": true,
"controller": true,
"kind": "ReplicaSet",
"name": "mysql-8664b6d846",
"uid": "617a9d8f-4344-4db7-a92d-1938091f0eb4"
}
],
"resourceVersion": "973",
"uid": "f8d132f1-7fc0-44ff-ae3f-39bf5622876e"
},
"spec": {
"containers": [
{
"name": "mysql",
"image": "mysql:5.6",
"ports": [
{
"name": "mysql",
"containerPort": 3306,
"protocol": "TCP"
}
],
"env": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "XXXXXX"
}
],
"resources": {},
"volumeMounts": [
{
"name": "mysql-persistent-storage",
"mountPath": "/var/lib/mysql"
},
{
"name": "kube-api-access-f9l29",
"readOnly": true,
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"dnsPolicy": "ClusterFirst",
"enableServiceLinks": true,
"nodeName": "minikube",
"preemptionPolicy": "PreemptLowerPriority",
"priority": 0,
"restartPolicy": "Always",
"schedulerName": "default-scheduler",
"securityContext": {},
"serviceAccount": "default",
"serviceAccountName": "default",
"terminationGracePeriodSeconds": 30,
"tolerations": [
{
"effect": "NoExecute",
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"tolerationSeconds": 300
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"tolerationSeconds": 300
}
],
"volumes": [
{
"emptyDir": {
"sizeLimit": "1Gi"
},
"name": "mysql-persistent-storage"
},
{
"name": "kube-api-access-f9l29",
"projected": {
"defaultMode": 420,
"sources": [
{
"serviceAccountToken": {
"expirationSeconds": 3607,
"path": "token"
}
},
{
"configMap": {
"items": [
{
"key": "ca.crt",
"path": "ca.crt"
}
],
"name": "kube-root-ca.crt"
}
},
{
"downwardAPI": {
"items": [
{
"fieldRef": {
"apiVersion": "v1",
"fieldPath": "metadata.namespace"
},
"path": "namespace"
}
]
}
}
]
}
}
]
}

}
138 changes: 138 additions & 0 deletions workloadinterface/testdata/workloadmethods/podmountwithvolume.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2023-08-08T13:15:52Z",
"generateName": "mysql-8664b6d846-",
"labels": {
"app": "mysql",
"pod-template-hash": "8664b6d846"
},
"name": "mysql-8664b6d846-zfwhm",
"namespace": "default",
"ownerReferences": [
{
"apiVersion": "apps/v1",
"blockOwnerDeletion": true,
"controller": true,
"kind": "ReplicaSet",
"name": "mysql-8664b6d846",
"uid": "617a9d8f-4344-4db7-a92d-1938091f0eb4"
}
],
"resourceVersion": "973",
"uid": "f8d132f1-7fc0-44ff-ae3f-39bf5622876e"
},
"spec": {
"containers": [
{
"name": "mysql",
"image": "mysql:5.6",
"ports": [
{
"name": "mysql",
"containerPort": 3306,
"protocol": "TCP"
}
],
"env": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "XXXXXX"
}
],
"resources": {},
"volumeMounts": [
{
"name": "mysql-persistent-storage",
"mountPath": "/var/lib/mysql"
},
{
"name": "kube-api-access-f9l29",
"readOnly": true,
"mountPath": "/var/run/secrets/kubernetes.io/serviceaccount"
}
],
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"dnsPolicy": "ClusterFirst",
"enableServiceLinks": true,
"nodeName": "minikube",
"preemptionPolicy": "PreemptLowerPriority",
"priority": 0,
"restartPolicy": "Always",
"schedulerName": "default-scheduler",
"securityContext": {},
"serviceAccount": "default",
"serviceAccountName": "default",
"terminationGracePeriodSeconds": 30,
"tolerations": [
{
"effect": "NoExecute",
"key": "node.kubernetes.io/not-ready",
"operator": "Exists",
"tolerationSeconds": 300
},
{
"effect": "NoExecute",
"key": "node.kubernetes.io/unreachable",
"operator": "Exists",
"tolerationSeconds": 300
}
],
"volumes": [
{
"emptyDir": {
"sizeLimit": "1Gi"
},
"name": "mysql-persistent-storage",
"hostPath": {
"path": "/var/lib/storage",
"type": "Storage"
}
},
{
"name": "kube-api-access-f9l29",
"projected": {
"defaultMode": 420,
"sources": [
{
"serviceAccountToken": {
"expirationSeconds": 3607,
"path": "token"
}
},
{
"configMap": {
"items": [
{
"key": "ca.crt",
"path": "ca.crt"
}
],
"name": "kube-root-ca.crt"
}
},
{
"downwardAPI": {
"items": [
{
"fieldRef": {
"apiVersion": "v1",
"fieldPath": "metadata.namespace"
},
"path": "namespace"
}
]
}
}
]
}
}
]
}

}
43 changes: 26 additions & 17 deletions workloadinterface/workloadmethods.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package workloadinterface

import (
"encoding/json"
"errors"
"fmt"
"strconv"
"strings"
Expand All @@ -10,6 +11,7 @@ import (
"github.com/armosec/utils-k8s-go/armometadata"
wlidpkg "github.com/armosec/utils-k8s-go/wlid"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/utils/strings/slices"
Expand Down Expand Up @@ -400,23 +402,6 @@ func (w *Workload) GetAnnotations() map[string]string {
return nil
}

// GetVolumes -
func (w *Workload) GetVolumes() ([]corev1.Volume, error) {
volumes := []corev1.Volume{}

interVolumes, _ := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "volumes")...)
if interVolumes == nil {
return volumes, nil
}
volumesBytes, err := json.Marshal(interVolumes)
if err != nil {
return volumes, err
}
err = json.Unmarshal(volumesBytes, &volumes)

return volumes, err
}

func (w *Workload) GetServiceAccountName() string {

if v, ok := InspectWorkload(w.workload, append(PodSpec(w.GetKind()), "serviceAccountName")...); ok && v != nil {
Expand Down Expand Up @@ -691,3 +676,27 @@ func (w *Workload) GetPodStatus() (*corev1.PodStatus, error) {
}
return &status, nil
}

// GetHostVolumes returns all host volumes of the workload
func (w *Workload) GetVolumes() ([]v1.Volume, error) {
podSpec, err := w.GetPodSpec()
if err != nil {
return nil, err
}

return podSpec.Volumes, nil
}

// GetSpecPathPrefix returns the path prefix of the workload spec
func (w *Workload) GetSpecPath() (string, error) {
switch w.GetKind() {
case "Pod":
return "spec", nil
case "Deployment", "ReplicaSet", "DaemonSet", "StatefulSet", "Job":
return "spec.template.spec", nil
case "CronJob":
return "spec.jobTemplate.spec.template.spec", nil
default:
return "", errors.New("unsupported workload kind")
}
}
Loading

0 comments on commit f3bf751

Please sign in to comment.