chore(main): release 0.3.11 (#552)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

.github/workflows/build_container.yaml

@@ -74,7 +74,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2
+        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2
 
       - name: Build Docker Image
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4
@@ -126,7 +126,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2
+        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2
 
       - name: Build Docker Image
         uses: docker/build-push-action@2eb1c1961a95fc15694676618e422e8ba1d63825 # v4

.github/workflows/release.yaml

@@ -80,7 +80,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@16c0bc4a6e6ada2cfd8afd41d22d95379cf7c32a # v2
+        uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2

.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.3.10"}
+{".":"0.3.11"}

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## [0.3.11](https://github.com/k8sgpt-ai/k8sgpt/compare/v0.3.10...v0.3.11) (2023-07-14)
+
+
+### Features
+
+* admission webhooks ([#553](https://github.com/k8sgpt-ai/k8sgpt/issues/553)) ([06e8532](https://github.com/k8sgpt-ai/k8sgpt/commit/06e8532f88616a988a4e41ed8cdac62cf0f243a5))
+
+
+### Other
+
+* **deps:** update docker/setup-buildx-action digest to 4c0219f ([#547](https://github.com/k8sgpt-ai/k8sgpt/issues/547)) ([1a3f299](https://github.com/k8sgpt-ai/k8sgpt/commit/1a3f2992108e857f8c8c07eff16599d00b50110e))
+
 ## [0.3.10](https://github.com/k8sgpt-ai/k8sgpt/compare/v0.3.9...v0.3.10) (2023-07-12)
 
 

README.md

@@ -34,7 +34,7 @@ brew install k8sgpt
   **32 bit:**
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_386.rpm
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_386.rpm
   sudo rpm -ivh k8sgpt_386.rpm
   ```
   <!---x-release-please-end-->
@@ -43,7 +43,7 @@ brew install k8sgpt
 
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_amd64.rpm
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_amd64.rpm
   sudo rpm -ivh -i k8sgpt_amd64.rpm
   ```
   <!---x-release-please-end-->
@@ -55,7 +55,7 @@ brew install k8sgpt
   **32 bit:**
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_386.deb
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_386.deb
   sudo dpkg -i k8sgpt_386.deb
   ```
   <!---x-release-please-end-->
@@ -63,7 +63,7 @@ brew install k8sgpt
 
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_amd64.deb
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_amd64.deb
   sudo dpkg -i k8sgpt_amd64.deb
   ```
   <!---x-release-please-end-->
@@ -76,14 +76,14 @@ brew install k8sgpt
   **32 bit:**
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_386.apk
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_386.apk
   apk add k8sgpt_386.apk
   ```
   <!---x-release-please-end-->
   **64 bit:**
   <!---x-release-please-start-version-->
   ```
-  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.10/k8sgpt_amd64.apk
+  curl -LO https://github.com/k8sgpt-ai/k8sgpt/releases/download/v0.3.11/k8sgpt_amd64.apk
   apk add k8sgpt_amd64.apk
   ```
   <!---x-release-please-end-->x

pkg/analyzer/analyzer.go

@@ -32,17 +32,17 @@ var (
 )
 
 var coreAnalyzerMap = map[string]common.IAnalyzer{
-	"Pod":                   PodAnalyzer{},
-	"Deployment":            DeploymentAnalyzer{},
-	"ReplicaSet":            ReplicaSetAnalyzer{},
-	"PersistentVolumeClaim": PvcAnalyzer{},
-	"Service":               ServiceAnalyzer{},
-	"Ingress":               IngressAnalyzer{},
-	"StatefulSet":           StatefulSetAnalyzer{},
-	"CronJob":               CronJobAnalyzer{},
-	"Node":                  NodeAnalyzer{},
-	"ValidatingWebhook":     ValidatingWebhookAnalyzer{},
-	"MutatingWebhook":       MutatingWebhookAnalyzer{},
+	"Pod":                            PodAnalyzer{},
+	"Deployment":                     DeploymentAnalyzer{},
+	"ReplicaSet":                     ReplicaSetAnalyzer{},
+	"PersistentVolumeClaim":          PvcAnalyzer{},
+	"Service":                        ServiceAnalyzer{},
+	"Ingress":                        IngressAnalyzer{},
+	"StatefulSet":                    StatefulSetAnalyzer{},
+	"CronJob":                        CronJobAnalyzer{},
+	"Node":                           NodeAnalyzer{},
+	"ValidatingWebhookConfiguration": ValidatingWebhookAnalyzer{},
+	"MutatingWebhookConfiguration":   MutatingWebhookAnalyzer{},
 }
 
 var additionalAnalyzerMap = map[string]common.IAnalyzer{

pkg/analyzer/mutating_webhook.go

@@ -54,14 +54,51 @@ func (MutatingWebhookAnalyzer) Analyze(a common.Analyzer) ([]common.Result, erro
 			var failures []common.Failure
 
 			svc := webhook.ClientConfig.Service
-			pods, err := a.Client.GetClient().CoreV1().Pods(a.Namespace).List(context.Background(), v1.ListOptions{})
+			// Get the service
+			service, err := a.Client.GetClient().CoreV1().Services(svc.Namespace).Get(context.Background(), svc.Name, v1.GetOptions{})
+			if err != nil {
+				// If the service is not found, we can't check the pods
+				failures = append(failures, common.Failure{
+					Text:          fmt.Sprintf("Service %s not found as mapped to by Mutating Webhook %s", svc.Name, webhook.Name),
+					KubernetesDoc: apiDoc.GetApiDocV2("spec.webhook.clientConfig.service"),
+					Sensitive: []common.Sensitive{
+						{
+							Unmasked: webhookConfig.Namespace,
+							Masked:   util.MaskString(webhookConfig.Namespace),
+						},
+						{
+							Unmasked: svc.Name,
+							Masked:   util.MaskString(svc.Name),
+						},
+					},
+				})
+				continue
+			}
+
+			// Get pods within service
+			pods, err := a.Client.GetClient().CoreV1().Pods(svc.Namespace).List(context.Background(), v1.ListOptions{
+				LabelSelector: util.MapToString(service.Spec.Selector),
+			})
 			if err != nil {
 				return nil, err
 			}
-			for _, pod := range pods.Items {
-				if pod.Name != svc.Name || pod.Namespace != svc.Namespace || pod.Status.Phase != "Running" {
-					doc := apiDoc.GetApiDocV2("spec.webhook")
 
+			if len(pods.Items) == 0 {
+				failures = append(failures, common.Failure{
+					Text:          fmt.Sprintf("No active pods found within service %s as mapped to by Mutating Webhook %s", svc.Name, webhook.Name),
+					KubernetesDoc: apiDoc.GetApiDocV2("spec.webhook.clientConfig.service"),
+					Sensitive: []common.Sensitive{
+						{
+							Unmasked: webhookConfig.Namespace,
+							Masked:   util.MaskString(webhookConfig.Namespace),
+						},
+					},
+				})
+
+			}
+			for _, pod := range pods.Items {
+				if pod.Status.Phase != "Running" {
+					doc := apiDoc.GetApiDocV2("spec.webhook")
 					failures = append(failures, common.Failure{
 						Text: fmt.Sprintf(
 							"Mutating Webhook (%s) is pointing to an inactive receiver pod (%s)",
@@ -85,13 +122,13 @@ func (MutatingWebhookAnalyzer) Analyze(a common.Analyzer) ([]common.Result, erro
 						},
 					})
 				}
-				if len(failures) > 0 {
-					preAnalysis[fmt.Sprintf("%s/%s", webhookConfig.Namespace, webhook.Name)] = common.PreAnalysis{
-						MutatingWebhook: webhookConfig,
-						FailureDetails:  failures,
-					}
-					AnalyzerErrorsMetric.WithLabelValues(kind, webhook.Name, webhookConfig.Namespace).Set(float64(len(failures)))
+			}
+			if len(failures) > 0 {
+				preAnalysis[fmt.Sprintf("%s/%s", webhookConfig.Namespace, webhook.Name)] = common.PreAnalysis{
+					MutatingWebhook: webhookConfig,
+					FailureDetails:  failures,
 				}
+				AnalyzerErrorsMetric.WithLabelValues(kind, webhook.Name, webhookConfig.Namespace).Set(float64(len(failures)))
 			}
 		}
 	}

pkg/analyzer/validating_webhook.go

@@ -53,14 +53,51 @@ func (ValidatingWebhookAnalyzer) Analyze(a common.Analyzer) ([]common.Result, er
 			var failures []common.Failure
 
 			svc := webhook.ClientConfig.Service
-			pods, err := a.Client.GetClient().CoreV1().Pods(a.Namespace).List(context.Background(), v1.ListOptions{})
+			// Get the service
+			service, err := a.Client.GetClient().CoreV1().Services(svc.Namespace).Get(context.Background(), svc.Name, v1.GetOptions{})
+			if err != nil {
+				// If the service is not found, we can't check the pods
+				failures = append(failures, common.Failure{
+					Text:          fmt.Sprintf("Service %s not found as mapped to by Validating Webhook %s", svc.Name, webhook.Name),
+					KubernetesDoc: apiDoc.GetApiDocV2("spec.webhook.clientConfig.service"),
+					Sensitive: []common.Sensitive{
+						{
+							Unmasked: webhookConfig.Namespace,
+							Masked:   util.MaskString(webhookConfig.Namespace),
+						},
+						{
+							Unmasked: svc.Name,
+							Masked:   util.MaskString(svc.Name),
+						},
+					},
+				})
+				continue
+			}
+
+			// Get pods within service
+			pods, err := a.Client.GetClient().CoreV1().Pods(svc.Namespace).List(context.Background(), v1.ListOptions{
+				LabelSelector: util.MapToString(service.Spec.Selector),
+			})
 			if err != nil {
 				return nil, err
 			}
-			for _, pod := range pods.Items {
-				if pod.Name != svc.Name || pod.Namespace != svc.Namespace || pod.Status.Phase != "Running" {
-					doc := apiDoc.GetApiDocV2("spec.webhook")
 
+			if len(pods.Items) == 0 {
+				failures = append(failures, common.Failure{
+					Text:          fmt.Sprintf("No active pods found within service %s as mapped to by Validating Webhook %s", svc.Name, webhook.Name),
+					KubernetesDoc: apiDoc.GetApiDocV2("spec.webhook.clientConfig.service"),
+					Sensitive: []common.Sensitive{
+						{
+							Unmasked: webhookConfig.Namespace,
+							Masked:   util.MaskString(webhookConfig.Namespace),
+						},
+					},
+				})
+
+			}
+			for _, pod := range pods.Items {
+				if pod.Status.Phase != "Running" {
+					doc := apiDoc.GetApiDocV2("spec.webhook")
 					failures = append(failures, common.Failure{
 						Text: fmt.Sprintf(
 							"Validating Webhook (%s) is pointing to an inactive receiver pod (%s)",
@@ -84,13 +121,13 @@ func (ValidatingWebhookAnalyzer) Analyze(a common.Analyzer) ([]common.Result, er
 						},
 					})
 				}
-				if len(failures) > 0 {
-					preAnalysis[fmt.Sprintf("%s/%s", webhookConfig.Namespace, webhook.Name)] = common.PreAnalysis{
-						ValidatingWebhook: webhookConfig,
-						FailureDetails:    failures,
-					}
-					AnalyzerErrorsMetric.WithLabelValues(kind, webhook.Name, webhookConfig.Namespace).Set(float64(len(failures)))
+			}
+			if len(failures) > 0 {
+				preAnalysis[fmt.Sprintf("%s/%s", webhookConfig.Namespace, webhook.Name)] = common.PreAnalysis{
+					ValidatingWebhook: webhookConfig,
+					FailureDetails:    failures,
 				}
+				AnalyzerErrorsMetric.WithLabelValues(kind, webhook.Name, webhookConfig.Namespace).Set(float64(len(failures)))
 			}
 		}
 	}

pkg/util/util.go

@@ -211,3 +211,11 @@ func EnsureDirExists(dir string) error {
 
 	return err
 }
+
+func MapToString(m map[string]string) string {
+	var result string
+	for k, v := range m {
+		result += fmt.Sprintf("%s=%s,", k, v)
+	}
+	return result[:len(result)-1]
+}