mirror of
https://github.com/k8sgpt-ai/k8sgpt.git
synced 2025-06-26 15:34:03 +00:00
eb3b81f176
* feat: fix the custom-analysis printing (#1195) Signed-off-by: Alex Jones <alexsimonjones@gmail.com> Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * feat: add label selector Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * feat: add label selector on analyzers Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * chore(deps): pin goreleaser/goreleaser-action action to 286f3b1 (#1171) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * fix(deps): update module buf.build/gen/go/k8sgpt-ai/k8sgpt/grpc/go to v1.4.0-20240715142657-3785f0a44aae.2 (#1196) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * chore(deps): update actions/upload-artifact digest to 0b2256b (#1175) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * chore: update proto pkg version Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * chore: fix typo Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * feat: add label string to LabelSelector util func Signed-off-by: JuHyung-Son <sonju0427@gmail.com> * feat: add test using 2 label selector Signed-off-by: JuHyung-Son <sonju0427@gmail.com> --------- Signed-off-by: Alex Jones <alexsimonjones@gmail.com> Signed-off-by: JuHyung-Son <sonju0427@gmail.com> Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: JuHyung Son <sonju0427@gmail.com> Co-authored-by: Alex Jones <alexsimonjones@gmail.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
233 lines
7.0 KiB
Go
233 lines
7.0 KiB
Go
/*
|
|
Copyright 2023 The K8sGPT Authors.
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package analyzer
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/k8sgpt-ai/k8sgpt/pkg/common"
|
|
"github.com/k8sgpt-ai/k8sgpt/pkg/util"
|
|
corev1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/api/errors"
|
|
ctrl "sigs.k8s.io/controller-runtime/pkg/client"
|
|
gtwapi "sigs.k8s.io/gateway-api/apis/v1"
|
|
)
|
|
|
|
type HTTPRouteAnalyzer struct{}
|
|
|
|
// Gateway analyser will analyse all different Kinds and search for missing object dependencies
|
|
func (HTTPRouteAnalyzer) Analyze(a common.Analyzer) ([]common.Result, error) {
|
|
|
|
kind := "HTTPRoute"
|
|
AnalyzerErrorsMetric.DeletePartialMatch(map[string]string{
|
|
"analyzer_name": kind,
|
|
})
|
|
|
|
routeList := >wapi.HTTPRouteList{}
|
|
gtw := >wapi.Gateway{}
|
|
service := &corev1.Service{}
|
|
client := a.Client.CtrlClient
|
|
err := gtwapi.AddToScheme(client.Scheme())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
labelSelector := util.LabelStrToSelector(a.LabelSelector)
|
|
if err := client.List(a.Context, routeList, &ctrl.ListOptions{LabelSelector: labelSelector}); err != nil {
|
|
return nil, err
|
|
}
|
|
var preAnalysis = map[string]common.PreAnalysis{}
|
|
|
|
// Find all unhealthy gateway Classes
|
|
for _, route := range routeList.Items {
|
|
var failures []common.Failure
|
|
|
|
// Check if Gateways exists in the same or designated namespace
|
|
// TODO: when meshes and ClusterIp options are adopted we can add more checks
|
|
// e.g Service Port matching
|
|
for _, gtwref := range route.Spec.ParentRefs {
|
|
namespace := route.Namespace
|
|
if gtwref.Namespace != nil {
|
|
namespace = string(*gtwref.Namespace)
|
|
}
|
|
err := client.Get(a.Context, ctrl.ObjectKey{Namespace: namespace, Name: string(gtwref.Name)}, gtw, &ctrl.GetOptions{})
|
|
if errors.IsNotFound(err) {
|
|
failures = append(failures, common.Failure{
|
|
Text: fmt.Sprintf(
|
|
"HTTPRoute uses the Gateway '%s/%s' which does not exist in the same namespace.",
|
|
namespace,
|
|
gtwref.Name,
|
|
),
|
|
Sensitive: []common.Sensitive{
|
|
{
|
|
Unmasked: gtw.Namespace,
|
|
Masked: util.MaskString(gtw.Namespace),
|
|
},
|
|
{
|
|
Unmasked: gtw.Name,
|
|
Masked: util.MaskString(gtw.Name),
|
|
},
|
|
},
|
|
})
|
|
} else {
|
|
// Check if the aforementioned Gateway allows the HTTPRoutes from the route's namespace
|
|
for _, listener := range gtw.Spec.Listeners {
|
|
if listener.AllowedRoutes.Namespaces != nil {
|
|
switch allow := listener.AllowedRoutes.Namespaces.From; {
|
|
case *allow == gtwapi.NamespacesFromSame:
|
|
// check if Gateway is in the same namespace
|
|
if route.Namespace != gtw.Namespace {
|
|
failures = append(failures, common.Failure{
|
|
Text: fmt.Sprintf("HTTPRoute '%s/%s' is deployed in a different namespace from Gateway '%s/%s' which only allows HTTPRoutes from its namespace.",
|
|
route.Namespace,
|
|
route.Name,
|
|
gtw.Namespace,
|
|
gtw.Name,
|
|
),
|
|
Sensitive: []common.Sensitive{
|
|
{
|
|
Unmasked: route.Namespace,
|
|
Masked: util.MaskString(route.Namespace),
|
|
},
|
|
{
|
|
Unmasked: route.Name,
|
|
Masked: util.MaskString(route.Name),
|
|
},
|
|
{
|
|
Unmasked: gtw.Namespace,
|
|
Masked: util.MaskString(gtw.Namespace),
|
|
},
|
|
{
|
|
Unmasked: gtw.Name,
|
|
Masked: util.MaskString(gtw.Name),
|
|
},
|
|
},
|
|
})
|
|
}
|
|
case *allow == gtwapi.NamespacesFromSelector:
|
|
// check if our route include the same selector Label
|
|
if !util.LabelsIncludeAny(listener.AllowedRoutes.Namespaces.Selector.MatchLabels, route.Labels) {
|
|
failures = append(failures, common.Failure{
|
|
Text: fmt.Sprintf(
|
|
"HTTPRoute '%s/%s' can't be attached on Gateway '%s/%s', selector labels do not match HTTProute's labels.",
|
|
route.Namespace,
|
|
route.Name,
|
|
gtw.Namespace,
|
|
gtw.Name,
|
|
),
|
|
Sensitive: []common.Sensitive{
|
|
{
|
|
Unmasked: route.Namespace,
|
|
Masked: util.MaskString(route.Namespace),
|
|
},
|
|
{
|
|
Unmasked: route.Name,
|
|
Masked: util.MaskString(route.Name),
|
|
},
|
|
{
|
|
Unmasked: gtw.Namespace,
|
|
Masked: util.MaskString(gtw.Namespace),
|
|
},
|
|
{
|
|
Unmasked: gtw.Name,
|
|
Masked: util.MaskString(gtw.Name),
|
|
},
|
|
},
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
// Check if the Backends are valid services and ports are matching with services Ports
|
|
for _, rule := range route.Spec.Rules {
|
|
for _, backend := range rule.BackendRefs {
|
|
err := client.Get(a.Context, ctrl.ObjectKey{Namespace: route.Namespace, Name: string(backend.Name)}, service, &ctrl.GetOptions{})
|
|
if errors.IsNotFound(err) {
|
|
failures = append(failures, common.Failure{
|
|
Text: fmt.Sprintf(
|
|
"HTTPRoute uses the Service '%s/%s' which does not exist.",
|
|
route.Namespace,
|
|
backend.Name,
|
|
),
|
|
Sensitive: []common.Sensitive{
|
|
{
|
|
Unmasked: service.Namespace,
|
|
Masked: util.MaskString(service.Namespace),
|
|
},
|
|
{
|
|
Unmasked: service.Name,
|
|
Masked: util.MaskString(service.Name),
|
|
},
|
|
},
|
|
})
|
|
} else {
|
|
portMatch := false
|
|
for _, svcPort := range service.Spec.Ports {
|
|
if int32(*backend.Port) == svcPort.Port {
|
|
portMatch = true
|
|
}
|
|
}
|
|
if !portMatch {
|
|
failures = append(failures, common.Failure{
|
|
Text: fmt.Sprintf(
|
|
"HTTPRoute's backend service '%s' is using port '%d' but the corresponding K8s service '%s/%s' isn't configured with the same port.",
|
|
backend.Name,
|
|
int32(*backend.Port),
|
|
service.Namespace,
|
|
service.Name,
|
|
),
|
|
Sensitive: []common.Sensitive{
|
|
{
|
|
Unmasked: string(backend.Name),
|
|
Masked: util.MaskString(string(backend.Name)),
|
|
},
|
|
{
|
|
Unmasked: service.Name,
|
|
Masked: util.MaskString(service.Name),
|
|
},
|
|
{
|
|
Unmasked: service.Namespace,
|
|
Masked: service.Namespace,
|
|
},
|
|
},
|
|
})
|
|
}
|
|
}
|
|
}
|
|
}
|
|
if len(failures) > 0 {
|
|
preAnalysis[fmt.Sprintf("%s/%s", route.Namespace, route.Name)] = common.PreAnalysis{
|
|
HTTPRoute: route,
|
|
FailureDetails: failures,
|
|
}
|
|
AnalyzerErrorsMetric.WithLabelValues(kind, route.Name, route.Namespace).Set(float64(len(failures)))
|
|
}
|
|
}
|
|
for key, value := range preAnalysis {
|
|
var currentAnalysis = common.Result{
|
|
Kind: kind,
|
|
Name: key,
|
|
Error: value.FailureDetails,
|
|
}
|
|
a.Results = append(a.Results, currentAnalysis)
|
|
}
|
|
return a.Results, nil
|
|
|
|
}
|