github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-16 06:46:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Namespace restricted mode (#147)

Browse Source
This commit is contained in:
Nimrod Gilboa Markevich
2021-08-05 10:28:31 +03:00
committed by GitHub
parent dea223bfe1
commit 04579eb03c
18 changed files with 791 additions and 331 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
agent/pkg/api/main.go
View File

@@ -26,7 +26,7 @@ import (
var k8sResolver *resolver.Resolver
func init() {
func StartResolving(namespace string) {
errOut := make(chan error, 100)
res, err := resolver.NewFromInCluster(errOut)
if err != nil {
@@ -34,7 +34,7 @@ func init() {
return
}
ctx := context.Background()
res.Start(ctx)
res.Start(ctx, namespace)
go func() {
for {
select {

23
agent/pkg/resolver/resolver.go
View File

@@ -18,17 +18,20 @@ const (
)
type Resolver struct {
clientConfig *restclient.Config
clientSet *kubernetes.Clientset
nameMap map[string]string
serviceMap map[string]string
isStarted bool
errOut chan error
clientConfig *restclient.Config
clientSet *kubernetes.Clientset
nameMap map[string]string
serviceMap map[string]string
isStarted bool
errOut chan error
namespace string
}
func (resolver *Resolver) Start(ctx context.Context) {
func (resolver *Resolver) Start(ctx context.Context, namespace string) {
if !resolver.isStarted {
resolver.isStarted = true
resolver.namespace = namespace
go resolver.infiniteErrorHandleRetryFunc(ctx, resolver.watchServices)
go resolver.infiniteErrorHandleRetryFunc(ctx, resolver.watchEndpoints)
go resolver.infiniteErrorHandleRetryFunc(ctx, resolver.watchPods)
@@ -54,7 +57,7 @@ func (resolver *Resolver) CheckIsServiceIP(address string) bool {
func (resolver *Resolver) watchPods(ctx context.Context) error {
// empty namespace makes the client watch all namespaces
watcher, err := resolver.clientSet.CoreV1().Pods("").Watch(ctx, metav1.ListOptions{Watch: true})
watcher, err := resolver.clientSet.CoreV1().Pods(resolver.namespace).Watch(ctx, metav1.ListOptions{Watch: true})
if err != nil {
return err
}
@@ -77,7 +80,7 @@ func (resolver *Resolver) watchPods(ctx context.Context) error {
func (resolver *Resolver) watchEndpoints(ctx context.Context) error {
// empty namespace makes the client watch all namespaces
watcher, err := resolver.clientSet.CoreV1().Endpoints("").Watch(ctx, metav1.ListOptions{Watch: true})
watcher, err := resolver.clientSet.CoreV1().Endpoints(resolver.namespace).Watch(ctx, metav1.ListOptions{Watch: true})
if err != nil {
return err
}
@@ -120,7 +123,7 @@ func (resolver *Resolver) watchEndpoints(ctx context.Context) error {
func (resolver *Resolver) watchServices(ctx context.Context) error {
// empty namespace makes the client watch all namespaces
watcher, err := resolver.clientSet.CoreV1().Services("").Watch(ctx, metav1.ListOptions{Watch: true})
watcher, err := resolver.clientSet.CoreV1().Services(resolver.namespace).Watch(ctx, metav1.ListOptions{Watch: true})
if err != nil {
return err
}