From dc9eaf40688c01504712f153a984f29203e39a4c Mon Sep 17 00:00:00 2001 From: Prateek Nandle Date: Tue, 7 May 2024 11:02:36 +0530 Subject: [PATCH] owner info fixes Signed-off-by: Prateek Nandle --- KubeArmor/core/k8sHandler.go | 18 ++++++++++++++++++ KubeArmor/core/kubeUpdate.go | 16 ++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/KubeArmor/core/k8sHandler.go b/KubeArmor/core/k8sHandler.go index 3938113e96..f65f4c2e0e 100644 --- a/KubeArmor/core/k8sHandler.go +++ b/KubeArmor/core/k8sHandler.go @@ -591,6 +591,24 @@ func getTopLevelOwner(obj metav1.ObjectMeta, namespace string, objkind string) ( if len(pod.OwnerReferences) > 0 { return getTopLevelOwner(pod.ObjectMeta, namespace, "Pod") } + case "Job": + job, err := K8s.K8sClient.BatchV1().Jobs(namespace).Get(context.Background(), ownerRef.Name, metav1.GetOptions{}) + if err != nil { + return "", "", "", err + } + if len(job.OwnerReferences) > 0 { + return getTopLevelOwner(job.ObjectMeta, namespace, "CronJob") + } + return job.Name, "Job", job.Namespace, nil + case "CronJob": + cronJob, err := K8s.K8sClient.BatchV1().CronJobs(namespace).Get(context.Background(), ownerRef.Name, metav1.GetOptions{}) + if err != nil { + return "", "", "", err + } + if len(cronJob.OwnerReferences) > 0 { + return getTopLevelOwner(cronJob.ObjectMeta, namespace, "CronJob") + } + return cronJob.Name, "CronJob", cronJob.Namespace, nil case "Deployment": deployment, err := K8s.K8sClient.AppsV1().Deployments(namespace).Get(context.Background(), ownerRef.Name, metav1.GetOptions{}) if err != nil { diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go index 6e57db283f..ca7000f778 100644 --- a/KubeArmor/core/kubeUpdate.go +++ b/KubeArmor/core/kubeUpdate.go @@ -763,6 +763,22 @@ func (dm *KubeArmorDaemon) WatchK8sPods() { } } + } else if dm.OwnerInfo[pod.Metadata["podName"]].Ref == "Job" { + job, err := K8s.K8sClient.BatchV1().Jobs(pod.Metadata["namespaceName"]).Get(context.Background(), podOwnerName, metav1.GetOptions{}) + if err == nil { + for _, c := range job.Spec.Template.Spec.Containers { + containers = append(containers, c.Name) + } + } + + } else if dm.OwnerInfo[pod.Metadata["podName"]].Ref == "CronJob" { + cronJob, err := K8s.K8sClient.BatchV1().CronJobs(pod.Metadata["namespaceName"]).Get(context.Background(), podOwnerName, metav1.GetOptions{}) + if err == nil { + for _, c := range cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers { + containers = append(containers, c.Name) + } + } + } }