support init containers

Signed-off-by: David Wertenteil <[email protected]>
kubescape · Jan 17, 2024 · bfae917 · bfae917
1 parent 6009fb0
commit bfae917
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 12 deletions.
diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/google/gofuzz v1.2.0
 	github.com/goradd/maps v0.1.5
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.157
+	github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1
 	github.com/olvrng/ujson v1.1.0
 	github.com/puzpuzpuz/xsync/v2 v2.4.1
 	github.com/spf13/afero v1.11.0

diff --git a/go.sum b/go.sum
@@ -1110,8 +1110,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubescape/go-logger v0.0.22 h1:gle7wH6emOiGv9ljdpVi82pWLQ3jGucrUucvil6JXHE=
 github.com/kubescape/go-logger v0.0.22/go.mod h1:x3HBpZo3cMT/WIdy18BxvVVd5D0e/PWFVk/HiwBNu3g=
-github.com/kubescape/k8s-interface v0.0.157 h1:3IbGpoPtuQ3KzEQcbCTaMOJL15LkF70xmwHWxI+dvWM=
-github.com/kubescape/k8s-interface v0.0.157/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
+github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1 h1:RPrJ95wiCaywdjgFzalOhTH3jyTOAZ6n19cNWjWL5KU=
+github.com/kubescape/k8s-interface v0.0.158-0.20240117162237-b087cd69bcf1/go.mod h1:5sz+5Cjvo98lTbTVDiDA4MmlXxeHSVMW/wR0V3hV4K8=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
 github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=

diff --git a/pkg/cleanup/cleanup.go b/pkg/cleanup/cleanup.go
@@ -9,10 +9,10 @@ import (
 	"time"
 
 	wlidPkg "github.com/armosec/utils-k8s-go/wlid"
+	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
 
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	"github.com/kubescape/storage/pkg/apis/softwarecomposition"
 	"github.com/kubescape/storage/pkg/registry/file"
 	"github.com/olvrng/ujson"
@@ -179,17 +179,17 @@ func unquote(value []byte) string {
 }
 
 func deleteByInstanceId(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	instanceId, ok := metadata.Annotations[instanceidhandler.InstanceIDMetadataKey]
+	instanceId, ok := metadata.Annotations[helpersv1.InstanceIDMetadataKey]
 	return !ok || !resourceMaps.RunningInstanceIds.Contains(instanceId)
 }
 
 func deleteByImageId(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	imageId, ok := metadata.Annotations[instanceidhandler.ImageIDMetadataKey]
+	imageId, ok := metadata.Annotations[helpersv1.ImageIDMetadataKey]
 	return !ok || !resourceMaps.RunningContainerImageIds.Contains(imageId)
 }
 
 func deleteByWlid(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	wlid, ok := metadata.Annotations[instanceidhandler.WlidMetadataKey]
+	wlid, ok := metadata.Annotations[helpersv1.WlidMetadataKey]
 	kind := strings.ToLower(wlidPkg.GetKindFromWlid(wlid))
 	if !Workloads.Contains(kind) {
 		if kind != "" {
@@ -201,16 +201,16 @@ func deleteByWlid(_, _ string, metadata *metav1.ObjectMeta, resourceMaps Resourc
 }
 
 func deleteByImageIdOrInstanceId(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	imageId, imageIdFound := metadata.Annotations[instanceidhandler.ImageIDMetadataKey]
-	instanceId, instanceIdFound := metadata.Annotations[instanceidhandler.InstanceIDMetadataKey]
+	imageId, imageIdFound := metadata.Annotations[helpersv1.ImageIDMetadataKey]
+	instanceId, instanceIdFound := metadata.Annotations[helpersv1.InstanceIDMetadataKey]
 	return (!instanceIdFound && !imageIdFound) ||
 		(imageIdFound && !resourceMaps.RunningContainerImageIds.Contains(imageId)) ||
 		(instanceIdFound && !resourceMaps.RunningInstanceIds.Contains(instanceId))
 }
 
 func deleteByWlidAndContainer(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	wlContainerName, wlContainerNameFound := metadata.Annotations[instanceidhandler.ContainerNameMetadataKey]
-	wlid, wlidFound := metadata.Annotations[instanceidhandler.WlidMetadataKey]
+	wlContainerName, wlContainerNameFound := metadata.Annotations[helpersv1.ContainerNameMetadataKey]
+	wlid, wlidFound := metadata.Annotations[helpersv1.WlidMetadataKey]
 	if !wlidFound || !wlContainerNameFound {
 		return true
 	}
@@ -219,7 +219,7 @@ func deleteByWlidAndContainer(_, _ string, metadata *metav1.ObjectMeta, resource
 }
 
 func deleteByTemplateHashOrWlid(_, _ string, metadata *metav1.ObjectMeta, resourceMaps ResourceMaps) bool {
-	wlReplica, wlReplicaFound := metadata.Labels[instanceidhandler.TemplateHashKey] // replica
+	wlReplica, wlReplicaFound := metadata.Labels[helpersv1.TemplateHashKey] // replica
 	if wlReplicaFound && wlReplica != "" {
 		return !resourceMaps.RunningTemplateHash.Contains(wlReplica)
 	}

diff --git a/pkg/cleanup/discovery.go b/pkg/cleanup/discovery.go
@@ -3,6 +3,7 @@ package cleanup
 import (
 	"context"
 	"fmt"
+
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 
@@ -122,6 +123,22 @@ func (h *KubernetesAPI) fetchWlidsFromRunningWorkloads(resourceMaps *ResourceMap
 				nameStr := name.(string)
 				resourceMaps.RunningWlidsToContainerNames.Get(wlid).Add(nameStr)
 			}
+
+			initC, ok := workloadinterface.InspectMap(workload.Object, append(workloadinterface.PodSpec(workload.GetKind()), "initContainers")...)
+			if !ok {
+				continue
+			}
+			initContainers := initC.([]interface{})
+			for _, container := range initContainers {
+				name, ok := workloadinterface.InspectMap(container, "name")
+				if !ok {
+					logger.L().Debug("container has no name", helpers.String("resource", resource))
+					continue
+				}
+				nameStr := name.(string)
+				resourceMaps.RunningWlidsToContainerNames.Get(wlid).Add(nameStr)
+			}
+
 		}
 	}
 	return nil
@@ -161,6 +178,20 @@ func (h *KubernetesAPI) fetchInstanceIdsAndImageIdsAndReplicasFromRunningPods(re
 			imageIdStr := containerImageId.(string)
 			resourceMaps.RunningContainerImageIds.Add(imageIdStr)
 		}
+
+		initC, ok := workloadinterface.InspectMap(p.Object, "status", "initContainerStatuses")
+		if !ok {
+			continue
+		}
+		initContainers := initC.([]interface{})
+		for _, cs := range initContainers {
+			containerImageId, ok := workloadinterface.InspectMap(cs, "imageID")
+			if !ok {
+				continue
+			}
+			imageIdStr := containerImageId.(string)
+			resourceMaps.RunningContainerImageIds.Add(imageIdStr)
+		}
 	}
 	return nil
 }