Adding support for third-party Controllers (e.g. OpenShift)

[baderbuddy]

When pulling ReplicationController it will now look for an OwnerReference and roll up duplicates to that owner. This allows Polaris to work with OpenShift DeploymentConfigs but also any other CRD.

Also added a quick check for dividing by 0.

[codecov]

Codecov Report

Merging #240 into master will increase coverage by 3.98%.
The diff coverage is 82.52%.

@@            Coverage Diff             @@
##           master     #240      +/-   ##
==========================================
+ Coverage   51.66%   55.64%   +3.98%     
==========================================
  Files          12       12              
  Lines         753      629     -124     
==========================================
- Hits          389      350      -39     
+ Misses        309      247      -62     
+ Partials       55       32      -23

Impacted Files	Coverage Δ
pkg/config/schema.go	13.25% <0%> (ø)	⬆️
pkg/validator/summary.go	48.03% <0%> (-0.97%)	⬇️
pkg/validator/container.go	72.72% <100%> (ø)	⬆️
pkg/validator/fullaudit.go	47.61% <100%> (-5.58%)	⬇️
pkg/validator/schema.go	79.56% <100%> (+1.67%)	⬆️
pkg/validator/pod.go	63.63% <100%> (ø)	⬆️
pkg/validator/controller.go	81.48% <80%> (-4.73%)	⬇️
pkg/kube/resources.go	70.21% <85.36%> (+19.82%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 37660e0...57f3a8b. Read the comment docs.

[rbren]

IIUC, the way this is currently implemented breaks our ControllersToScan config, since the user may not have specified owner.Kind in that list.

I think a safer way to do things might be to see if ControllersToScan contains a type that we don't have first-class support for. For those cases, we can retrieve all pods and find ones that have a relevant owner. Do you think that would catch the OpenShift types?

We should also create a new controller type for these cases in pkg/validator/controllers, e.g. Miscellaneous.

[baderbuddy]

What was the original thinking with the ControllersToScan option? That might help me in thinking through how to fit this in. I was trying to think through any kind of scenario where I wouldn't just want to scan every kind of controller that I could.

[rbren]

TBH, I don't fully remember 😅 - the guy who implemented it is no longer on the project. I wouldn't be opposed to removing it for v1.

I still have some concerns over the current implementation though - e.g. I think we'll end up seeing multiple CronJob objects - one for the original, and one for each Job it's created. And if the ownership is XController -> Pod, with no intermediate controller type, we'll miss it.

I do dislike our current pattern of needing a bunch of boilerplate code for each controller type, but I think it'd be good to stay consistent between vanilla k8s and open shift. Maybe we can sync offline and come up with a better path forward. I think checking pod parents like you're doing here might be an interesting route.

[jordandoig]

👍 Thanks Bader!

[baderbuddy]

Robert, do you want to take another look? I think I have the dynamic querying for parents working, I even have some dynamicness working for loading from a YAML file. I think this is at least the right track, but there's probably more to clean up.

[rbren]

This is definitely coming along!

A few things:

• I think we need to get rid of controllersToScan in
  • pkg/config/config.go
  • examples/config.yaml
  • examples/config-full.yaml
  • pkg/config/config_test.go
• can/should probably also get rid of pkg/config/supportedcontrollers.go
• there are some dropped tests that concern me - ideally they should stay the same

[rbren]

Looks like we lost a lot of tests - why is that?

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ baderbuddy
❌ Robert Brennan

---

Robert Brennan seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[baderbuddy]

I fixed up all of the tests, a few don't have as much data and I added TODOs there, that's because we're only retrieving things at the pod level now and all of the fake controllers haven't added pods.

[rbren]

I think we're just about there! A couple smaller comments.

I don't quite understand your comment about mocking pods in the tests - it looks to me like each of the fake controllers has a MockPod

[rbren]

Should we log an info message if there are multiple owners?

[baderbuddy]

Got the logging in there now.

[rbren]

I don't like the idea of tracking both Kind and KindString - it's not immediately apparent why they'd diverge (though I can see from the code that they do)

Is there anything wrong with always setting Kind to the controller Kind, and getting rid of the SupportedController type?

[baderbuddy]

I got rid of the Kind on the GenericController, but left the SupportedController type because it still seemed useful for a few things, especially it seems like we use it on the validation webhook side.

[rbren]

Seems like these functions are just used in the tests - possible to nuke them or move them to the /test package?

[baderbuddy]

The validator webhook still uses these too