Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding support for third-party Controllers (e.g. OpenShift) #240

Merged
merged 26 commits into from
Mar 26, 2020
Merged

Adding support for third-party Controllers (e.g. OpenShift) #240

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
330d7f0
Add note about config change
Jan 31, 2020
51d639e
Prevent divide by 0
Jan 31, 2020
aaa54cc
Directly return 0 for divide by 0
Jan 31, 2020
31de106
Added check for parent and rollup to parent.
Jan 31, 2020
b5ac0bc
Merge branch 'master' into bb/openshift
Feb 3, 2020
619e17d
Merge branch 'master' into bb/openshift
Feb 19, 2020
fe55216
Merge branch 'master' into bb/openshift
Mar 16, 2020
bb34be7
Dynamically retrieve parents
baderbuddy Mar 16, 2020
0d3fe61
Remove unnecessary queries
baderbuddy Mar 16, 2020
7fdebfc
Fix tests
baderbuddy Mar 17, 2020
3c68527
Cut out logic specific to controller types
baderbuddy Mar 17, 2020
8c769e4
Cut out duplicitive code.
baderbuddy Mar 17, 2020
fb0d7c5
Add additional logging
baderbuddy Mar 17, 2020
c43ace2
Add support for CronJobs in support versions list
baderbuddy Mar 17, 2020
61ecb69
Adding support for v2alpha1 for cron
baderbuddy Mar 17, 2020
ee2ccb0
Merge branch 'master' into bb/openshift
Mar 17, 2020
98533bc
Merge branch 'master' into bb/openshift
Mar 18, 2020
d18bf85
Merge branch 'master' into bb/openshift
Mar 19, 2020
68fe230
Feedback from PR
baderbuddy Mar 23, 2020
49dbd1d
Merge branch 'bb/openshift' of github.com:FairwindsOps/polaris into b…
baderbuddy Mar 23, 2020
aa0658b
Merge branch 'master' into bb/openshift
Mar 23, 2020
5769acf
deduplicate results right away
baderbuddy Mar 25, 2020
a5828a2
Fix tests
baderbuddy Mar 25, 2020
3c46f40
Cleanup SupportedControllers
baderbuddy Mar 25, 2020
dcf02b9
Merge branch 'master' into bb/openshift
Mar 25, 2020
57f3a8b
Merge branch 'master' into bb/openshift
Mar 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Added check for parent and rollup to parent.
  • Loading branch information
Bader Boland committed Jan 31, 2020
commit 31de106ba8b6f2d959d0322238e603343a76ae42
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# x.x.x (next release)
* Added the ability to exempt a particular controller from a particular check.
* Changed configuration of controllers-to-scan to controllersToScan
* Breaking changes in the config format.
* Added support for finding the Owners, this will allow Polaris to work with types of Controllers it doesn't even know about.

# 0.6.0
* Fixed webhook support in Kubernetes 1.16
Expand Down
53 changes: 45 additions & 8 deletions pkg/validator/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"github.com/fairwindsops/polaris/pkg/kube"
"github.com/fairwindsops/polaris/pkg/validator/controllers"
controller "github.com/fairwindsops/polaris/pkg/validator/controllers"
"github.com/sirupsen/logrus"
)

const exemptionAnnotationKey = "polaris.fairwinds.com/exempt"
Expand All @@ -32,24 +33,60 @@ func ValidateController(conf *conf.Configuration, controller controller.Interfac
return ControllerResult{}, err
}
result := ControllerResult{
Kind: controller.GetKind().String(),
Name: controller.GetName(),
Namespace: controller.GetObjectMeta().Namespace,
Results: ResultSet{},
PodResult: podResult,
Kind: controller.GetKind().String(),
Name: controller.GetName(),
Namespace: controller.GetObjectMeta().Namespace,
Results: ResultSet{},
PodResult: podResult,
CreatedTime: controller.GetObjectMeta().CreationTimestamp.Time,
}
owners := controller.GetObjectMeta().OwnerReferences
// If an owner exists then set the name to the controller.
// This allows us to handle CRDs creating Controllers or DeploymentConfigs in OpenShift.
if len(owners) > 0 {
firstOwner := owners[0]
rbren marked this conversation as resolved.
Show resolved Hide resolved
result.Kind = firstOwner.Kind
result.Name = firstOwner.Name
}
return result, nil
}

// Because the controllers with an Owner take on the name of the Owner, this eliminates any duplicates.
// In cases like CronJobs older children can hang around, so this takes the most recent.
func deduplicateControllers(controllerResults []ControllerResult) []ControllerResult {
controllerMap := make(map[string][]ControllerResult)
for _, controller := range controllerResults {
key := controller.Namespace + "/" + controller.Kind + "/" + controller.Name
controllerMap[key] = append(controllerMap[key], controller)
}
results := make([]ControllerResult, 0)
for _, controllers := range controllerMap {
if len(controllers) == 1 {
results = append(results, controllers[0])
} else {
latestController := controllers[0]
for _, controller := range controllers[1:] {
if controller.CreatedTime.After(latestController.CreatedTime) {
latestController = controller
}
}
results = append(results, latestController)
}
}
return results
}

// ValidateControllers validates that each deployment conforms to the Polaris config,
// builds a list of ResourceResults organized by namespace.
func ValidateControllers(config *conf.Configuration, kubeResources *kube.ResourceProvider) ([]ControllerResult, error) {
var controllersToAudit []controller.Interface
for _, supportedControllers := range config.ControllersToScan {
loadedControllers, _ := controllers.LoadControllersByKind(supportedControllers, kubeResources)
loadedControllers, err := controllers.LoadControllersByKind(supportedControllers, kubeResources)
baderbuddy marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
logrus.Warn(err)
}
controllersToAudit = append(controllersToAudit, loadedControllers...)
}

results := []ControllerResult{}
for _, controller := range controllersToAudit {
if !config.DisallowExemptions && hasExemptionAnnotation(controller) {
Expand All @@ -61,7 +98,7 @@ func ValidateControllers(config *conf.Configuration, kubeResources *kube.Resourc
}
results = append(results, result)
}
return results, nil
return deduplicateControllers(results), nil
}

func hasExemptionAnnotation(ctrl controller.Interface) bool {
Expand Down
12 changes: 7 additions & 5 deletions pkg/validator/output.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package validator

import (
"github.com/fairwindsops/polaris/pkg/config"
"time"
)

const (
Expand Down Expand Up @@ -62,11 +63,12 @@ type ResultSet map[string]ResultMessage

// ControllerResult provides results for a controller
type ControllerResult struct {
Name string
Namespace string
Kind string
Results ResultSet
PodResult PodResult
Name string
Namespace string
Kind string
Results ResultSet
PodResult PodResult
CreatedTime time.Time
rbren marked this conversation as resolved.
Show resolved Hide resolved
}

// PodResult provides a list of validation messages for each pod.
Expand Down