diff --git a/core/pkg/hostsensorutils/hostsensor.yaml b/core/pkg/hostsensorutils/hostsensor.yaml index db7ffc958f..5ee52b6f5e 100644 --- a/core/pkg/hostsensorutils/hostsensor.yaml +++ b/core/pkg/hostsensorutils/hostsensor.yaml @@ -32,7 +32,7 @@ spec: - operator: Exists containers: - name: host-sensor - image: quay.io/kubescape/host-scanner:v1.0.54 + image: quay.io/kubescape/host-scanner:v1.0.57 securityContext: allowPrivilegeEscalation: true privileged: true diff --git a/core/pkg/hostsensorutils/hostsensordeploy_test.go b/core/pkg/hostsensorutils/hostsensordeploy_test.go index 0ba07cb6a9..a26fb27a24 100644 --- a/core/pkg/hostsensorutils/hostsensordeploy_test.go +++ b/core/pkg/hostsensorutils/hostsensordeploy_test.go @@ -41,7 +41,7 @@ func TestHostSensorHandler(t *testing.T) { envelope, status, err := h.CollectResources(ctx) require.NoError(t, err) - require.Len(t, envelope, 11*2) // has cloud provider, no control plane requested + require.Len(t, envelope, 10*2) // has cloud provider, no control plane requested require.Len(t, status, 0) foundControl, foundProvider := false, false @@ -91,7 +91,7 @@ func TestHostSensorHandler(t *testing.T) { envelope, status, err := h.CollectResources(ctx) require.NoError(t, err) - require.Len(t, envelope, 12*2) // has empty cloud provider, has control plane info + require.Len(t, envelope, 11*2) // has empty cloud provider, has control plane info require.Len(t, status, 0) foundControl, foundProvider := false, false @@ -141,37 +141,6 @@ func TestHostSensorHandler(t *testing.T) { }) }) - t.Run("should build host sensor with error in response from /kubeletConfigurations", func(t *testing.T) { - k8s := NewKubernetesApiMock(WithNode(mockNode1()), - WithPod(mockPod1()), - WithPod(mockPod2()), - WithResponses(mockResponsesNoCloudProvider()), - WithErrorResponse(RestURL{"http", "pod1", "7888", "/kubeletConfigurations"}), // this endpoint will return an error from this pod - ) - - h, err := NewHostSensorHandler(k8s, "") - require.NoError(t, err) - require.NotNil(t, h) - - t.Run("should initialize host sensor", func(t *testing.T) { - require.NoError(t, h.Init(ctx)) - - w, err := k8s.KubernetesClient.CoreV1().Pods(h.daemonSet.Namespace).Watch(ctx, metav1.ListOptions{}) - require.NoError(t, err) - w.Stop() - - require.Len(t, h.hostSensorPodNames, 2) - }) - - t.Run("should collect resources from pods, with some errors", func(t *testing.T) { - envelope, status, err := h.CollectResources(ctx) - require.NoError(t, err) - - require.Len(t, envelope, 12*2-1) // one resource is missing - require.Len(t, status, 0) // error is not reported in status: this is due to the worker pool not bubbling up errors - }) - }) - t.Run("should FAIL to build host sensor because there are no nodes", func(t *testing.T) { h, err := NewHostSensorHandler(NewKubernetesApiMock(), "") require.Error(t, err) diff --git a/core/pkg/hostsensorutils/hostsensorgetfrompod.go b/core/pkg/hostsensorutils/hostsensorgetfrompod.go index 5a90ba4bcd..bac67eaaa9 100644 --- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go +++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go @@ -10,12 +10,9 @@ import ( "sync" logger "github.com/kubescape/go-logger" - "github.com/kubescape/go-logger/helpers" "github.com/kubescape/k8s-interface/k8sinterface" "github.com/kubescape/opa-utils/objectsenvelopes/hostsensor" "github.com/kubescape/opa-utils/reporthandling/apis" - - "sigs.k8s.io/yaml" ) // getPodList clones the internal list of pods being watched as a map of pod names. @@ -204,22 +201,6 @@ func (hsh *HostSensorHandler) getOsReleaseFile(ctx context.Context) ([]hostsenso return hsh.sendAllPodsHTTPGETRequest(ctx, "/osRelease", "OsReleaseFile") } -// getKubeletConfigurations returns the list of kubelet configurations. -func (hsh *HostSensorHandler) getKubeletConfigurations(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) { - // loop over pods and port-forward it to each of them - res, err := hsh.sendAllPodsHTTPGETRequest(ctx, "/kubeletConfigurations", "KubeletConfiguration") // empty kind, will be overridden - for resIdx := range res { - jsonBytes, ery := yaml.YAMLToJSON(res[resIdx].Data) - if ery != nil { - logger.L().Ctx(ctx).Warning("failed to convert kubelet configurations from yaml to json", helpers.Error(ery)) - continue - } - res[resIdx].SetData(jsonBytes) - } - - return res, err -} - // hasCloudProviderInfo iterates over the []hostsensor.HostSensorDataEnvelope list to find info about the cloud provider. // // If information are found, then return true. Return false otherwise. @@ -259,10 +240,6 @@ func (hsh *HostSensorHandler) CollectResources(ctx context.Context) ([]hostsenso Query func(context.Context) ([]hostsensor.HostSensorDataEnvelope, error) }{ // queries to the deployed host-scanner - { - Resource: KubeletConfiguration, - Query: hsh.getKubeletConfigurations, - }, { Resource: KubeletCommandLine, Query: hsh.getKubeletCommandLine,