fix(probe): karmor probe to check for kubearmor using label (#360)

kubearmor · Aug 26, 2023 · de562c5 · de562c5
1 parent 55d8580
commit de562c5
Showing 1 changed file with 16 additions and 14 deletions.
diff --git a/probe/probe.go b/probe/probe.go
@@ -46,7 +46,7 @@ var itwhite = color.New(color.Italic).Add(color.Italic).SprintFunc()
 // K8sInstaller for karmor install
 func probeDaemonInstaller(c *k8s.Client, o Options, krnhdr bool) error {
 	daemonset := deployment.GenerateDaemonSet(o.Namespace, krnhdr)
-	if _, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Create(context.Background(), daemonset, metav1.CreateOptions{}); err != nil {
+	if _, err := c.K8sClientset.AppsV1().DaemonSets("").Create(context.Background(), daemonset, metav1.CreateOptions{}); err != nil {
 		if !strings.Contains(err.Error(), "already exists") {
 			return err
 		}
@@ -56,7 +56,7 @@ func probeDaemonInstaller(c *k8s.Client, o Options, krnhdr bool) error {
 }
 
 func probeDaemonUninstaller(c *k8s.Client, o Options) error {
-	if err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Delete(context.Background(), deployment.Karmorprobe, metav1.DeleteOptions{}); err != nil {
+	if err := c.K8sClientset.AppsV1().DaemonSets("").Delete(context.Background(), deployment.Karmorprobe, metav1.DeleteOptions{}); err != nil {
 		if !strings.Contains(err.Error(), "not found") {
 			return err
 		}
@@ -290,7 +290,7 @@ func findFileInDir(c *k8s.Client, podname, namespace, cmd string) bool {
 
 // Check for BTF Information or Kernel Headers Availability
 func checkNodeKernelHeaderPresent(c *k8s.Client, o Options, nodeName string) bool {
-	pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{
+	pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
 		LabelSelector: "kubearmor-app=" + deployment.Karmorprobe,
 		FieldSelector: "spec.nodeName=" + nodeName,
 	})
@@ -328,7 +328,7 @@ func checkHostAuditSupport() {
 
 func getNodeLsmSupport(c *k8s.Client, o Options, nodeName string) (string, error) {
 	srcPath := "/sys/kernel/security/lsm"
-	pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{
+	pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
 		LabelSelector: "kubearmor-app=karmor-probe",
 		FieldSelector: "spec.nodeName=" + nodeName,
 	})
@@ -373,29 +373,31 @@ func isKubeArmorRunning(c *k8s.Client, o Options) (bool, *Status) {
 }
 
 func getKubeArmorDaemonset(c *k8s.Client, o Options) (bool, *Status) {
-
 	// KubeArmor DaemonSet
-	w, err := c.K8sClientset.AppsV1().DaemonSets(o.Namespace).Get(context.Background(), "kubearmor", metav1.GetOptions{})
+	w, err := c.K8sClientset.AppsV1().DaemonSets("").List(context.Background(), metav1.ListOptions{
+		LabelSelector: "kubearmor-app=kubearmor",
+	})
 	if err != nil {
 		log.Println("error when getting kubearmor daemonset", err)
 		return false, nil
 	}
-	desired, ready, available := w.Status.DesiredNumberScheduled, w.Status.NumberReady, w.Status.NumberAvailable
+	if len(w.Items) == 0 {
+		return false, nil
+	}
+	desired, ready, available := w.Items[0].Status.DesiredNumberScheduled, w.Items[0].Status.NumberReady, w.Items[0].Status.NumberAvailable
 	if desired != ready && desired != available {
 		return false, nil
 	}
-
 	DaemonSetStatus := Status{
 		Desired:   strconv.Itoa(int(desired)),
 		Ready:     strconv.Itoa(int(ready)),
 		Available: strconv.Itoa(int(available)),
 	}
 	return true, &DaemonSetStatus
-
 }
-func getKubeArmorDeployments(c *k8s.Client, o Options) map[string]*Status {
 
-	kubearmorDeployments, err := c.K8sClientset.AppsV1().Deployments(o.Namespace).List(context.Background(), metav1.ListOptions{
+func getKubeArmorDeployments(c *k8s.Client, o Options) map[string]*Status {
+	kubearmorDeployments, err := c.K8sClientset.AppsV1().Deployments("").List(context.Background(), metav1.ListOptions{
 		LabelSelector: "kubearmor-app",
 	})
 	if err != nil {
@@ -422,7 +424,7 @@ func getKubeArmorDeployments(c *k8s.Client, o Options) map[string]*Status {
 
 func getKubeArmorContainers(c *k8s.Client, o Options) map[string]*KubeArmorPodSpec {
 
-	kubearmorPods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{
+	kubearmorPods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
 		LabelSelector: "kubearmor-app",
 	})
 
@@ -473,7 +475,7 @@ func ProbeRunningKubeArmorNodes(c *k8s.Client, o Options) ([]KubeArmorProbeData,
 
 func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) (KubeArmorProbeData, error) {
 	srcPath := "/tmp/karmorProbeData.cfg"
-	pods, err := c.K8sClientset.CoreV1().Pods(o.Namespace).List(context.Background(), metav1.ListOptions{
+	pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{
 		LabelSelector: "kubearmor-app=kubearmor",
 		FieldSelector: "spec.nodeName=" + nodeName,
 	})
@@ -484,7 +486,7 @@ func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) (KubeArmor
 	cmdArr := []string{"cat", srcPath}
 	req := c.K8sClientset.CoreV1().RESTClient().
 		Get().
-		Namespace(o.Namespace).
+		Namespace("").
 		Resource("pods").
 		Name(pods.Items[0].Name).
 		SubResource("exec").