Feat/deployment config #718
Conversation
ivanstanev
force-pushed
the
feat/deployment-config
branch
from
f08991f to
7ce2834
Compare
| } | ||
|
|
||
| export async function setupInformer(namespace: string, workloadKind: WorkloadKind): Promise<void> { | ||
| const isSupported = await isSupportedWorkload(namespace, workloadKind); |
There was a problem hiding this comment.
Is workload support supposed to be cluster-wide check, not per ns?
There was a problem hiding this comment.
💡
But it would complicate the code a bit, we now need to check this only once and we need to differentiate between snyk-monitor scanning the cluster or snyk-monitor scanning a single namespace (won't have permission to query the cluster if scanning a single namespace).
There was a problem hiding this comment.
Opting not to do it because it would complicate the code quite a bit, LMK if you think it's a really bad idea and the benefits would outweigh the downsides 😉
| const resourceVersion = undefined; // List anything in the cluster | ||
| const timeoutSeconds = 10; // Don't block the snyk-monitor indefinitely | ||
| const attemptedApiCall = await k8sApi.customObjectsClient.listNamespacedCustomObject( | ||
| 'apps.openshift.io', |
There was a problem hiding this comment.
nit: Why don't store this in an object and just reference GVK parts from the static map?
There was a problem hiding this comment.
Could you share example code? Not sure what you mean
The snyk-monitor will do a best-effort attempt to set up a Watch/Informer for DeploymentConfigs in the apps.openshift.io/v1 API. If this does not succeed, scanning will proceed as normal while printing a warning.
This reverts the change in 07f4f34. DeploymentConfigs on OpenShift create ReplicationControllers which in turn create Pods. However, the ReplicationControllers in this case are not marked as controllers, hence we cannot walk the list of owner references and can never scan DeploymentConfigs. This change ensures we do not strictly check for controllers to allow us to read DeploymentConfigs.
ivanstanev
force-pushed
the
feat/deployment-config
branch
from
7ce2834 to
9c08163
Compare
|
Expected release notes (by @ivanstanev) features: fixes:
|
ivanstanev
requested review from
a team,
KatieArmstr,
dkontorovskyy and
minsiyang
|
🎉 This PR is included in version 1.51.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
What this does
Add support for DeploymentConfig on OpenShift.
Before we set up Informers in the cluster for all the different workloads (e.g. Deployment, ReplicaSet), specifically for DeploymentConfig we now do a small query to the API server to understand if it's supported. If the API request returns successfully (non-404 code) then DeploymentConfig is supported and we set up a Watch following the routes in the API reference. If the K8s API returns 404 (meaning the resource is unknown) then we skip creating a DeploymentConfig Informer.
What was added:
DeploymentConfigV1based on the API referenceasyncto allow querying the API server for supported workloads before deciding whether to set an Informer; we also awaitinformer.start()calls since it returns a PromiseMore information
Commit by commit 🙏