From 9bb78ef5224f29933f72aeacae9a84398e904491 Mon Sep 17 00:00:00 2001 From: sadath-12 Date: Fri, 16 Feb 2024 21:03:33 +0530 Subject: [PATCH] fix: require changes --- .../content/en/docs/troubleshooting/_index.md | 16 +++- pkg/labels/labels.go | 4 + pkg/labels/labels_test.go | 93 +++++++++++++++---- pkg/policyfilter/state.go | 12 ++- 4 files changed, 99 insertions(+), 26 deletions(-) diff --git a/docs/content/en/docs/troubleshooting/_index.md b/docs/content/en/docs/troubleshooting/_index.md index d2a4d7d1ebc..1df8b86dc64 100644 --- a/docs/content/en/docs/troubleshooting/_index.md +++ b/docs/content/en/docs/troubleshooting/_index.md @@ -47,13 +47,19 @@ Key Information Collected by the Bugtool: 1. Identify Tetragon Pod: ```bash - kubectl get pods -n -l app.kubernetes.io name=tetragon + kubectl get pods -n -l app.kubernetes.io name=tetragon ``` 2. Execute tetra bugtool within the Pod: ```bash - kubectl exec -n -- tetra bugtool + kubectl exec -n -- tetra bugtool + ``` + +3. Retrieve the created archive from the Pod's filesystem: + + ```bash + kubectl cp /:/path/to/archive.zip ./archive.zip ``` ### Container Installation @@ -61,13 +67,13 @@ Key Information Collected by the Bugtool: 1. Enter the Tetragon Container: ```bash - docker exec -it + docker exec -it tetra bugtool ``` -2. Run tetra bugtool: +2. Retrieve the archive using docker cp: ```bash - tetra bugtool + docker cp :/path/to/tetragon_output.zip ``` ### Systemd Host Installation diff --git a/pkg/labels/labels.go b/pkg/labels/labels.go index 9e47d25ace8..a0d9d7e58d8 100644 --- a/pkg/labels/labels.go +++ b/pkg/labels/labels.go @@ -20,6 +20,10 @@ const ( opNotIn ) +const ( + K8sPodNamespace = "k8s:io.kubernetes.pod.namespace" +) + type selectorOp struct { key string operator operator diff --git a/pkg/labels/labels_test.go b/pkg/labels/labels_test.go index e1bdf49a1f9..4d176871390 100644 --- a/pkg/labels/labels_test.go +++ b/pkg/labels/labels_test.go @@ -14,6 +14,7 @@ import ( type testLabel struct { labels Labels expectedRes bool + namespace string } type testCase struct { @@ -27,8 +28,8 @@ func TestLabels(t *testing.T) { // empty label selector should match everything labelSelector: &slimv1.LabelSelector{}, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, true}, - {nil, true}, + {map[string]string{"app": "tetragon"}, true, "default"}, + {Labels{}, true, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -37,8 +38,8 @@ func TestLabels(t *testing.T) { }, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, true}, - {map[string]string{"app": "cilium"}, false}, + {map[string]string{"app": "tetragon"}, true, "default"}, + {map[string]string{"app": "cilium"}, false, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -49,9 +50,9 @@ func TestLabels(t *testing.T) { }}, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, true}, - {map[string]string{"app": "cilium"}, true}, - {map[string]string{"app": "hubble"}, false}, + {map[string]string{"app": "tetragon"}, true, "default"}, + {map[string]string{"app": "cilium"}, true, "default"}, + {map[string]string{"app": "hubble"}, false, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -62,9 +63,9 @@ func TestLabels(t *testing.T) { }}, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, false}, - {map[string]string{"app": "cilium"}, false}, - {map[string]string{"app": "hubble"}, true}, + {map[string]string{"app": "tetragon"}, false, "default"}, + {map[string]string{"app": "cilium"}, false, "default"}, + {map[string]string{"app": "hubble"}, true, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -74,9 +75,9 @@ func TestLabels(t *testing.T) { }}, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, true}, - {map[string]string{"application": "cilium"}, false}, - {map[string]string{"app": "hubble"}, true}, + {map[string]string{"app": "tetragon"}, true, "default"}, + {map[string]string{"application": "cilium"}, false, "default"}, + {map[string]string{"app": "hubble"}, true, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -86,9 +87,9 @@ func TestLabels(t *testing.T) { }}, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, false}, - {map[string]string{"application": "cilium"}, true}, - {map[string]string{"app": "hubble"}, false}, + {map[string]string{"app": "tetragon"}, false, "default"}, + {map[string]string{"application": "cilium"}, true, "default"}, + {map[string]string{"app": "hubble"}, false, "default"}, }, }, { labelSelector: &slimv1.LabelSelector{ @@ -101,10 +102,59 @@ func TestLabels(t *testing.T) { }, }, tests: []testLabel{ - {map[string]string{"app": "tetragon"}, true}, - {map[string]string{"application": "tetragon"}, false}, - {map[string]string{"app": "tetragon", "application": "tetragon"}, false}, - {map[string]string{"app": "tetragon", "pizza": "yes"}, true}, + {map[string]string{"app": "tetragon"}, true, "default"}, + {map[string]string{"application": "tetragon"}, false, "default"}, + {map[string]string{"app": "tetragon", "application": "tetragon"}, false, "default"}, + {map[string]string{"app": "tetragon", "pizza": "yes"}, true, "default"}, + }, + }, { + labelSelector: &slimv1.LabelSelector{ + MatchExpressions: []slimv1.LabelSelectorRequirement{{ + Key: K8sPodNamespace, + Operator: "In", + Values: []string{"tetragon"}, + }}, + }, + tests: []testLabel{ + {map[string]string{K8sPodNamespace: "tetragon"}, true, "tetragon"}, + {map[string]string{K8sPodNamespace: "test"}, false, "default"}, + }, + }, { + labelSelector: &slimv1.LabelSelector{ + MatchExpressions: []slimv1.LabelSelectorRequirement{{ + Key: K8sPodNamespace, + Operator: "In", + Values: []string{"cilium", "tetragon"}, + }}, + }, + tests: []testLabel{ + {map[string]string{"app": "tetragon"}, true, "cilium"}, + {map[string]string{"app": "cilium"}, true, "tetragon"}, + {map[string]string{"app": "hubble"}, false, "default"}, + }, + }, { + labelSelector: &slimv1.LabelSelector{ + MatchExpressions: []slimv1.LabelSelectorRequirement{{ + Key: K8sPodNamespace, + Operator: "NotIn", + Values: []string{"cilium", "tetragon"}, + }}, + }, + tests: []testLabel{ + {map[string]string{"app": "tetragon"}, false, "cilium"}, + {map[string]string{"app": "cilium"}, false, "tetragon"}, + {map[string]string{"app": "hubble"}, true, "default"}, + }, + }, { + labelSelector: &slimv1.LabelSelector{ + MatchExpressions: []slimv1.LabelSelectorRequirement{{ + Key: K8sPodNamespace, + Operator: "Exists", + }}, + }, + tests: []testLabel{ + {map[string]string{K8sPodNamespace: "tetragon"}, true, "tetragon"}, + {map[string]string{}, true, ""}, }, }, } @@ -113,6 +163,9 @@ func TestLabels(t *testing.T) { selector, err := SelectorFromLabelSelector(tc.labelSelector) require.NoError(t, err) for _, test := range tc.tests { + if _, ok := test.labels[K8sPodNamespace]; !ok { + test.labels[K8sPodNamespace] = test.namespace + } res := selector.Match(test.labels) if res != test.expectedRes { t.Fatalf("label selector:%+v labels:%+v expected:%t got:%t", tc.labelSelector, test.labels, test.expectedRes, res) diff --git a/pkg/policyfilter/state.go b/pkg/policyfilter/state.go index fb98d337994..e032c783b59 100644 --- a/pkg/policyfilter/state.go +++ b/pkg/policyfilter/state.go @@ -204,8 +204,18 @@ func (pol *policy) podMatches(podNs string, podLabels labels.Labels) bool { if pol.namespace != "" && podNs != pol.namespace { return false } + var podLabels1 labels.Labels + if podLabels != nil { + podLabels1 = podLabels + } else { + podLabels1 = make(labels.Labels) + } + + if _, ok := podLabels1[labels.K8sPodNamespace]; !ok { + podLabels1[labels.K8sPodNamespace] = podNs + } - return pol.podSelector.Match(podLabels) + return pol.podSelector.Match(podLabels1) } func (pol *policy) podInfoMatches(pod *podInfo) bool {