Merge pull request #62 from rksharma95/fix-nodelist-id

fix(server): use pod-name:pod-ip as node identity for kubearmor daemon

Author: DelusionalOptimist

relay-server/go.mod

@@ -13,7 +13,6 @@ require (
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/dustin/go-humanize v1.0.1
 	github.com/elastic/go-elasticsearch/v7 v7.17.10
-	github.com/golang/protobuf v1.5.4
 	github.com/google/uuid v1.6.0
 	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20240412061210-e4422dd02342
 	github.com/kubearmor/KubeArmor/protobuf v0.0.0-20240315075053-fee50c9428b9
@@ -35,6 +34,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect

relay-server/server/k8sHandler.go

@@ -264,7 +264,8 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if pod.Status.PodIP != "" {
-				ipsChan <- pod.Status.PodIP
+				// generate id <pod-name>:<pod-ip>
+				ipsChan <- generateID(pod.Name, pod.Status.PodIP)
 			}
 		},
 		UpdateFunc: func(old, new interface{}) {
@@ -279,8 +280,10 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if newPod.Status.PodIP != "" && newPod.Status.PodIP != oldPod.Status.PodIP {
-				ipsChan <- newPod.Status.PodIP
-				DeleteClientEntry(oldPod.Status.PodIP)
+				if oldPod.Status.PodIP != "" {
+					DeleteClientEntry(generateID(oldPod.Name, oldPod.Status.PodIP))
+				}
+				ipsChan <- generateID(newPod.Name, newPod.Status.PodIP)
 			}
 		},
 		DeleteFunc: func(obj interface{}) {
@@ -290,7 +293,7 @@ func (kh *K8sHandler) getKaPodInformer(ipsChan chan string) cache.SharedIndexInf
 			}
 
 			if pod.Status.PodIP != "" {
-				DeleteClientEntry(pod.Status.PodIP)
+				DeleteClientEntry(generateID(pod.Name, pod.Status.PodIP))
 			}
 		},
 	})
@@ -310,7 +313,23 @@ func (kh *K8sHandler) findExistingKaPodsIp(ctx context.Context, ipsChan chan str
 
 	for _, pod := range pods.Items {
 		if pod.Status.PodIP != "" {
-			ipsChan <- pod.Status.PodIP
+			ipsChan <- generateID(pod.Name, pod.Status.PodIP)
 		}
 	}
 }
+
+// ===========
+// == utils ==
+// ===========
+
+func generateID(podName, podIP string) string {
+	return fmt.Sprintf("%s:%s", podName, podIP)
+}
+
+func extractIP(podID string) (string, error) {
+	id := strings.Split(podID, ":")
+	if len(id) != 2 {
+		return "", fmt.Errorf("invalid ID format: %s", podID)
+	}
+	return id[1], nil
+}

relay-server/server/relayServer.go

@@ -712,14 +712,18 @@ func DeleteClientEntry(nodeIP string) {
 // == KubeArmor == //
 // =============== //
 
-func connectToKubeArmor(nodeIP, port string) error {
+func connectToKubeArmor(nodeID, port string) error {
 
+	nodeIP, err := extractIP(nodeID)
+	if err != nil {
+		return err
+	}
 	// create connection info
 	server := nodeIP + ":" + port
 
 	for Running {
 		ClientListLock.RLock()
-		_, found := ClientList[nodeIP]
+		_, found := ClientList[nodeID]
 		ClientListLock.RUnlock()
 		if !found {
 			// KubeArmor with this IP is deleted or the IP has changed