forked from zalando-incubator/kube-aws-iam-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpod_watcher.go
113 lines (96 loc) · 2.49 KB
/
pod_watcher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package main
import (
"context"
"strings"
log "github.com/sirupsen/logrus"
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/cache"
)
// PodEvent defines an event triggered when a pod is created/updated/deleted.
type PodEvent struct {
Role string
Name string
Namespace string
Deletion bool
}
// PodWatcher lists and watches for changes to pods.
type PodWatcher struct {
client kubernetes.Interface
podEvents chan<- *PodEvent
namespace string
}
// NewPodWatcher initializes a new PodWatcher.
func NewPodWatcher(client kubernetes.Interface, namespace string, podEvents chan<- *PodEvent) *PodWatcher {
return &PodWatcher{
client: client,
namespace: namespace,
podEvents: podEvents,
}
}
// Run setups up a shared informer for listing and watching changes to pods and
// starts listening for events.
func (p *PodWatcher) Run(ctx context.Context) {
informer := cache.NewSharedIndexInformer(
cache.NewListWatchFromClient(p.client.CoreV1().RESTClient(), "pods", p.namespace, fields.Everything()),
&v1.Pod{},
0, // skip resync
cache.Indexers{},
)
informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: p.add,
DeleteFunc: p.del,
})
go informer.Run(ctx.Done())
if !cache.WaitForCacheSync(ctx.Done(), informer.HasSynced) {
log.Errorf("Timed out waiting for caches to sync")
return
}
log.Info("Synced Pod watcher")
}
// add sends an add pod event to the podEvents queue.
func (p *PodWatcher) add(obj interface{}) {
pod, ok := obj.(*v1.Pod)
if !ok {
log.Errorf("Failed to get pod object")
return
}
role := iamRole(pod)
if role != "" {
event := &PodEvent{
Name: pod.Name,
Namespace: pod.Namespace,
Role: role,
}
p.podEvents <- event
}
}
// add sends a delete pod event to the podEvents queue.
func (p *PodWatcher) del(obj interface{}) {
pod, ok := obj.(*v1.Pod)
if !ok {
log.Errorf("Failed to get pod object")
return
}
role := iamRole(pod)
if role != "" {
event := &PodEvent{
Name: pod.Name,
Namespace: pod.Namespace,
Role: role,
Deletion: true,
}
p.podEvents <- event
}
}
// iamRole tries to find an AWS IAM role name by looking into the secret name
// of volumes defined for the pod.
func iamRole(pod *v1.Pod) string {
for _, volume := range pod.Spec.Volumes {
if volume.Secret != nil && strings.HasPrefix(volume.Secret.SecretName, secretPrefix) {
return strings.TrimPrefix(volume.Secret.SecretName, secretPrefix)
}
}
return ""
}