func (l *podLoader) AddToGraph(g osgraph.Graph) error {
for i := range l.items {
kubegraph.EnsurePodNode(g, &l.items[i])
}
return nil
}
func addPodsToGraph(g graph.Graph, pods *kapi.PodList) {
for i := range pods.Items {
pod := &pods.Items[i]
if pod.Status.Phase != kapi.PodRunning && pod.Status.Phase != kapi.PodPending {
glog.V(4).Infof("Pod %s/%s is not running nor pending - skipping", pod.Namespace, pod.Name)
continue
}
glog.V(4).Infof("Adding pod %s/%s to graph", pod.Namespace, pod.Name)
podNode := kubegraph.EnsurePodNode(g, pod)
addPodSpecToGraph(g, &pod.Spec, podNode)
}
}
func TestNamespaceEdgeMatching(t *testing.T) {
g := osgraph.New()
fn := func(namespace string, g osgraph.Interface) {
pod := &kapi.Pod{}
pod.Namespace = namespace
pod.Name = "the-pod"
pod.Labels = map[string]string{"a": "1"}
kubegraph.EnsurePodNode(g, pod)
rc := &kapi.ReplicationController{}
rc.Namespace = namespace
rc.Name = "the-rc"
rc.Spec.Selector = map[string]string{"a": "1"}
kubegraph.EnsureReplicationControllerNode(g, rc)
p := &kapps.PetSet{}
p.Namespace = namespace
p.Name = "the-petset"
p.Spec.Selector = &unversioned.LabelSelector{
MatchLabels: map[string]string{"a": "1"},
}
kubegraph.EnsurePetSetNode(g, p)
svc := &kapi.Service{}
svc.Namespace = namespace
svc.Name = "the-svc"
svc.Spec.Selector = map[string]string{"a": "1"}
kubegraph.EnsureServiceNode(g, svc)
}
fn("ns", g)
fn("other", g)
AddAllExposedPodEdges(g)
AddAllExposedPodTemplateSpecEdges(g)
AddAllManagedByControllerPodEdges(g)
for _, edge := range g.Edges() {
nsTo, err := namespaceFor(edge.To())
if err != nil {
t.Fatal(err)
}
nsFrom, err := namespaceFor(edge.From())
if err != nil {
t.Fatal(err)
}
if nsFrom != nsTo {
t.Errorf("edge %#v crosses namespace: %s %s", edge, nsFrom, nsTo)
}
}
}
func TestSecretEdges(t *testing.T) {
sa := &kapi.ServiceAccount{}
sa.Namespace = "ns"
sa.Name = "shultz"
sa.Secrets = []kapi.ObjectReference{{Name: "i-know-nothing"}, {Name: "missing"}}
secret1 := &kapi.Secret{}
secret1.Namespace = "ns"
secret1.Name = "i-know-nothing"
pod := &kapi.Pod{}
pod.Namespace = "ns"
pod.Name = "the-pod"
pod.Spec.Volumes = []kapi.Volume{{Name: "rose", VolumeSource: kapi.VolumeSource{Secret: &kapi.SecretVolumeSource{SecretName: "i-know-nothing"}}}}
g := osgraph.New()
saNode := kubegraph.EnsureServiceAccountNode(g, sa)
secretNode := kubegraph.EnsureSecretNode(g, secret1)
podNode := kubegraph.EnsurePodNode(g, pod)
AddAllMountableSecretEdges(g)
AddAllMountedSecretEdges(g)
if edge := g.Edge(saNode, secretNode); edge == nil {
t.Errorf("edge missing")
} else {
if !g.EdgeKinds(edge).Has(MountableSecretEdgeKind) {
t.Errorf("expected %v, got %v", MountableSecretEdgeKind, edge)
}
}
podSpecNodes := g.SuccessorNodesByNodeAndEdgeKind(podNode, kubegraph.PodSpecNodeKind, osgraph.ContainsEdgeKind)
if len(podSpecNodes) != 1 {
t.Fatalf("wrong number of podspecs: %v", podSpecNodes)
}
if edge := g.Edge(podSpecNodes[0], secretNode); edge == nil {
t.Errorf("edge missing")
} else {
if !g.EdgeKinds(edge).Has(MountedSecretEdgeKind) {
t.Errorf("expected %v, got %v", MountedSecretEdgeKind, edge)
}
}
}
// addPodsToGraph adds pods to the graph.
//
// A pod is only *excluded* from being added to the graph if its phase is not
// pending or running and it is at least as old as the minimum age threshold
// defined by algorithm.
//
// Edges are added to the graph from each pod to the images specified by that
// pod's list of containers, as long as the image is managed by OpenShift.
func addPodsToGraph(g graph.Graph, pods *kapi.PodList, algorithm pruneAlgorithm) {
for i := range pods.Items {
pod := &pods.Items[i]
glog.V(4).Infof("Examining pod %s/%s", pod.Namespace, pod.Name)
if pod.Status.Phase != kapi.PodRunning && pod.Status.Phase != kapi.PodPending {
age := util.Now().Sub(pod.CreationTimestamp.Time)
if age >= algorithm.keepYoungerThan {
glog.V(4).Infof("Pod %s/%s is not running or pending and age is at least minimum pruning age - skipping", pod.Namespace, pod.Name)
// not pending or running, age is at least minimum pruning age, skip
continue
}
}
glog.V(4).Infof("Adding pod %s/%s to graph", pod.Namespace, pod.Name)
podNode := kubegraph.EnsurePodNode(g, pod)
addPodSpecToGraph(g, &pod.Spec, podNode)
}
}