Merge pull request #76 from valbeat/feature/bare-pods-skip-static-pod

checks bare-pods: skip static pods
2020-01-15 16:43:21 -07:00 · 2020-01-15 16:43:21 -07:00 · 0131e2f570
parent e0df92b809 5b77ddab97
commit 0131e2f570
2 changed files with 81 additions and 0 deletions
--- a/checks/basic/bare_pods.go
+++ b/checks/basic/bare_pods.go
@ -17,8 +17,11 @@ limitations under the License.
 package basic

 import (
+	"strings"
+
 	"github.com/digitalocean/clusterlint/checks"
 	"github.com/digitalocean/clusterlint/kube"
+	corev1 "k8s.io/api/core/v1"
 )

 func init() {
@ -49,6 +52,12 @@ func (b *barePodCheck) Run(objects *kube.Objects) ([]checks.Diagnostic, error) {
 	for _, pod := range objects.Pods.Items {
 		pod := pod
 		if len(pod.ObjectMeta.OwnerReferences) == 0 {
+			// skip static pod
+			if objects.Nodes != nil {
+				if isStaticPod(pod, objects.Nodes.Items) {
+					continue
+				}
+			}
 			d := checks.Diagnostic{
 				Severity: checks.Warning,
 				Message:  "Avoid using bare pods in clusters",
@ -62,3 +71,13 @@ func (b *barePodCheck) Run(objects *kube.Objects) ([]checks.Diagnostic, error) {

 	return diagnostics, nil
 }
+
+func isStaticPod(pod corev1.Pod, nodeList []corev1.Node) bool {
+	for _,node := range nodeList {
+		// https://github.com/kubernetes/kubernetes/blob/b409073e99695ea35642a8194b9285ac12fd0cf8/pkg/kubelet/config/common.go#L51
+		if strings.HasSuffix(pod.Name, "-" + strings.ToLower(node.Name)) {
+			return true
+		}
+	}
+	return false
+}
--- a/checks/basic/bare_pods_test.go
+++ b/checks/basic/bare_pods_test.go
@ -94,6 +94,16 @@ func TestBarePodError(t *testing.T) {
 				},
 			},
 		},
+		{
+			name:     "pod with node name (static pod)",
+			objs:     initNodeAndPodWithNodeName(),
+			expected: nil,
+		},
+		{
+			name:     "multiple pods with node name (static pod)",
+			objs:     initNodeAndPodsWithNodeName(),
+			expected: nil,
+		},
 	}

 	barePodCheck := &barePodCheck{}
@ -118,3 +128,55 @@ func initRefs(objs *kube.Objects) *kube.Objects {
 	}
 	return objs
 }
+
+func initNodeAndPodWithNodeName() *kube.Objects {
+	objs := &kube.Objects{
+		Pods: &corev1.PodList{
+			Items: []corev1.Pod{
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Pod", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "pod_foo-node_a", Namespace: "k8s"},
+				},
+			},
+		},
+		Nodes: &corev1.NodeList{
+			Items: []corev1.Node{
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Node", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "node_a"},
+				},
+			},
+		},
+	}
+	return objs
+}
+
+func initNodeAndPodsWithNodeName() *kube.Objects {
+	objs := &kube.Objects{
+		Pods: &corev1.PodList{
+			Items: []corev1.Pod{
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Pod", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "pod_foo-node_a", Namespace: "k8s"},
+				},
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Pod", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "pod_foo-node_b", Namespace: "k8s"},
+				},
+			},
+		},
+		Nodes: &corev1.NodeList{
+			Items: []corev1.Node{
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Node", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "node_a"},
+				},
+				{
+					TypeMeta:   metav1.TypeMeta{Kind: "Node", APIVersion: "v1"},
+					ObjectMeta: metav1.ObjectMeta{Name: "node_b"},
+				},
+			},
+		},
+	}
+	return objs
+}