remove hard-coded value for ignoring namespace

Signed-off-by: Ankur Kothiwal <ankur.kothiwal99@gmail.com>
accuknox · Jul 4, 2023 · 8a15eaf · 8a15eaf
1 parent 66b2e06
commit 8a15eaf
Showing 1 changed file with 21 additions and 8 deletions.
diff --git a/src/cluster/k8sClientHandler.go b/src/cluster/k8sClientHandler.go
@@ -6,6 +6,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/accuknox/auto-policy-discovery/src/config"
 	"github.com/accuknox/auto-policy-discovery/src/libs"
 	"github.com/accuknox/auto-policy-discovery/src/types"
 	v1 "k8s.io/api/core/v1"
@@ -346,6 +347,7 @@ func GetClusterNameFromK8sClient() string {
 
 func GetDeploymentsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -361,8 +363,10 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 	}
 
 	for _, d := range deployments.Items {
-		if d.Namespace == "kube-system" {
-			continue
+		for _, notns := range nsNotFilter {
+			if strings.Contains(d.Namespace, notns) {
+				continue
+			}
 		}
 
 		if d.Spec.Selector.MatchLabels != nil {
@@ -392,6 +396,7 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 
 func GetReplicaSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -408,8 +413,10 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 	for _, rs := range replicasets.Items {
 		if rs.OwnerReferences == nil {
-			if rs.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(rs.Namespace, notns) {
+					continue
+				}
 			}
 
 			if rs.Spec.Selector.MatchLabels != nil {
@@ -436,6 +443,7 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 func GetDaemonSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -452,8 +460,10 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 	for _, ds := range daemonsets.Items {
 		if ds.OwnerReferences == nil {
-			if ds.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(ds.Namespace, notns) {
+					continue
+				}
 			}
 
 			if ds.Spec.Selector.MatchLabels != nil {
@@ -480,6 +490,7 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 func GetStatefulSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -496,8 +507,10 @@ func GetStatefulSetsFromK8sClient() []types.Deployment {
 
 	for _, sts := range statefulset.Items {
 		if sts.OwnerReferences == nil {
-			if sts.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(sts.Namespace, notns) {
+					continue
+				}
 			}
 
 			if sts.Spec.Selector.MatchLabels != nil {