remove hard-coded value for ignoring namespace

Signed-off-by: Ankur Kothiwal <ankur.kothiwal99@gmail.com>
accuknox · Oct 5, 2023 · b5551a4 · b5551a4
1 parent 4aedbe7
commit b5551a4
Showing 1 changed file with 22 additions and 8 deletions.
diff --git a/src/cluster/k8sClientHandler.go b/src/cluster/k8sClientHandler.go
@@ -6,8 +6,10 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/accuknox/auto-policy-discovery/src/config"
 	"github.com/accuknox/auto-policy-discovery/src/libs"
 	"github.com/accuknox/auto-policy-discovery/src/types"
+	"github.com/rs/zerolog/log"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -346,6 +348,7 @@ func GetClusterNameFromK8sClient() string {
 
 func GetDeploymentsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -361,8 +364,10 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 	}
 
 	for _, d := range deployments.Items {
-		if d.Namespace == "kube-system" {
-			continue
+		for _, notns := range nsNotFilter {
+			if strings.Contains(d.Namespace, notns) {
+				continue
+			}
 		}
 
 		if d.Spec.Selector.MatchLabels != nil {
@@ -392,6 +397,7 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 
 func GetReplicaSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -408,8 +414,10 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 	for _, rs := range replicasets.Items {
 		if rs.OwnerReferences == nil {
-			if rs.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(rs.Namespace, notns) {
+					continue
+				}
 			}
 
 			if rs.Spec.Selector.MatchLabels != nil {
@@ -436,6 +444,7 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 func GetDaemonSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -452,8 +461,10 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 	for _, ds := range daemonsets.Items {
 		if ds.OwnerReferences == nil {
-			if ds.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(ds.Namespace, notns) {
+					continue
+				}
 			}
 
 			if ds.Spec.Selector.MatchLabels != nil {
@@ -480,6 +491,7 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 func GetStatefulSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -496,8 +508,10 @@ func GetStatefulSetsFromK8sClient() []types.Deployment {
 
 	for _, sts := range statefulset.Items {
 		if sts.OwnerReferences == nil {
-			if sts.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(sts.Namespace, notns) {
+					continue
+				}
 			}
 
 			if sts.Spec.Selector.MatchLabels != nil {