remove hard-coded value for ignoring namespace

Signed-off-by: Ankur Kothiwal <ankur.kothiwal99@gmail.com>
accuknox · Jun 14, 2023 · d25ad16 · d25ad16
1 parent 45d3606
commit d25ad16
Showing 1 changed file with 21 additions and 8 deletions.
diff --git a/src/cluster/k8sClientHandler.go b/src/cluster/k8sClientHandler.go
@@ -9,6 +9,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/accuknox/auto-policy-discovery/src/config"
 	"github.com/accuknox/auto-policy-discovery/src/libs"
 	"github.com/accuknox/auto-policy-discovery/src/types"
 	v1 "k8s.io/api/core/v1"
@@ -436,6 +437,7 @@ func GetClusterNameFromK8sClient() string {
 
 func GetDeploymentsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -451,8 +453,10 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 	}
 
 	for _, d := range deployments.Items {
-		if d.Namespace == "kube-system" {
-			continue
+		for _, notns := range nsNotFilter {
+			if strings.Contains(d.Namespace, notns) {
+				continue
+			}
 		}
 
 		if d.Spec.Selector.MatchLabels != nil {
@@ -482,6 +486,7 @@ func GetDeploymentsFromK8sClient() []types.Deployment {
 
 func GetReplicaSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -498,8 +503,10 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 	for _, rs := range replicasets.Items {
 		if rs.OwnerReferences == nil {
-			if rs.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(rs.Namespace, notns) {
+					continue
+				}
 			}
 
 			if rs.Spec.Selector.MatchLabels != nil {
@@ -526,6 +533,7 @@ func GetReplicaSetsFromK8sClient() []types.Deployment {
 
 func GetDaemonSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -542,8 +550,10 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 	for _, ds := range daemonsets.Items {
 		if ds.OwnerReferences == nil {
-			if ds.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(ds.Namespace, notns) {
+					continue
+				}
 			}
 
 			if ds.Spec.Selector.MatchLabels != nil {
@@ -570,6 +580,7 @@ func GetDaemonSetsFromK8sClient() []types.Deployment {
 
 func GetStatefulSetsFromK8sClient() []types.Deployment {
 	results := []types.Deployment{}
+	nsNotFilter := config.CurrentCfg.ConfigSysPolicy.NsNotFilter
 
 	client := ConnectK8sClient()
 	if client == nil {
@@ -586,8 +597,10 @@ func GetStatefulSetsFromK8sClient() []types.Deployment {
 
 	for _, sts := range statefulset.Items {
 		if sts.OwnerReferences == nil {
-			if sts.Namespace == "kube-system" {
-				continue
+			for _, notns := range nsNotFilter {
+				if strings.Contains(sts.Namespace, notns) {
+					continue
+				}
 			}
 
 			if sts.Spec.Selector.MatchLabels != nil {