mirror of https://github.com/portainer/portainer
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
457 lines
18 KiB
457 lines
18 KiB
package cli
|
|
|
|
import (
|
|
"context"
|
|
|
|
models "github.com/portainer/portainer/api/http/models/kubernetes"
|
|
"github.com/rs/zerolog/log"
|
|
appsv1 "k8s.io/api/apps/v1"
|
|
autoscalingv2 "k8s.io/api/autoscaling/v2"
|
|
corev1 "k8s.io/api/core/v1"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
labels "k8s.io/apimachinery/pkg/labels"
|
|
)
|
|
|
|
// GetAllKubernetesApplications gets a list of kubernetes workloads (or applications) across all namespaces in the cluster
|
|
// if the user is an admin, all namespaces in the current k8s environment(endpoint) are fetched using the fetchApplications function.
|
|
// otherwise, namespaces the non-admin user has access to will be used to filter the applications based on the allowed namespaces.
|
|
func (kcl *KubeClient) GetApplications(namespace, nodeName string, withDependencies bool) ([]models.K8sApplication, error) {
|
|
if kcl.IsKubeAdmin {
|
|
return kcl.fetchApplications(namespace, nodeName, withDependencies)
|
|
}
|
|
|
|
return kcl.fetchApplicationsForNonAdmin(namespace, nodeName, withDependencies)
|
|
}
|
|
|
|
// fetchApplications fetches the applications in the namespaces the user has access to.
|
|
// This function is called when the user is an admin.
|
|
func (kcl *KubeClient) fetchApplications(namespace, nodeName string, withDependencies bool) ([]models.K8sApplication, error) {
|
|
podListOptions := metav1.ListOptions{}
|
|
if nodeName != "" {
|
|
podListOptions.FieldSelector = "spec.nodeName=" + nodeName
|
|
}
|
|
if !withDependencies {
|
|
// TODO: make sure not to fetch services in fetchAllApplicationsListResources from this call
|
|
pods, replicaSets, deployments, statefulSets, daemonSets, _, _, err := kcl.fetchAllApplicationsListResources(namespace, podListOptions)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return kcl.convertPodsToApplications(pods, replicaSets, deployments, statefulSets, daemonSets, nil, nil)
|
|
}
|
|
|
|
pods, replicaSets, deployments, statefulSets, daemonSets, services, hpas, err := kcl.fetchAllApplicationsListResources(namespace, podListOptions)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return kcl.convertPodsToApplications(pods, replicaSets, deployments, statefulSets, daemonSets, services, hpas)
|
|
}
|
|
|
|
// fetchApplicationsForNonAdmin fetches the applications in the namespaces the user has access to.
|
|
// This function is called when the user is not an admin.
|
|
func (kcl *KubeClient) fetchApplicationsForNonAdmin(namespace, nodeName string, withDependencies bool) ([]models.K8sApplication, error) {
|
|
log.Debug().Msgf("Fetching applications for non-admin user: %v", kcl.NonAdminNamespaces)
|
|
|
|
if len(kcl.NonAdminNamespaces) == 0 {
|
|
return nil, nil
|
|
}
|
|
|
|
podListOptions := metav1.ListOptions{}
|
|
if nodeName != "" {
|
|
podListOptions.FieldSelector = "spec.nodeName=" + nodeName
|
|
}
|
|
|
|
if !withDependencies {
|
|
pods, replicaSets, _, _, _, _, _, err := kcl.fetchAllPodsAndReplicaSets(namespace, podListOptions)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return kcl.convertPodsToApplications(pods, replicaSets, nil, nil, nil, nil, nil)
|
|
}
|
|
|
|
pods, replicaSets, deployments, statefulSets, daemonSets, services, hpas, err := kcl.fetchAllApplicationsListResources(namespace, podListOptions)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
applications, err := kcl.convertPodsToApplications(pods, replicaSets, deployments, statefulSets, daemonSets, services, hpas)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
nonAdminNamespaceSet := kcl.buildNonAdminNamespacesMap()
|
|
results := make([]models.K8sApplication, 0)
|
|
for _, application := range applications {
|
|
if _, ok := nonAdminNamespaceSet[application.ResourcePool]; ok {
|
|
results = append(results, application)
|
|
}
|
|
}
|
|
|
|
return results, nil
|
|
}
|
|
|
|
// convertPodsToApplications processes pods and converts them to applications, ensuring uniqueness by owner reference.
|
|
func (kcl *KubeClient) convertPodsToApplications(pods []corev1.Pod, replicaSets []appsv1.ReplicaSet, deployments []appsv1.Deployment, statefulSets []appsv1.StatefulSet, daemonSets []appsv1.DaemonSet, services []corev1.Service, hpas []autoscalingv2.HorizontalPodAutoscaler) ([]models.K8sApplication, error) {
|
|
applications := []models.K8sApplication{}
|
|
processedOwners := make(map[string]struct{})
|
|
|
|
for _, pod := range pods {
|
|
if len(pod.OwnerReferences) > 0 {
|
|
ownerUID := string(pod.OwnerReferences[0].UID)
|
|
if _, exists := processedOwners[ownerUID]; exists {
|
|
continue
|
|
}
|
|
processedOwners[ownerUID] = struct{}{}
|
|
}
|
|
|
|
application, err := kcl.ConvertPodToApplication(pod, replicaSets, deployments, statefulSets, daemonSets, services, hpas, true)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if application != nil {
|
|
applications = append(applications, *application)
|
|
}
|
|
}
|
|
|
|
return applications, nil
|
|
}
|
|
|
|
// GetClusterApplicationsResource returns the total resource requests and limits for all applications in a namespace
|
|
// for a cluster level resource, set the namespace to ""
|
|
func (kcl *KubeClient) GetApplicationsResource(namespace, node string) (models.K8sApplicationResource, error) {
|
|
resource := models.K8sApplicationResource{}
|
|
podListOptions := metav1.ListOptions{}
|
|
if node != "" {
|
|
podListOptions.FieldSelector = "spec.nodeName=" + node
|
|
}
|
|
|
|
pods, err := kcl.cli.CoreV1().Pods(namespace).List(context.Background(), podListOptions)
|
|
if err != nil {
|
|
return resource, err
|
|
}
|
|
|
|
for _, pod := range pods.Items {
|
|
podResources := calculatePodResourceUsage(pod)
|
|
resource.CPURequest += podResources.CPURequest
|
|
resource.CPULimit += podResources.CPULimit
|
|
resource.MemoryRequest += podResources.MemoryRequest
|
|
resource.MemoryLimit += podResources.MemoryLimit
|
|
}
|
|
|
|
return resource, nil
|
|
}
|
|
|
|
// GetApplicationsFromConfigMap gets a list of applications that use a specific ConfigMap
|
|
// by checking all pods in the same namespace as the ConfigMap
|
|
func (kcl *KubeClient) GetApplicationNamesFromConfigMap(configMap models.K8sConfigMap, pods []corev1.Pod, replicaSets []appsv1.ReplicaSet) ([]string, error) {
|
|
applications := []string{}
|
|
for _, pod := range pods {
|
|
if pod.Namespace == configMap.Namespace {
|
|
if isPodUsingConfigMap(&pod, configMap.Name) {
|
|
application, err := kcl.ConvertPodToApplication(pod, replicaSets, nil, nil, nil, nil, nil, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
applications = append(applications, application.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
return applications, nil
|
|
}
|
|
|
|
func (kcl *KubeClient) GetApplicationNamesFromSecret(secret models.K8sSecret, pods []corev1.Pod, replicaSets []appsv1.ReplicaSet) ([]string, error) {
|
|
applications := []string{}
|
|
for _, pod := range pods {
|
|
if pod.Namespace == secret.Namespace {
|
|
if isPodUsingSecret(&pod, secret.Name) {
|
|
application, err := kcl.ConvertPodToApplication(pod, replicaSets, nil, nil, nil, nil, nil, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
applications = append(applications, application.Name)
|
|
}
|
|
}
|
|
}
|
|
|
|
return applications, nil
|
|
}
|
|
|
|
// ConvertPodToApplication converts a pod to an application, updating owner references if necessary
|
|
func (kcl *KubeClient) ConvertPodToApplication(pod corev1.Pod, replicaSets []appsv1.ReplicaSet, deployments []appsv1.Deployment, statefulSets []appsv1.StatefulSet, daemonSets []appsv1.DaemonSet, services []corev1.Service, hpas []autoscalingv2.HorizontalPodAutoscaler, withResource bool) (*models.K8sApplication, error) {
|
|
if isReplicaSetOwner(pod) {
|
|
updateOwnerReferenceToDeployment(&pod, replicaSets)
|
|
}
|
|
|
|
application := createApplication(&pod, deployments, statefulSets, daemonSets, services, hpas)
|
|
if application.ID == "" && application.Name == "" {
|
|
return nil, nil
|
|
}
|
|
|
|
if withResource {
|
|
podResources := calculatePodResourceUsage(pod)
|
|
// multiply by the number of requested pods in the application (not the running count)
|
|
application.Resource.CPURequest = podResources.CPURequest * float64(application.TotalPodsCount)
|
|
application.Resource.CPULimit = podResources.CPULimit * float64(application.TotalPodsCount)
|
|
application.Resource.MemoryRequest = podResources.MemoryRequest * int64(application.TotalPodsCount)
|
|
application.Resource.MemoryLimit = podResources.MemoryLimit * int64(application.TotalPodsCount)
|
|
}
|
|
|
|
return &application, nil
|
|
}
|
|
|
|
// createApplication creates a K8sApplication object from a pod
|
|
// it sets the application name, namespace, kind, image, stack id, stack name, and labels
|
|
func createApplication(pod *corev1.Pod, deployments []appsv1.Deployment, statefulSets []appsv1.StatefulSet, daemonSets []appsv1.DaemonSet, services []corev1.Service, hpas []autoscalingv2.HorizontalPodAutoscaler) models.K8sApplication {
|
|
kind := "Pod"
|
|
name := pod.Name
|
|
|
|
if len(pod.OwnerReferences) > 0 {
|
|
kind = pod.OwnerReferences[0].Kind
|
|
name = pod.OwnerReferences[0].Name
|
|
}
|
|
|
|
application := models.K8sApplication{
|
|
Services: []corev1.Service{},
|
|
Metadata: &models.Metadata{},
|
|
}
|
|
|
|
switch kind {
|
|
case "Deployment":
|
|
for _, deployment := range deployments {
|
|
if deployment.Name == name && deployment.Namespace == pod.Namespace {
|
|
application.ApplicationType = "Deployment"
|
|
application.Kind = "Deployment"
|
|
application.ID = string(deployment.UID)
|
|
application.ResourcePool = deployment.Namespace
|
|
application.Name = name
|
|
application.Image = deployment.Spec.Template.Spec.Containers[0].Image
|
|
application.ApplicationOwner = deployment.Labels["io.portainer.kubernetes.application.owner"]
|
|
application.StackID = deployment.Labels["io.portainer.kubernetes.application.stackid"]
|
|
application.StackName = deployment.Labels["io.portainer.kubernetes.application.stack"]
|
|
application.Labels = deployment.Labels
|
|
application.MatchLabels = deployment.Spec.Selector.MatchLabels
|
|
application.CreationDate = deployment.CreationTimestamp.Time
|
|
application.TotalPodsCount = int(deployment.Status.Replicas)
|
|
application.RunningPodsCount = int(deployment.Status.ReadyReplicas)
|
|
application.DeploymentType = "Replicated"
|
|
application.Metadata = &models.Metadata{
|
|
Labels: deployment.Labels,
|
|
}
|
|
|
|
break
|
|
}
|
|
}
|
|
|
|
case "StatefulSet":
|
|
for _, statefulSet := range statefulSets {
|
|
if statefulSet.Name == name && statefulSet.Namespace == pod.Namespace {
|
|
application.Kind = "StatefulSet"
|
|
application.ApplicationType = "StatefulSet"
|
|
application.ID = string(statefulSet.UID)
|
|
application.ResourcePool = statefulSet.Namespace
|
|
application.Name = name
|
|
application.Image = statefulSet.Spec.Template.Spec.Containers[0].Image
|
|
application.ApplicationOwner = statefulSet.Labels["io.portainer.kubernetes.application.owner"]
|
|
application.StackID = statefulSet.Labels["io.portainer.kubernetes.application.stackid"]
|
|
application.StackName = statefulSet.Labels["io.portainer.kubernetes.application.stack"]
|
|
application.Labels = statefulSet.Labels
|
|
application.MatchLabels = statefulSet.Spec.Selector.MatchLabels
|
|
application.CreationDate = statefulSet.CreationTimestamp.Time
|
|
application.TotalPodsCount = int(statefulSet.Status.Replicas)
|
|
application.RunningPodsCount = int(statefulSet.Status.ReadyReplicas)
|
|
application.DeploymentType = "Replicated"
|
|
application.Metadata = &models.Metadata{
|
|
Labels: statefulSet.Labels,
|
|
}
|
|
|
|
break
|
|
}
|
|
}
|
|
|
|
case "DaemonSet":
|
|
for _, daemonSet := range daemonSets {
|
|
if daemonSet.Name == name && daemonSet.Namespace == pod.Namespace {
|
|
application.Kind = "DaemonSet"
|
|
application.ApplicationType = "DaemonSet"
|
|
application.ID = string(daemonSet.UID)
|
|
application.ResourcePool = daemonSet.Namespace
|
|
application.Name = name
|
|
application.Image = daemonSet.Spec.Template.Spec.Containers[0].Image
|
|
application.ApplicationOwner = daemonSet.Labels["io.portainer.kubernetes.application.owner"]
|
|
application.StackID = daemonSet.Labels["io.portainer.kubernetes.application.stackid"]
|
|
application.StackName = daemonSet.Labels["io.portainer.kubernetes.application.stack"]
|
|
application.Labels = daemonSet.Labels
|
|
application.MatchLabels = daemonSet.Spec.Selector.MatchLabels
|
|
application.CreationDate = daemonSet.CreationTimestamp.Time
|
|
application.TotalPodsCount = int(daemonSet.Status.DesiredNumberScheduled)
|
|
application.RunningPodsCount = int(daemonSet.Status.NumberReady)
|
|
application.DeploymentType = "Global"
|
|
application.Metadata = &models.Metadata{
|
|
Labels: daemonSet.Labels,
|
|
}
|
|
|
|
break
|
|
}
|
|
}
|
|
|
|
case "Pod":
|
|
runningPodsCount := 1
|
|
if pod.Status.Phase != corev1.PodRunning {
|
|
runningPodsCount = 0
|
|
}
|
|
|
|
application.ApplicationType = "Pod"
|
|
application.Kind = "Pod"
|
|
application.ID = string(pod.UID)
|
|
application.ResourcePool = pod.Namespace
|
|
application.Name = pod.Name
|
|
application.Image = pod.Spec.Containers[0].Image
|
|
application.ApplicationOwner = pod.Labels["io.portainer.kubernetes.application.owner"]
|
|
application.StackID = pod.Labels["io.portainer.kubernetes.application.stackid"]
|
|
application.StackName = pod.Labels["io.portainer.kubernetes.application.stack"]
|
|
application.Labels = pod.Labels
|
|
application.MatchLabels = pod.Labels
|
|
application.CreationDate = pod.CreationTimestamp.Time
|
|
application.TotalPodsCount = 1
|
|
application.RunningPodsCount = runningPodsCount
|
|
application.DeploymentType = string(pod.Status.Phase)
|
|
application.Metadata = &models.Metadata{
|
|
Labels: pod.Labels,
|
|
}
|
|
}
|
|
|
|
if application.ID != "" && application.Name != "" && len(services) > 0 {
|
|
updateApplicationWithService(&application, services)
|
|
}
|
|
|
|
if application.ID != "" && application.Name != "" && len(hpas) > 0 {
|
|
updateApplicationWithHorizontalPodAutoscaler(&application, hpas)
|
|
}
|
|
|
|
return application
|
|
}
|
|
|
|
// updateApplicationWithService updates the application with the services that match the application's selector match labels
|
|
// and are in the same namespace as the application
|
|
func updateApplicationWithService(application *models.K8sApplication, services []corev1.Service) {
|
|
for _, service := range services {
|
|
serviceSelector := labels.SelectorFromSet(service.Spec.Selector)
|
|
|
|
if service.Namespace == application.ResourcePool && !serviceSelector.Empty() && serviceSelector.Matches(labels.Set(application.MatchLabels)) {
|
|
application.ServiceType = string(service.Spec.Type)
|
|
application.Services = append(application.Services, service)
|
|
}
|
|
}
|
|
}
|
|
|
|
func updateApplicationWithHorizontalPodAutoscaler(application *models.K8sApplication, hpas []autoscalingv2.HorizontalPodAutoscaler) {
|
|
for _, hpa := range hpas {
|
|
// Check if HPA is in the same namespace as the application
|
|
if hpa.Namespace != application.ResourcePool {
|
|
continue
|
|
}
|
|
|
|
// Check if the scale target ref matches the application
|
|
scaleTargetRef := hpa.Spec.ScaleTargetRef
|
|
if scaleTargetRef.Name == application.Name && scaleTargetRef.Kind == application.Kind {
|
|
hpaCopy := hpa // Create a local copy
|
|
application.HorizontalPodAutoscaler = &hpaCopy
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
// calculatePodResourceUsage calculates the resource usage for a pod in CPU cores and Bytes
|
|
func calculatePodResourceUsage(pod corev1.Pod) models.K8sApplicationResource {
|
|
resource := models.K8sApplicationResource{}
|
|
for _, container := range pod.Spec.Containers {
|
|
// CPU cores as a decimal
|
|
resource.CPURequest += float64(container.Resources.Requests.Cpu().MilliValue()) / 1000
|
|
resource.CPULimit += float64(container.Resources.Limits.Cpu().MilliValue()) / 1000
|
|
// Bytes
|
|
resource.MemoryRequest += container.Resources.Requests.Memory().Value()
|
|
resource.MemoryLimit += container.Resources.Limits.Memory().Value()
|
|
}
|
|
return resource
|
|
}
|
|
|
|
// GetApplicationFromServiceSelector gets applications based on service selectors
|
|
// it matches the service selector with the pod labels
|
|
func (kcl *KubeClient) GetApplicationFromServiceSelector(pods []corev1.Pod, service models.K8sServiceInfo, replicaSets []appsv1.ReplicaSet) (*models.K8sApplication, error) {
|
|
servicesSelector := labels.SelectorFromSet(service.Selector)
|
|
if servicesSelector.Empty() {
|
|
return nil, nil
|
|
}
|
|
|
|
for _, pod := range pods {
|
|
if servicesSelector.Matches(labels.Set(pod.Labels)) {
|
|
if isReplicaSetOwner(pod) {
|
|
updateOwnerReferenceToDeployment(&pod, replicaSets)
|
|
}
|
|
|
|
return &models.K8sApplication{
|
|
Name: pod.OwnerReferences[0].Name,
|
|
Kind: pod.OwnerReferences[0].Kind,
|
|
}, nil
|
|
}
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
// GetApplicationConfigurationOwnersFromConfigMap gets a list of applications that use a specific ConfigMap
|
|
// by checking all pods in the same namespace as the ConfigMap
|
|
func (kcl *KubeClient) GetApplicationConfigurationOwnersFromConfigMap(configMap models.K8sConfigMap, pods []corev1.Pod, replicaSets []appsv1.ReplicaSet) ([]models.K8sConfigurationOwnerResource, error) {
|
|
configurationOwners := []models.K8sConfigurationOwnerResource{}
|
|
for _, pod := range pods {
|
|
if pod.Namespace == configMap.Namespace {
|
|
if isPodUsingConfigMap(&pod, configMap.Name) {
|
|
application, err := kcl.ConvertPodToApplication(pod, replicaSets, nil, nil, nil, nil, nil, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if application != nil {
|
|
configurationOwners = append(configurationOwners, models.K8sConfigurationOwnerResource{
|
|
Name: application.Name,
|
|
ResourceKind: application.Kind,
|
|
Id: application.UID,
|
|
})
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return configurationOwners, nil
|
|
}
|
|
|
|
// GetApplicationConfigurationOwnersFromSecret gets a list of applications that use a specific Secret
|
|
// by checking all pods in the same namespace as the Secret
|
|
func (kcl *KubeClient) GetApplicationConfigurationOwnersFromSecret(secret models.K8sSecret, pods []corev1.Pod, replicaSets []appsv1.ReplicaSet) ([]models.K8sConfigurationOwnerResource, error) {
|
|
configurationOwners := []models.K8sConfigurationOwnerResource{}
|
|
for _, pod := range pods {
|
|
if pod.Namespace == secret.Namespace {
|
|
if isPodUsingSecret(&pod, secret.Name) {
|
|
application, err := kcl.ConvertPodToApplication(pod, replicaSets, nil, nil, nil, nil, nil, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if application != nil {
|
|
configurationOwners = append(configurationOwners, models.K8sConfigurationOwnerResource{
|
|
Name: application.Name,
|
|
ResourceKind: application.Kind,
|
|
Id: application.UID,
|
|
})
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return configurationOwners, nil
|
|
}
|