Merge pull request #3743 from weaveworks/more-pause

kubernetes: detect more 'pause' containers
2026-02-14 18:09:59 +00:00 · 2020-01-23 14:43:06 +00:00
parent a375a54546 880daa78ff
commit 53297eb07c
3 changed files with 40 additions and 3 deletions
--- a/probe/kubernetes/reporter.go
+++ b/probe/kubernetes/reporter.go
@@ -248,6 +248,10 @@ func (r *Reporter) podEvent(e Event, pod Pod) {
 }

 func isPauseContainer(n report.Node, rpt report.Report) bool {
+	k8sContainerType, _ := n.Latest.Lookup(report.DockerLabelPrefix + "io.kubernetes.docker.type")
+	if k8sContainerType == "podsandbox" { // this label is added by dockershim
+		return true
+	}
 	containerImageIDs, ok := n.Parents.Lookup(report.ContainerImage)
 	if !ok {
 		return false
--- a/probe/kubernetes/reporter_test.go
+++ b/probe/kubernetes/reporter_test.go
@@ -347,8 +347,23 @@ func BenchmarkReporter(b *testing.B) {

 func TestTagger(t *testing.T) {
 	rpt := report.MakeReport()
+	rpt.ContainerImage.AddNode(report.MakeNodeWith("image1", map[string]string{
+		docker.ImageName: "weaveworks/some_interesting_image",
+	}))
+	rpt.ContainerImage.AddNode(report.MakeNodeWith("pause_image", map[string]string{
+		docker.ImageName: "google_containers/pause",
+	}))
 	rpt.Container.AddNode(report.MakeNodeWith("container1", map[string]string{
 		docker.LabelPrefix + "io.kubernetes.pod.uid": "123456",
+	}).WithParent(report.ContainerImage, "image1"))
+	// This is the first way that Scope identified a pause container - via image name
+	rpt.Container.AddNode(report.MakeNodeWith("container2", map[string]string{
+		docker.LabelPrefix + "io.kubernetes.pod.uid": "123456",
+	}).WithParent(report.ContainerImage, "pause_image"))
+	// Second way that Scope identifies a pause container - via docker.type label
+	rpt.Container.AddNode(report.MakeNodeWith("container3", map[string]string{
+		docker.LabelPrefix + "io.kubernetes.pod.uid":     "123456",
+		docker.LabelPrefix + "io.kubernetes.docker.type": "podsandbox",
 	}))

 	rpt, err := (&kubernetes.Tagger{}).Tag(rpt)
@@ -356,10 +371,24 @@ func TestTagger(t *testing.T) {
 		t.Errorf("Unexpected error: %v", err)
 	}

-	have, ok := rpt.Container.Nodes["container1"].Parents.Lookup(report.Pod)
+	podParents, ok := rpt.Container.Nodes["container1"].Parents.Lookup(report.Pod)
 	want := report.MakeStringSet(report.MakePodNodeID("123456"))
-	if !ok || !reflect.DeepEqual(have, want) {
-		t.Errorf("Expected container to have pod parent %v %v", have, want)
+	if !ok || !reflect.DeepEqual(podParents, want) {
+		t.Errorf("Expected container1 to have pod parent %v %v", podParents, want)
+	}
+	_, ok = rpt.Container.Nodes["container1"].Latest.Lookup(report.DoesNotMakeConnections)
+	if ok {
+		t.Errorf("Expected container1 not to have DoesNotMakeConnections flag")
+	}
+
+	_, ok = rpt.Container.Nodes["container2"].Latest.Lookup(report.DoesNotMakeConnections)
+	if !ok {
+		t.Errorf("Expected pause container to have DoesNotMakeConnections flag")
+	}
+
+	_, ok = rpt.Container.Nodes["container3"].Latest.Lookup(report.DoesNotMakeConnections)
+	if !ok {
+		t.Errorf("Expected pause container to have DoesNotMakeConnections flag")
 	}
 }

--- a/render/filters.go
+++ b/render/filters.go
@@ -245,6 +245,10 @@ func IsApplication(n report.Node) bool {
 	if _, ok := systemImagePrefixes[imagePrefix]; ok || report.IsPauseImageName(imagePrefix) {
 		return false
 	}
+	k8sContainerType, _ := n.Latest.Lookup(report.DockerLabelPrefix + "io.kubernetes.docker.type")
+	if k8sContainerType == "podsandbox" { // another way to detect "pause container"
+		return false
+	}
 	roleLabel, _ := n.Latest.Lookup(report.DockerLabelPrefix + "works.weave.role")
 	if roleLabel == "system" {
 		return false