search

aws-containers / kubectl-detector-for-docker-socket

A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock volume
Apache License 2.0
175 stars 21 forks source link

Scan pod if unknown owner #16

Closed Bourne-ID-Work closed 1 year ago

Bourne-ID-Work commented 1 year ago

Relates to #13

Previous output:

❯ kubectl dds -n gha-rbourne
could not find resource manager for type Runner for pod gha-rbourne-12345-67890
NAMESPACE   TYPE    NAME    STATUS
❯

New Output:

could not find resource manager for type Runner for pod gha-rbourne-12345-67890
NAMESPACE                       TYPE    NAME                                            STATUS  
gha-rbourne-hackathon-2023      pod     gha-rbourne-12345-67890     mounted

At this time I believe it is more worthwhile outputting low level pods when the owner is unknown understanding this can be verbose for clusters with large numbers of pods with docker host mounts, however the existing error does not make it clear the pod in question was not scanned.

rothgar commented 1 year ago

I agree we should probably output something even if the type isn't known. Can you also add output if the user passes --verbose to always show the output (even if unmounted)?

Bourne-ID-Work commented 1 year ago

Sure, will make the edits later today.

sidewinder12s commented 1 year ago

Also stumbled onto this, we missed a bunch of docker.sock mounts because I dismissed the could not find error without investigating.