search

nirmata / kyverno-aws-adapter

An adapter for Amazon EKS to use with Kyverno for making policy decisions
Apache License 2.0
11 stars 5 forks source link

Write a policy to detect AMIs past their deprecation time #63

Closed anusha94 closed 1 year ago

anusha94 commented 1 year ago

Description As a user, I would like to detect nodes built using AMIs that are past their deprecation time, So that I can uncordon / drain such nodes OR don't allow the creation of such nodes at all.

Potential Solution

Additional Information Sample AMI info:

{
    "Images": [
        {
            "Architecture": "x86_64",
            "CreationDate": "2023-01-05T17:34:40.000Z",
            "ImageId": "ami-0d8857ce76f65c24d",
            "ImageLocation": "amazon/amazon-eks-node-1.24-v20230105",
            "ImageType": "machine",
            "Public": true,
            "OwnerId": "602401143452",
            "PlatformDetails": "Linux/UNIX",
            "UsageOperation": "RunInstances",
            "State": "available",
            "BlockDeviceMappings": [
                {
                    "DeviceName": "/dev/xvda",
                    "Ebs": {
                        "DeleteOnTermination": true,
                        "SnapshotId": "snap-03f368c05fc65bb60",
                        "VolumeSize": 20,
                        "VolumeType": "gp2",
                        "Encrypted": false
                    }
                }
            ],
            "Description": "EKS Kubernetes Worker AMI with AmazonLinux2 image, (k8s: 1.24.7, docker: 20.10.17-1.amzn2.0.1, containerd: 1.6.6-1.amzn2.0.2)",
            "EnaSupport": true,
            "Hypervisor": "xen",
            "ImageOwnerAlias": "amazon",
            "Name": "amazon-eks-node-1.24-v20230105",
            "RootDeviceName": "/dev/xvda",
            "RootDeviceType": "ebs",
            "SriovNetSupport": "simple",
            "VirtualizationType": "hvm",
            "DeprecationTime": "2025-01-05T17:34:39.000Z"
        }
    ]
}
kbeniwal commented 1 year ago

Fixed by #66.