Skip to content

Commit 2aec662

Browse files
author
Serhii Zakharov
committed
add egress ips to anonymizer
1 parent 9052d1d commit 2aec662

File tree

1 file changed

+24
-2
lines changed

1 file changed

+24
-2
lines changed

pkg/anonymization/anonymizer.go

+24-2
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ import (
3030
"strings"
3131

3232
configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
33+
networkv1client "github.com/openshift/client-go/network/clientset/versioned/typed/network/v1"
3334
corev1 "k8s.io/api/core/v1"
3435
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3536
"k8s.io/client-go/kubernetes"
@@ -110,7 +111,10 @@ func NewAnonymizer(clusterBaseDomain string, networks []string, secretsClient co
110111

111112
// NewAnonymizerFromConfigClient creates a new instance of anonymizer with a provided openshift config client
112113
func NewAnonymizerFromConfigClient(
113-
ctx context.Context, kubeClient kubernetes.Interface, configClient configv1client.ConfigV1Interface,
114+
ctx context.Context,
115+
kubeClient kubernetes.Interface,
116+
configClient configv1client.ConfigV1Interface,
117+
networkClient networkv1client.NetworkV1Interface,
114118
) (*Anonymizer, error) {
115119
baseDomain, err := utils.GetClusterBaseDomain(ctx, configClient)
116120
if err != nil {
@@ -143,6 +147,19 @@ func NewAnonymizerFromConfigClient(
143147
networks = append(networks, networkRegex.FindAllString(installConfig, -1)...)
144148
}
145149

150+
// egress subnets
151+
152+
hostSubnets, err := networkClient.HostSubnets().List(ctx, metav1.ListOptions{})
153+
if err != nil {
154+
return nil, err
155+
}
156+
157+
for _, hostSubnet := range hostSubnets.Items {
158+
for _, egressCIDR := range hostSubnet.EgressCIDRs {
159+
networks = append(networks, string(egressCIDR))
160+
}
161+
}
162+
146163
// we're sorting by subnet lengths, if they are the same, we use subnet itself
147164
utils.SortAndRemoveDuplicates(&networks, func(i, j int) bool {
148165
if !strings.Contains(networks[i], "/") || !strings.Contains(networks[j], "/") {
@@ -177,7 +194,12 @@ func NewAnonymizerFromConfig(
177194
return nil, err
178195
}
179196

180-
return NewAnonymizerFromConfigClient(ctx, kubeClient, configClient)
197+
networkClient, err := networkv1client.NewForConfig(kubeConfig)
198+
if err != nil {
199+
return nil, err
200+
}
201+
202+
return NewAnonymizerFromConfigClient(ctx, kubeClient, configClient, networkClient)
181203
}
182204

183205
// AnonymizeMemoryRecord takes record.MemoryRecord, removes the sensitive data from it and returns the same object

0 commit comments

Comments
 (0)