Skip to content

Commit d720f60

Browse files
author
Serhii Zakharov
committed
add egress ips to anonymizer
1 parent 1b45229 commit d720f60

File tree

1 file changed

+24
-2
lines changed

1 file changed

+24
-2
lines changed

pkg/anonymization/anonymizer.go

+24-2
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ import (
3030
"strings"
3131

3232
configv1client "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
33+
networkv1client "github.com/openshift/client-go/network/clientset/versioned/typed/network/v1"
3334
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3435
"k8s.io/client-go/kubernetes"
3536
"k8s.io/client-go/rest"
@@ -97,7 +98,10 @@ func NewAnonymizer(clusterBaseDomain string, networks []string) (*Anonymizer, er
9798

9899
// NewAnonymizerFromConfigClient creates a new instance of anonymizer with a provided openshift config client
99100
func NewAnonymizerFromConfigClient(
100-
ctx context.Context, kubeClient kubernetes.Interface, configClient configv1client.ConfigV1Interface,
101+
ctx context.Context,
102+
kubeClient kubernetes.Interface,
103+
configClient configv1client.ConfigV1Interface,
104+
networkClient networkv1client.NetworkV1Interface,
101105
) (*Anonymizer, error) {
102106
baseDomain, err := utils.GetClusterBaseDomain(ctx, configClient)
103107
if err != nil {
@@ -128,6 +132,19 @@ func NewAnonymizerFromConfigClient(
128132
networks = append(networks, networkRegex.FindAllString(installConfig, -1)...)
129133
}
130134

135+
// egress subnets
136+
137+
hostSubnets, err := networkClient.HostSubnets().List(ctx, metav1.ListOptions{})
138+
if err != nil {
139+
return nil, err
140+
}
141+
142+
for _, hostSubnet := range hostSubnets.Items {
143+
for _, egressCIDR := range hostSubnet.EgressCIDRs {
144+
networks = append(networks, string(egressCIDR))
145+
}
146+
}
147+
131148
// we're sorting by subnet lengths, if they are the same, we use subnet itself
132149
utils.SortAndRemoveDuplicates(&networks, func(i, j int) bool {
133150
if !strings.Contains(networks[i], "/") || !strings.Contains(networks[j], "/") {
@@ -162,7 +179,12 @@ func NewAnonymizerFromConfig(
162179
return nil, err
163180
}
164181

165-
return NewAnonymizerFromConfigClient(ctx, kubeClient, configClient)
182+
networkClient, err := networkv1client.NewForConfig(kubeConfig)
183+
if err != nil {
184+
return nil, err
185+
}
186+
187+
return NewAnonymizerFromConfigClient(ctx, kubeClient, configClient, networkClient)
166188
}
167189

168190
// AnonymizeMemoryRecord takes record.MemoryRecord, removes the sensitive data from it and returns the same object

0 commit comments

Comments
 (0)