github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/monitor/internal/cni/extractor.go (about) 1 package cnimonitor 2 3 import ( 4 "errors" 5 "fmt" 6 "strings" 7 8 "go.aporeto.io/trireme-lib/common" 9 "go.aporeto.io/trireme-lib/policy" 10 ) 11 12 // KubernetesMetadataExtractor is a systemd based metadata extractor 13 func KubernetesMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error) { 14 15 if event.NS == "" { 16 return nil, errors.New("namespace path is required when using cni") 17 } 18 19 runtimeTags := policy.NewTagStore() 20 for _, tag := range event.Tags { 21 parts := strings.Split(tag, "=") 22 if len(parts) != 2 { 23 return nil, fmt.Errorf("invalid tag: %s", tag) 24 } 25 runtimeTags.AppendKeyValue("@usr:"+parts[0], parts[1]) 26 } 27 28 runtimeIps := policy.ExtendedMap{"bridge": "0.0.0.0/0"} 29 30 return policy.NewPURuntime(event.Name, 1, "", runtimeTags, runtimeIps, common.LinuxProcessPU, nil), nil 31 } 32 33 // DockerMetadataExtractor is a systemd based metadata extractor 34 func DockerMetadataExtractor(event *common.EventInfo) (*policy.PURuntime, error) { 35 36 if event.NS == "" { 37 return nil, errors.New("namespace path is required when using cni") 38 } 39 40 runtimeTags := policy.NewTagStore() 41 for _, tag := range event.Tags { 42 parts := strings.Split(tag, "=") 43 if len(parts) != 2 { 44 return nil, fmt.Errorf("invalid tag: %s", tag) 45 } 46 runtimeTags.AppendKeyValue("@usr:"+parts[0], parts[1]) 47 } 48 49 runtimeIps := policy.ExtendedMap{"bridge": "0.0.0.0/0"} 50 51 return policy.NewPURuntime(event.Name, 0, event.NS, runtimeTags, runtimeIps, common.ContainerPU, nil), nil 52 }