Treat duplicate pod added events as modified in endpoint policy (#1553)

Signed-off-by: Dakota Sullivan <djqballer@outlook.com>
kubearmor · Feb 22, 2024 · 19acf50 · 19acf50
1 parent 94bbda3
commit 19acf50
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go
@@ -829,6 +829,7 @@ func (dm *KubeArmorDaemon) WatchK8sPods() {
 
 				if event.Type == "ADDED" {
 					new := true
+
 					for _, k8spod := range dm.K8sPods {
 						if k8spod.Metadata["namespaceName"] == pod.Metadata["namespaceName"] && k8spod.Metadata["podName"] == pod.Metadata["podName"] {
 							new = false
@@ -837,8 +838,16 @@ func (dm *KubeArmorDaemon) WatchK8sPods() {
 					}
 					if new {
 						dm.K8sPods = append(dm.K8sPods, pod)
+					} else {
+						// Kubernetes can send us 'ADDED' events for a pod we
+						// already know about when our Kubernetes watch request
+						// restarts, so treat that like a 'MODIFIED' event
+						// instead
+						event.Type = "MODIFIED"
 					}
-				} else if event.Type == "MODIFIED" {
+				}
+
+				if event.Type == "MODIFIED" {
 					for idx, k8spod := range dm.K8sPods {
 						if k8spod.Metadata["namespaceName"] == pod.Metadata["namespaceName"] && k8spod.Metadata["podName"] == pod.Metadata["podName"] {
 							dm.K8sPods[idx] = pod