Explore ownership between built-in and custom resources

Question

Explore ownership between built-in and custom resources

danielpacak opened this issue 4 years ago · 5 comments

I do have a custom cluster-scoped resource CISKubeBenchReport that I'm associating with a built-in Node object. However, when I run $ kubectl tree node <node name> I cannot see such relationship displayed.

My objects, stripped out of nonessential properties, look as follows:

apiVersion: v1
kind: Node
metadata:
  name: minikube
  resourceVersion: "1666012"
  selfLink: /api/v1/nodes/minikube
  uid: 5d411e05-920b-4e56-a1c3-44da5bd7f12b

apiVersion: aquasecurity.github.io/v1alpha1
kind: CISKubeBenchReport
metadata:
  name: minikube-1594903596
  ownerReferences:
  - apiVersion: v1
    controller: false
    kind: Node
    name: minikube
    uid: 5d411e05-920b-4e56-a1c3-44da5bd7f12b
  resourceVersion: "1666246"
  selfLink: /apis/aquasecurity.github.io/v1alpha1/ciskubebenchreports/minikube-1594903596
  uid: d0e9598b-9372-4915-a4af-8d1c92710817

$ kubectl tree node minikube
No resources are owned by this object through ownerReferences.

Is there anything that I'm missing in my onwerReferences config or is that kubectl-tree that cannot handle such config?

Answer 1 · 2020-07-16T16:03:38.000Z

It might be because it's cluster-scoped. Gotta check out the code, I don't think we'd have anything explicitly prevents this.

Answer 2 · 2020-07-16T16:05:01.000Z

Actually yeah in query.go we explicitly skip non-namespaced CRDs. I am trying to remember why but there must've been a reason.

Answer 3 · 2020-07-16T18:24:43.000Z

Thanks for checking @ahmetb I'd love to know what was the reason for skipping non-namespaced CRDs. IMO Having them displayed by tree would be very useful.

Answer 4 · 2020-07-16T18:35:41.000Z

See #18 and #22 for context.
Apparently we used to query ALL resources in the cluster.
But now we query only the current namespace. However you should be able to get everything using --all-namespaces.

Answer 5 · 2020-07-16T18:39:29.000Z

Indeed! It works with the -A flag. Awesome @ahmetb . Thank you for a prompt reply and this amazing plugin 💪

$ k tree node minikube -A
NAMESPACE        NAME                                      READY  REASON        AGE
                 Node/minikube                             True   KubeletReady  30d
                 ├─CISKubeBenchReport/minikube-1594737175  -                    2d4h
                 ├─CISKubeBenchReport/minikube-1594903596  -                    5h49m
                 ├─CSINode/minikube                        -                    30d
kube-node-lease  ├─Lease/minikube                          -                    30d
kube-system      ├─Pod/etcd-minikube                       True                 30d
kube-system      ├─Pod/kube-apiserver-minikube             True                 30d
kube-system      ├─Pod/kube-controller-manager-minikube    True                 30d
kube-system      └─Pod/kube-scheduler-minikube             True                 30d