Skip to content

Comments

Add ClusterUID field to RuntimeAlertK8sDetails#602

Merged
slashben merged 1 commit intomainfrom
feature/add-cluster-uid-field
Feb 1, 2026
Merged

Add ClusterUID field to RuntimeAlertK8sDetails#602
slashben merged 1 commit intomainfrom
feature/add-cluster-uid-field

Conversation

@slashben
Copy link
Member

@slashben slashben commented Feb 1, 2026
edited by coderabbitai bot
Loading

Summary

Add a new ClusterUID field to the RuntimeAlertK8sDetails struct to enable runtime alerts to include a stable cluster identifier based on the kube-system namespace UID.

Changes

  • Added ClusterUID string field to RuntimeAlertK8sDetails struct in armotypes/runtimeincidents.go
  • Field uses omitempty to maintain backward compatibility
  • Field will be populated by node-agent and private-node-agent at startup

Motivation

This field provides a stable, unique identifier for Kubernetes clusters that can be used to:

  • Correlate alerts from the same cluster across different time periods
  • Distinguish between alerts from different clusters with the same name
  • Enable better alert aggregation and analysis in the backend

Implementation Details

The ClusterUID will be fetched by agents at startup by reading the UID of the kube-system namespace via the Kubernetes API. If the namespace cannot be accessed (e.g., due to RBAC restrictions or running on non-Kubernetes hosts), the field will be left empty.

Next Steps

After this PR is merged and a new version is released:

  1. node-agent will be updated to fetch and populate this field
  2. private-node-agent will be updated to fetch and populate this field
  3. Helm charts will be updated with necessary RBAC permissions (namespaces get/list)

Testing

No behavior changes in this PR - only a new optional field is added. Existing tests continue to pass.

Summary by CodeRabbit

  • Chores
    • Enhanced runtime alert system to capture cluster identifier information for improved tracking and correlation across environments.

✏️ Tip: You can customize this high-level summary in your review settings.

@slashben
Add ClusterUID field to RuntimeAlertK8sDetails
d99e024 
Add a new ClusterUID field to the RuntimeAlertK8sDetails struct to store
the UID of the kube-system namespace, which provides a stable cluster
identifier. This field will be populated by the node-agent and
private-node-agent at startup by fetching the kube-system namespace UID
from the Kubernetes API.

The field is optional and uses omitempty to maintain backward
compatibility with existing consumers of the API.
Signed-off-by: Ben <ben@armosec.io>
@coderabbitai
Copy link

coderabbitai bot commented Feb 1, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A new public field ClusterUID was added to the RuntimeAlertK8sDetails struct in the armotypes package. The field includes JSON and BSON tags for serialization and deserialization purposes.

Changes

Cohort / File(s) Summary
Data Structure Enhancement
armotypes/runtimeincidents.go		 Added ClusterUID string field to RuntimeAlertK8sDetails struct with json:"clusterUID,omitempty" and bson:"clusterUID,omitempty" tags.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A cluster UID now takes its place,
In runtime alerts, finding its space,
Tags whisper softly through JSON's dance,
With BSON tagging, a structured advance,
Small changes bloom, but oh so bright! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: adding a ClusterUID field to the RuntimeAlertK8sDetails struct.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feature/add-cluster-uid-field

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@slashben slashben merged commit c7901a5 into main Feb 1, 2026
4 checks passed
@slashben slashben deleted the feature/add-cluster-uid-field branch February 1, 2026 05:20
slashben added a commit to kubescape/node-agent that referenced this pull request Feb 1, 2026
@slashben
Implement ClusterUID enrichment for runtime alerts
cb5218f 
This change adds support for enriching runtime alerts with a stable cluster
identifier (ClusterUID) based on the kube-system namespace UID.

Changes:
- Update armoapi-go dependency to v0.0.672 (includes ClusterUID field)
- Add GetClusterUID utility function to fetch kube-system namespace UID
- Update HTTPExporter to accept and store clusterUID
- Update InitExporters to accept clusterUID parameter
- Populate ClusterUID in createRuleAlert and createMalwareAlert
- Fetch ClusterUID at agent startup in main.go

The ClusterUID is fetched once at startup and passed to all exporters. If
the kube-system namespace cannot be accessed (e.g., RBAC restrictions), a
warning is logged and the field remains empty, allowing the agent to
continue operating normally.

Related PR: armosec/armoapi-go#602
Signed-off-by: Ben <ben@armosec.io>
@slashben slashben mentioned this pull request Feb 1, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@slashben