Handle container not found (#398)

charts/kvisor/templates/agent.yaml

@@ -246,16 +246,18 @@ subjects:
     name: {{ include "kvisor.agent.serviceAccountName" . }}
     namespace: {{.Release.Namespace}}
 ---
+{{ if not (empty .Values.agent.priorityClass) }}
 apiVersion: v1
 kind: ResourceQuota
 metadata:
-    name: castai-agent-node-critical-pods
+    name: {{ include "kvisor.agent.fullname" . }}-critical-pods
     namespace: {{ .Release.Namespace }}
 spec:
     scopeSelector:
         matchExpressions:
             - operator: In
               scopeName: PriorityClass
               values:
-                - system-node-critical
+                - {{ .Values.agent.priorityClass }}
+{{- end }}
 {{- end }}

charts/kvisor/templates/controller.yaml

@@ -308,3 +308,18 @@ spec:
   selector:
     {{- include "kvisor.controller.selectorLabels" . | nindent 6 }}
   type: ClusterIP
+---
+{{ if not (empty .Values.controller.priorityClass) }}
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: {{ include "kvisor.controller.fullname" . }}-critical-pods
+  namespace: {{ .Release.Namespace }}
+spec:
+  scopeSelector:
+    matchExpressions:
+      - operator: In
+        scopeName: PriorityClass
+        values:
+          - {{ .Values.controller.priorityClass }}
+{{- end }}

charts/kvisor/values.yaml

@@ -149,8 +149,8 @@ controller:
 
   podAnnotations: {}
 
-  # Allow to set priority class like system-node-critical.
-  priorityClass: ""
+  # Allow to set priority class like system-cluster-critical.
+  priorityClass: "system-cluster-critical"
 
   # TODO(Kvisord): Add default strict security context for all components.
   securityContext:

cmd/agent/daemon/state/netflow_pipeline.go

@@ -3,12 +3,14 @@ package state
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"net/netip"
 	"time"
 
 	kubepb "github.com/castai/kvisor/api/v1/kube"
 	castpb "github.com/castai/kvisor/api/v1/runtime"
+	"github.com/castai/kvisor/pkg/containers"
 	"github.com/castai/kvisor/pkg/ebpftracer"
 	"github.com/castai/kvisor/pkg/ebpftracer/types"
 	"github.com/castai/kvisor/pkg/metrics"
@@ -116,18 +118,10 @@ func (c *Controller) enqueueNetworkSummayExport(ctx context.Context, summary map
 }
 
 func (c *Controller) toNetflow(ctx context.Context, key ebpftracer.TrafficKey, t time.Time) (*castpb.Netflow, error) {
-	container, err := c.containersClient.GetContainerForCgroup(ctx, key.ProcessIdentity.CgroupId)
-	if err != nil {
-		return nil, err
-	}
-
 	res := &castpb.Netflow{
-		Timestamp:     uint64(t.UnixNano()), // nolint:gosec
-		ProcessName:   string(bytes.SplitN(key.ProcessIdentity.Comm[:], []byte{0}, 2)[0]),
-		Namespace:     container.PodNamespace,
-		PodName:       container.PodName,
-		ContainerName: container.Name,
-		Protocol:      toProtoProtocol(key.Proto),
+		Timestamp:   uint64(t.UnixNano()), // nolint:gosec
+		ProcessName: string(bytes.SplitN(key.ProcessIdentity.Comm[:], []byte{0}, 2)[0]),
+		Protocol:    toProtoProtocol(key.Proto),
 		// TODO(patrick.pichler): only set local port if it is the listening port. ephemeral ports
 		// are not that interesting and  generate a lot of additional data.
 		// The main problem right is to figure out which port is the ephemeral and which the listening
@@ -143,12 +137,23 @@ func (c *Controller) toNetflow(ctx context.Context, key ebpftracer.TrafficKey, t
 		res.Addr = key.Tuple.Saddr.Raw[:]
 	}
 
-	ipInfo, found := c.getPodInfo(container.PodUID)
-	if found {
-		res.WorkloadName = ipInfo.WorkloadName
-		res.WorkloadKind = ipInfo.WorkloadKind
-		res.Zone = ipInfo.Zone
-		res.NodeName = ipInfo.NodeName
+	container, err := c.containersClient.GetContainerForCgroup(ctx, key.ProcessIdentity.CgroupId)
+	if err != nil && !errors.Is(err, containers.ErrContainerNotFound) {
+		return nil, err
+	}
+
+	if container != nil {
+		res.Namespace = container.PodNamespace
+		res.PodName = container.PodName
+		res.ContainerName = container.Name
+
+		ipInfo, found := c.getPodInfo(container.PodUID)
+		if found {
+			res.WorkloadName = ipInfo.WorkloadName
+			res.WorkloadKind = ipInfo.WorkloadKind
+			res.Zone = ipInfo.Zone
+			res.NodeName = ipInfo.NodeName
+		}
 	}
 
 	return res, nil