fdf8b739f1
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
Review 原本 MVP 只掃 pods (39 assets) 盲點,本次擴充:
新增資源類型掃描:
- nodes (asset_type='host') — 實體主機
- deployments/statefulsets/daemonsets (asset_type='k8s_workload')
- services (asset_type='k8s_resource')
- configmaps (asset_type='k8s_resource')
跳過 secrets (awoooi-executor RBAC 禁止 list,正確設計)
新增 asset_relationship 自動建立:
- Pod → Deployment/StatefulSet/DaemonSet (depends_on, via ownerReferences)
- Service → Pod (routes_to, via spec.selector 匹配 Pod.labels)
- Pod → ConfigMap (depends_on, via spec.volumes[].configMap.name)
用 ON CONFLICT (from/to/type) DO UPDATE last_verified_at 保持 idempotent
新增 _fetch_kubectl_json helper (nodes 不帶 --all-namespaces)
新增 _build_{pod,workload,service,node,configmap}_asset 各自 asset 建構器
預期效果 (下次 scan 1h 後或 Pod 重啟時):
- asset_inventory: 39 → 300+ (全集群多種資源)
- asset_relationship: 0 → 數百 (OpenClaw 爆炸半徑計算終於有拓樸)
解鎖下游:
- AI 計算 blast_radius 可查 asset_relationship (之前無資料)
- MASTER §3.3 D3 Declarative Remediation 的 blast_radius_calculator 有真實依賴圖
Refs: ADR-090 §3.3, MASTER §3.1 L6×D1 (8D 感官拓樸)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>