update deployment package to use init container #108
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: daemon1024 <[email protected]>
seswarrajan
approved these changes
Jul 26, 2022
s1ntaxe770r
added a commit
to s1ntaxe770r/kubearmor-client
that referenced
this pull request
Aug 18, 2022
Signed-off-by: Jubril Oyetunji <[email protected]> use application as default for insight and discover Signed-off-by: Jubril Oyetunji <[email protected]> switch to class in options struct Signed-off-by: Jubril Oyetunji <[email protected]> fix typo Signed-off-by: Jubril Oyetunji <[email protected]> change error handling conditions Signed-off-by: Jubril Oyetunji <[email protected]> change field names to ruletype Signed-off-by: Jubril Oyetunji <[email protected]> change field names to ruletype Signed-off-by: Jubril Oyetunji <[email protected]> fix typo Signed-off-by: Jubril Oyetunji <[email protected]> change error handling conditions Signed-off-by: Jubril Oyetunji <[email protected]> change field names to ruletype Signed-off-by: Jubril Oyetunji <[email protected]> check for insight igned-off-by: Jubril Oyetunji <[email protected]> change field names to ruletype Signed-off-by: Jubril Oyetunji <[email protected]> change field names to ruletype Signed-off-by: Jubril Oyetunji <[email protected]> add example rule types Signed-off-by: Jubril Oyetunji <[email protected]> update policy packages to install updated CRDs Signed-off-by: daemon1024 <[email protected]> feat: add selector flag to logs Signed-off-by: slayer321 <[email protected]> configure audit posture during installation Signed-off-by: daemon1024 <[email protected]> updated deployment to get kubearmor hostname fix Ref: kubearmor/KubeArmor#736 Signed-off-by: Rahul Jadhav <[email protected]> add controller installation to karmor (kubearmor#65) Support input files that contain multiple VM host/network policies (kubearmor#83) Signed-off-by: Wazir Ahmed <[email protected]> Synched with /vmlist response format changes in kvm-service (kubearmor#82) Signed-off-by: Wazir Ahmed <[email protected]> Upgrade go.mo/go.sum to support latest version of discovery-engine Signed-off-by: Eswar Rajan Subramanian <[email protected]> added selfupdate support `karmor selfupdate` to auto update karmor to latest one Signed-off-by: Rahul Jadhav <[email protected]> added support for --force `--force` will remove all kubearmor annotations from all the deployments. Signed-off-by: Rahul Jadhav <[email protected]> updates to go.mod/sum Signed-off-by: Rahul Jadhav <[email protected]> releaser update Signed-off-by: Rahul Jadhav <[email protected]> updated README Signed-off-by: Rahul Jadhav <[email protected]> event channel support External tools might want to handle events as and when they arrive. Currently, karmor simply prints the events to stdout. Now the API is added support to export the events on a channel to external tool. Needed this for kubearmor auto test framework. Signed-off-by: Rahul Jadhav <[email protected]> added unit-tests in CI Signed-off-by: Rahul Jadhav <[email protected]> refactored description removed unnecessary text. install: autodetect bottlerocket env Signed-off-by: daemon1024 <[email protected]> log: refactor telemetry helper - handle alert and logs in same helper - future proof output for telemetry events fields - modify tests to demo suggested usage Signed-off-by: daemon1024 <[email protected]> changed the EventChan exported data; fixed lints Signed-off-by: Rahul Jadhav <[email protected]> sysdump issue fixes * gets apparmor profiles from all kubearmor pods * if the exec to kubearmor pod fails, handle the failure graciously and get other information Closes: kubearmor#95 Signed-off-by: Rahul Jadhav <[email protected]> sysdump output file * certain platforms do not allow colons to be part of filename (faced problem on GH action while uploading artifacts) * ability to explicitly specify output file name Signed-off-by: Rahul Jadhav <[email protected]> ignore err if kubearmor daemonset not found using `karmor sysdump` in the context of dev env causes problem since kubearmor is not running in daemonset mode. Signed-off-by: Rahul Jadhav <[email protected]> Add cri-o in environment for karmor (kubearmor#98) update deployment package to use init container (kubearmor#108) update deployment package to fix generic env installation Signed-off-by: daemon1024 <[email protected]> install: Add flag to just save manifest and not install New flag to save the KubeArmor Manifest file for the cluster env without installing Also fixed panic when Nodes aren't available for environment detection Signed-off-by: daemon1024 <[email protected]> sysdump even if kubearmor pods are not found currently, the sysdump expects the kubearmor daemon + pods to be mandatorily present in the k8s. If not present, the sysdump errors out and no zip file is produced. karmor sysdump could also be used in cases where the user might just want to provide the snapshot of current k8s cluster on which they intend to deploy kubearmor. Similarly, sysdump is used in the context where kubearmor might be used in host process mode (for e.g, dev env). Signed-off-by: Rahul Jadhav <[email protected]> check if key value exists in map Signed-off-by: rk <[email protected]> Added progression bar, Added time wait status check for all kubearmor-app pods, Added execution time counter, Added cursor animation, Added emojis. Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Barun Acharya <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Done changes Changes proposed were made Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> create probe utility, probe host for observability/audit Signed-off-by: essietom <[email protected]> squash all commits for karmor probe utility rename methods properly Signed-off-by: essietom <[email protected]> check supported enforcement for host Signed-off-by: essietom <[email protected]> correct print output Signed-off-by: essietom <[email protected]> rrefactor code to remove redundancy Signed-off-by: essietom <[email protected]> format text output Signed-off-by: essietom <[email protected]> check node observability support Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> remove non probe commits Signed-off-by: essietom <[email protected]> probe deployment Signed-off-by: essietom <[email protected]> handle error from bold text Signed-off-by: essietom <[email protected]> refactor code, check bpf support in lsm, check lib module in kernel header Signed-off-by: essietom <[email protected]> format code fix indentation Signed-off-by: essietom <[email protected]> add licence identifier Signed-off-by: essietom <[email protected]> ci: check if any files are unformatted gofmt doesn't error it incase files are unformatted so we manually check if the output filelist contains any files or not Signed-off-by: daemon1024 <[email protected]> chore: handle fmt and linter error/warnings Signed-off-by: daemon1024 <[email protected]> uninstall: uninstall CRD only if force option is used Signed-off-by: daemon1024 <[email protected]> Add info emoji when resource already exists Signed-off-by: daemon1024 <[email protected]> add support for handling un-orchestrated containers Signed-off-by: Ankur Kothiwal <[email protected]> fix sysname error and os probe support Signed-off-by: essietom <[email protected]> remove redundant space Signed-off-by: essietom <[email protected]> put back comment Signed-off-by: essietom <[email protected]> put comment Signed-off-by: essietom <[email protected]> fix animation flag revert animation flag removal in introduced kubearmor#120 Signed-off-by: daemon1024 <[email protected]>
nthnieljson
pushed a commit
to nthnieljson/kubearmor-client
that referenced
this pull request
Oct 7, 2022
Signed-off-by: Nathaniel Jason <[email protected]> minor fix code sequence Signed-off-by: Nathaniel Jason <[email protected]> initial feature for observe command Network Insight support for discovery-engine (kubearmor#63) * Network insight support Signed-off-by: Eswar Rajan Subramanian <[email protected]> update kubearmor protobuf Signed-off-by: daemon1024 <[email protected]> Fix for json and yaml formatting (kubearmor#67) Signed-off-by: Eswar Rajan Subramanian <[email protected]> add limit flag Signed-off-by: slayer321 <[email protected]> Remove empty type for json and yaml format (kubearmor#68) Signed-off-by: Eswar Rajan Subramanian <[email protected]> Add labels to alerts/logs (kubearmor#69) Signed-off-by: Eswar Rajan Subramanian <[email protected]> update policy packages to install updated CRDs Signed-off-by: daemon1024 <[email protected]> feat: add selector flag to logs Signed-off-by: slayer321 <[email protected]> configure audit posture during installation Signed-off-by: daemon1024 <[email protected]> updated deployment to get kubearmor hostname fix Ref: kubearmor/KubeArmor#736 Signed-off-by: Rahul Jadhav <[email protected]> add controller installation to karmor (kubearmor#65) Support input files that contain multiple VM host/network policies (kubearmor#83) Signed-off-by: Wazir Ahmed <[email protected]> Synched with /vmlist response format changes in kvm-service (kubearmor#82) Signed-off-by: Wazir Ahmed <[email protected]> Upgrade go.mo/go.sum to support latest version of discovery-engine Signed-off-by: Eswar Rajan Subramanian <[email protected]> added selfupdate support `karmor selfupdate` to auto update karmor to latest one Signed-off-by: Rahul Jadhav <[email protected]> added support for --force `--force` will remove all kubearmor annotations from all the deployments. Signed-off-by: Rahul Jadhav <[email protected]> updates to go.mod/sum Signed-off-by: Rahul Jadhav <[email protected]> releaser update Signed-off-by: Rahul Jadhav <[email protected]> updated README Signed-off-by: Rahul Jadhav <[email protected]> event channel support External tools might want to handle events as and when they arrive. Currently, karmor simply prints the events to stdout. Now the API is added support to export the events on a channel to external tool. Needed this for kubearmor auto test framework. Signed-off-by: Rahul Jadhav <[email protected]> added unit-tests in CI Signed-off-by: Rahul Jadhav <[email protected]> refactored description removed unnecessary text. install: autodetect bottlerocket env Signed-off-by: daemon1024 <[email protected]> log: refactor telemetry helper - handle alert and logs in same helper - future proof output for telemetry events fields - modify tests to demo suggested usage Signed-off-by: daemon1024 <[email protected]> changed the EventChan exported data; fixed lints Signed-off-by: Rahul Jadhav <[email protected]> sysdump issue fixes * gets apparmor profiles from all kubearmor pods * if the exec to kubearmor pod fails, handle the failure graciously and get other information Closes: kubearmor#95 Signed-off-by: Rahul Jadhav <[email protected]> sysdump output file * certain platforms do not allow colons to be part of filename (faced problem on GH action while uploading artifacts) * ability to explicitly specify output file name Signed-off-by: Rahul Jadhav <[email protected]> ignore err if kubearmor daemonset not found using `karmor sysdump` in the context of dev env causes problem since kubearmor is not running in daemonset mode. Signed-off-by: Rahul Jadhav <[email protected]> Add cri-o in environment for karmor (kubearmor#98) add observe alert command Signed-off-by: Nathaniel Jason <[email protected]> add help message for invalid key on custom columns Signed-off-by: Nathaniel Jason <[email protected]> add filter on listen alerts Signed-off-by: Nathaniel Jason <[email protected]> fix timestamp formatting on observe telemetry Signed-off-by: Nathaniel Jason <[email protected]> update deployment package to use init container (kubearmor#108) update deployment package to fix generic env installation Signed-off-by: daemon1024 <[email protected]> install: Add flag to just save manifest and not install New flag to save the KubeArmor Manifest file for the cluster env without installing Also fixed panic when Nodes aren't available for environment detection Signed-off-by: daemon1024 <[email protected]> sysdump even if kubearmor pods are not found currently, the sysdump expects the kubearmor daemon + pods to be mandatorily present in the k8s. If not present, the sysdump errors out and no zip file is produced. karmor sysdump could also be used in cases where the user might just want to provide the snapshot of current k8s cluster on which they intend to deploy kubearmor. Similarly, sysdump is used in the context where kubearmor might be used in host process mode (for e.g, dev env). Signed-off-by: Rahul Jadhav <[email protected]> check if key value exists in map Signed-off-by: rk <[email protected]> Added progression bar, Added time wait status check for all kubearmor-app pods, Added execution time counter, Added cursor animation, Added emojis. Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Barun Acharya <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Done changes Changes proposed were made Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> create probe utility, probe host for observability/audit Signed-off-by: essietom <[email protected]> squash all commits for karmor probe utility rename methods properly Signed-off-by: essietom <[email protected]> check supported enforcement for host Signed-off-by: essietom <[email protected]> correct print output Signed-off-by: essietom <[email protected]> rrefactor code to remove redundancy Signed-off-by: essietom <[email protected]> format text output Signed-off-by: essietom <[email protected]> check node observability support Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> remove non probe commits Signed-off-by: essietom <[email protected]> probe deployment Signed-off-by: essietom <[email protected]> handle error from bold text Signed-off-by: essietom <[email protected]> refactor code, check bpf support in lsm, check lib module in kernel header Signed-off-by: essietom <[email protected]> format code fix indentation Signed-off-by: essietom <[email protected]> add licence identifier Signed-off-by: essietom <[email protected]> ci: check if any files are unformatted gofmt doesn't error it incase files are unformatted so we manually check if the output filelist contains any files or not Signed-off-by: daemon1024 <[email protected]> chore: handle fmt and linter error/warnings Signed-off-by: daemon1024 <[email protected]> uninstall: uninstall CRD only if force option is used Signed-off-by: daemon1024 <[email protected]> Add info emoji when resource already exists Signed-off-by: daemon1024 <[email protected]> add support for handling un-orchestrated containers Signed-off-by: Ankur Kothiwal <[email protected]> fix sysname error and os probe support Signed-off-by: essietom <[email protected]> remove redundant space Signed-off-by: essietom <[email protected]> put back comment Signed-off-by: essietom <[email protected]> put comment Signed-off-by: essietom <[email protected]> fix animation flag revert animation flag removal in introduced kubearmor#120 Signed-off-by: daemon1024 <[email protected]> policy recommend option for karmor Signed-off-by: Rahul Jadhav <[email protected]> report handling in text format Signed-off-by: Rahul Jadhav <[email protected]> fix: blank policy check Signed-off-by: slayer321 <[email protected]> remove extra spaces during karmor install Signed-off-by: Anurag <[email protected]> Configure Renovate (kubearmor#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rudraksh Pareek <[email protected]> update go modules Signed-off-by: Ankur Kothiwal <[email protected]> Enable system summary in karmor Signed-off-by: Eswar Rajan Subramanian <[email protected]> Update cmd/summary.go Co-authored-by: Rahul Jadhav <[email protected]> fix package version (kubearmor#153) Signed-off-by: achref ben saad <[email protected]> Signed-off-by: achref ben saad <[email protected]> probe when kubearmor is running Signed-off-by: essietom <[email protected]> remove ioutil Signed-off-by: Esther Adenekan <[email protected]> fix go sec and fmt error Signed-off-by: Esther Adenekan <[email protected]> fix go sec error Signed-off-by: Esther Adenekan <[email protected]> fix go sec error Signed-off-by: Esther Adenekan <[email protected]> add karmor probe description to readme Signed-off-by: Esther Adenekan <[email protected]> update karmor probe description in cmd Signed-off-by: Esther Adenekan <[email protected]> get policy for each annotated pod, output active lsm Signed-off-by: Esther Adenekan <[email protected]> get active lsm only Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and run go mod tidy Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> handle error Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and handle error Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and handle error Signed-off-by: Esther Adenekan <[email protected]> get container and host default posture Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> fix formatting Signed-off-by: Esther Adenekan <[email protected]> leverage table for printing output Signed-off-by: Esther Adenekan <[email protected]> format space and handle error Signed-off-by: Esther Adenekan <[email protected]> leverage table for formating output Signed-off-by: Esther Adenekan <[email protected]> add detailed description in probe help Signed-off-by: Esther Adenekan <[email protected]> format help info Signed-off-by: Esther Adenekan <[email protected]> format text Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> fix typo errors and refactor code Signed-off-by: Esther Adenekan <[email protected]> refactor get container method Signed-off-by: Esther Adenekan <[email protected]> group annotated pods by policies and also print annotated pods without policy Signed-off-by: Esther Adenekan <[email protected]> resolve merge conflict Signed-off-by: Esther Adenekan <[email protected]> remove redundant return Signed-off-by: Esther Adenekan <[email protected]> resolve conflict Signed-off-by: Esther Adenekan <[email protected]> fix formatting Signed-off-by: Esther Adenekan <[email protected]> Update karmor recommend command - Added condition to check if at least an image is passed as an argument. - If no images are passed, a proper error message is shown in the terminal. Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Co-authored-by: Barun Acharya <[email protected]> fix formatting error in karmor probe Signed-off-by: Esther Adenekan <[email protected]> format table Signed-off-by: Esther Adenekan <[email protected]> format spaces Signed-off-by: Esther Adenekan <[email protected]> format table Signed-off-by: Esther Adenekan <[email protected]> remove redundant else statement Signed-off-by: Esther Adenekan <[email protected]> Update karmor recommend command with user labels - Added use-labels flag to input labels for policy - Updated the Options struct to include Uselabels field - Updated policy logic to include ownerOnly flag if its enabled in Rules.json - Updated policy logic to include user defined labels - Removing lint warnings Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> recommend: Removed hardcoded recursive flag from policy generation Signed-off-by: Wazir Ahmed <[email protected]> recommend: Converted rules spec file to YAML format Signed-off-by: Wazir Ahmed <[email protected]> fix(deps): update github.com/kubearmor/kubearmor/deployments digest to 23f39cf Fixed broken link in README (kubearmor#164) Signed-off-by: Kanha Kesarwani <[email protected]> Update karmor recommend command to include namespace - Added use-namespace flag to input namespace - Change policy name from default to container specific [ [NAMESPACE-]CONTAINERIMGNAME-POLICY-NAME ] Addresses: kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Update recommend/policy.go: Changed condition to check for non-empty namespace string Co-authored-by: Wazir Ahmed <[email protected]> Update cmd/recommend.go: remove shorthand flags for labels and namespace recommend: Added processRule support Signed-off-by: Wazir Ahmed <[email protected]> recommend: Added examples for processRule Signed-off-by: Wazir Ahmed <[email protected]> probe: update kernel header check - We now check for either BTF Information or Kernel Headers. - recreate the daemonset without relevant mounts if error while mounting kernel headers probe - refactored exec into pod logic Signed-off-by: daemon1024 <[email protected]> Update karmor recommend with network rules - Added networkRule struct - Added function to create network rules - Updated checkPreconditions function to remove static check warning Addresses: kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Added CLI options for kubeconfig file and context Signed-off-by: Wazir Ahmed <[email protected]> Add filter RequestType for process/file/nw summary (kubearmor#169) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend: Support for k8s manifest - Fetch deployments from k8s based on given namespace & labels - Get the images used by the deployment - Generate policy for each image based on rules.yaml Signed-off-by: Wazir Ahmed <[email protected]> Enable aggregation in kubearmor summary (kubearmor#171) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend: Handle image names with sha256 digests Fixes kubearmor#174 Signed-off-by: Wazir Ahmed <[email protected]> Display PodInfo in table format (kubearmor#178) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend runtime policy using karmor - Added the ability to query the discovery engine to get summary details - Added the ability to create dynamic policy based on k8s service account access data from the discovery engine - Added support for the creation of a single policy with multiple rules - Optimised the function to include details of generated policies on the report file Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Modify Incoming/Outgoing display string to Ingress/Egress in summary Signed-off-by: Eswar Rajan Subramanian <[email protected]> karmor recommend: handling policy-templates - Updated `policy recommend` with `--update` flag - Added functions to check for new policy-template releases - Added functions to generate rules.yaml from metadata.yaml in policy-templates - Updated policy creation logic will select embeded rules.yaml if it cannot generate rules.yaml from policy-templates - Updated rules structure to include policy-template policies - Updated runtime policy generation logic - added ability to continue generate policies from rules.yaml even if runtime policy generation fails - Included `and operation` on preconditions while creating policy - Updated code to use existing rules.yaml if user doesnt want to downlaod policy-templates Fixes: kubearmor#176 Signed-off-by: vishnusomank <[email protected]> karmor recommend: policy-template fix - Added option to show latest version on policy-template update warning - Updated logic to create runtime policy to block access to serviceaccount Signed-off-by: vishnusomank <[email protected]> `karmor recommend` enhancement and bug fix - Updated table writer summary with policy-template version and output directory path - Removed relative policy path from table writer to avoid clutter - Performance improvement in policy recommendation - Added metadata for runtime serviceaccount access policies Fixes: kubearmor#186 kubearmor#187 Signed-off-by: vishnusomank <[email protected]> Adding count/updatedTime for kubearmor ingress/egress Signed-off-by: Eswar Rajan Subramanian <[email protected]> revert changes Signed-off-by: Nathaniel Jason <[email protected]> improve help message for observe command Signed-off-by: Nathaniel Jason <[email protected]> improve observe command network error handling Signed-off-by: Nathaniel Jason <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref kubearmor/KubeArmor#677