implement observe telemetry and alert command

Signed-off-by: Nathaniel Jason <[email protected]> minor fix code sequence Signed-off-by: Nathaniel Jason <[email protected]> initial feature for observe command Network Insight support for discovery-engine (kubearmor#63) * Network insight support Signed-off-by: Eswar Rajan Subramanian <[email protected]> update kubearmor protobuf Signed-off-by: daemon1024 <[email protected]> Fix for json and yaml formatting (kubearmor#67) Signed-off-by: Eswar Rajan Subramanian <[email protected]> add limit flag Signed-off-by: slayer321 <[email protected]> Remove empty type for json and yaml format (kubearmor#68) Signed-off-by: Eswar Rajan Subramanian <[email protected]> Add labels to alerts/logs (kubearmor#69) Signed-off-by: Eswar Rajan Subramanian <[email protected]> update policy packages to install updated CRDs Signed-off-by: daemon1024 <[email protected]> feat: add selector flag to logs Signed-off-by: slayer321 <[email protected]> configure audit posture during installation Signed-off-by: daemon1024 <[email protected]> updated deployment to get kubearmor hostname fix Ref: kubearmor/KubeArmor#736 Signed-off-by: Rahul Jadhav <[email protected]> add controller installation to karmor (kubearmor#65) Support input files that contain multiple VM host/network policies (kubearmor#83) Signed-off-by: Wazir Ahmed <[email protected]> Synched with /vmlist response format changes in kvm-service (kubearmor#82) Signed-off-by: Wazir Ahmed <[email protected]> Upgrade go.mo/go.sum to support latest version of discovery-engine Signed-off-by: Eswar Rajan Subramanian <[email protected]> added selfupdate support `karmor selfupdate` to auto update karmor to latest one Signed-off-by: Rahul Jadhav <[email protected]> added support for --force `--force` will remove all kubearmor annotations from all the deployments. Signed-off-by: Rahul Jadhav <[email protected]> updates to go.mod/sum Signed-off-by: Rahul Jadhav <[email protected]> releaser update Signed-off-by: Rahul Jadhav <[email protected]> updated README Signed-off-by: Rahul Jadhav <[email protected]> event channel support External tools might want to handle events as and when they arrive. Currently, karmor simply prints the events to stdout. Now the API is added support to export the events on a channel to external tool. Needed this for kubearmor auto test framework. Signed-off-by: Rahul Jadhav <[email protected]> added unit-tests in CI Signed-off-by: Rahul Jadhav <[email protected]> refactored description removed unnecessary text. install: autodetect bottlerocket env Signed-off-by: daemon1024 <[email protected]> log: refactor telemetry helper - handle alert and logs in same helper - future proof output for telemetry events fields - modify tests to demo suggested usage Signed-off-by: daemon1024 <[email protected]> changed the EventChan exported data; fixed lints Signed-off-by: Rahul Jadhav <[email protected]> sysdump issue fixes * gets apparmor profiles from all kubearmor pods * if the exec to kubearmor pod fails, handle the failure graciously and get other information Closes: kubearmor#95 Signed-off-by: Rahul Jadhav <[email protected]> sysdump output file * certain platforms do not allow colons to be part of filename (faced problem on GH action while uploading artifacts) * ability to explicitly specify output file name Signed-off-by: Rahul Jadhav <[email protected]> ignore err if kubearmor daemonset not found using `karmor sysdump` in the context of dev env causes problem since kubearmor is not running in daemonset mode. Signed-off-by: Rahul Jadhav <[email protected]> Add cri-o in environment for karmor (kubearmor#98) add observe alert command Signed-off-by: Nathaniel Jason <[email protected]> add help message for invalid key on custom columns Signed-off-by: Nathaniel Jason <[email protected]> add filter on listen alerts Signed-off-by: Nathaniel Jason <[email protected]> fix timestamp formatting on observe telemetry Signed-off-by: Nathaniel Jason <[email protected]> update deployment package to use init container (kubearmor#108) update deployment package to fix generic env installation Signed-off-by: daemon1024 <[email protected]> install: Add flag to just save manifest and not install New flag to save the KubeArmor Manifest file for the cluster env without installing Also fixed panic when Nodes aren't available for environment detection Signed-off-by: daemon1024 <[email protected]> sysdump even if kubearmor pods are not found currently, the sysdump expects the kubearmor daemon + pods to be mandatorily present in the k8s. If not present, the sysdump errors out and no zip file is produced. karmor sysdump could also be used in cases where the user might just want to provide the snapshot of current k8s cluster on which they intend to deploy kubearmor. Similarly, sysdump is used in the context where kubearmor might be used in host process mode (for e.g, dev env). Signed-off-by: Rahul Jadhav <[email protected]> check if key value exists in map Signed-off-by: rk <[email protected]> Added progression bar, Added time wait status check for all kubearmor-app pods, Added execution time counter, Added cursor animation, Added emojis. Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Barun Acharya <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> Done changes Changes proposed were made Update install/install.go Co-authored-by: Rahul Jadhav <[email protected]> create probe utility, probe host for observability/audit Signed-off-by: essietom <[email protected]> squash all commits for karmor probe utility rename methods properly Signed-off-by: essietom <[email protected]> check supported enforcement for host Signed-off-by: essietom <[email protected]> correct print output Signed-off-by: essietom <[email protected]> rrefactor code to remove redundancy Signed-off-by: essietom <[email protected]> format text output Signed-off-by: essietom <[email protected]> check node observability support Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> refactor code Signed-off-by: essietom <[email protected]> remove non probe commits Signed-off-by: essietom <[email protected]> probe deployment Signed-off-by: essietom <[email protected]> handle error from bold text Signed-off-by: essietom <[email protected]> refactor code, check bpf support in lsm, check lib module in kernel header Signed-off-by: essietom <[email protected]> format code fix indentation Signed-off-by: essietom <[email protected]> add licence identifier Signed-off-by: essietom <[email protected]> ci: check if any files are unformatted gofmt doesn't error it incase files are unformatted so we manually check if the output filelist contains any files or not Signed-off-by: daemon1024 <[email protected]> chore: handle fmt and linter error/warnings Signed-off-by: daemon1024 <[email protected]> uninstall: uninstall CRD only if force option is used Signed-off-by: daemon1024 <[email protected]> Add info emoji when resource already exists Signed-off-by: daemon1024 <[email protected]> add support for handling un-orchestrated containers Signed-off-by: Ankur Kothiwal <[email protected]> fix sysname error and os probe support Signed-off-by: essietom <[email protected]> remove redundant space Signed-off-by: essietom <[email protected]> put back comment Signed-off-by: essietom <[email protected]> put comment Signed-off-by: essietom <[email protected]> fix animation flag revert animation flag removal in introduced kubearmor#120 Signed-off-by: daemon1024 <[email protected]> policy recommend option for karmor Signed-off-by: Rahul Jadhav <[email protected]> report handling in text format Signed-off-by: Rahul Jadhav <[email protected]> fix: blank policy check Signed-off-by: slayer321 <[email protected]> remove extra spaces during karmor install Signed-off-by: Anurag <[email protected]> Configure Renovate (kubearmor#127) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rudraksh Pareek <[email protected]> update go modules Signed-off-by: Ankur Kothiwal <[email protected]> Enable system summary in karmor Signed-off-by: Eswar Rajan Subramanian <[email protected]> Update cmd/summary.go Co-authored-by: Rahul Jadhav <[email protected]> fix package version (kubearmor#153) Signed-off-by: achref ben saad <[email protected]> Signed-off-by: achref ben saad <[email protected]> probe when kubearmor is running Signed-off-by: essietom <[email protected]> remove ioutil Signed-off-by: Esther Adenekan <[email protected]> fix go sec and fmt error Signed-off-by: Esther Adenekan <[email protected]> fix go sec error Signed-off-by: Esther Adenekan <[email protected]> fix go sec error Signed-off-by: Esther Adenekan <[email protected]> add karmor probe description to readme Signed-off-by: Esther Adenekan <[email protected]> update karmor probe description in cmd Signed-off-by: Esther Adenekan <[email protected]> get policy for each annotated pod, output active lsm Signed-off-by: Esther Adenekan <[email protected]> get active lsm only Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and run go mod tidy Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> handle error Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and handle error Signed-off-by: Esther Adenekan <[email protected]> fix fmt error and handle error Signed-off-by: Esther Adenekan <[email protected]> get container and host default posture Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> fix formatting Signed-off-by: Esther Adenekan <[email protected]> leverage table for printing output Signed-off-by: Esther Adenekan <[email protected]> format space and handle error Signed-off-by: Esther Adenekan <[email protected]> leverage table for formating output Signed-off-by: Esther Adenekan <[email protected]> add detailed description in probe help Signed-off-by: Esther Adenekan <[email protected]> format help info Signed-off-by: Esther Adenekan <[email protected]> format text Signed-off-by: Esther Adenekan <[email protected]> fix fmt error Signed-off-by: Esther Adenekan <[email protected]> fix typo errors and refactor code Signed-off-by: Esther Adenekan <[email protected]> refactor get container method Signed-off-by: Esther Adenekan <[email protected]> group annotated pods by policies and also print annotated pods without policy Signed-off-by: Esther Adenekan <[email protected]> resolve merge conflict Signed-off-by: Esther Adenekan <[email protected]> remove redundant return Signed-off-by: Esther Adenekan <[email protected]> resolve conflict Signed-off-by: Esther Adenekan <[email protected]> fix formatting Signed-off-by: Esther Adenekan <[email protected]> Update karmor recommend command - Added condition to check if at least an image is passed as an argument. - If no images are passed, a proper error message is shown in the terminal. Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Co-authored-by: Barun Acharya <[email protected]> fix formatting error in karmor probe Signed-off-by: Esther Adenekan <[email protected]> format table Signed-off-by: Esther Adenekan <[email protected]> format spaces Signed-off-by: Esther Adenekan <[email protected]> format table Signed-off-by: Esther Adenekan <[email protected]> remove redundant else statement Signed-off-by: Esther Adenekan <[email protected]> Update karmor recommend command with user labels - Added use-labels flag to input labels for policy - Updated the Options struct to include Uselabels field - Updated policy logic to include ownerOnly flag if its enabled in Rules.json - Updated policy logic to include user defined labels - Removing lint warnings Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> recommend: Removed hardcoded recursive flag from policy generation Signed-off-by: Wazir Ahmed <[email protected]> recommend: Converted rules spec file to YAML format Signed-off-by: Wazir Ahmed <[email protected]> fix(deps): update github.com/kubearmor/kubearmor/deployments digest to 23f39cf Fixed broken link in README (kubearmor#164) Signed-off-by: Kanha Kesarwani <[email protected]> Update karmor recommend command to include namespace - Added use-namespace flag to input namespace - Change policy name from default to container specific [ [NAMESPACE-]CONTAINERIMGNAME-POLICY-NAME ] Addresses: kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Update recommend/policy.go: Changed condition to check for non-empty namespace string Co-authored-by: Wazir Ahmed <[email protected]> Update cmd/recommend.go: remove shorthand flags for labels and namespace recommend: Added processRule support Signed-off-by: Wazir Ahmed <[email protected]> recommend: Added examples for processRule Signed-off-by: Wazir Ahmed <[email protected]> probe: update kernel header check - We now check for either BTF Information or Kernel Headers. - recreate the daemonset without relevant mounts if error while mounting kernel headers probe - refactored exec into pod logic Signed-off-by: daemon1024 <[email protected]> Update karmor recommend with network rules - Added networkRule struct - Added function to create network rules - Updated checkPreconditions function to remove static check warning Addresses: kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Added CLI options for kubeconfig file and context Signed-off-by: Wazir Ahmed <[email protected]> Add filter RequestType for process/file/nw summary (kubearmor#169) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend: Support for k8s manifest - Fetch deployments from k8s based on given namespace & labels - Get the images used by the deployment - Generate policy for each image based on rules.yaml Signed-off-by: Wazir Ahmed <[email protected]> Enable aggregation in kubearmor summary (kubearmor#171) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend: Handle image names with sha256 digests Fixes kubearmor#174 Signed-off-by: Wazir Ahmed <[email protected]> Display PodInfo in table format (kubearmor#178) Signed-off-by: Eswar Rajan Subramanian <[email protected]> recommend runtime policy using karmor - Added the ability to query the discovery engine to get summary details - Added the ability to create dynamic policy based on k8s service account access data from the discovery engine - Added support for the creation of a single policy with multiple rules - Optimised the function to include details of generated policies on the report file Addresses kubearmor#112 (comment) Signed-off-by: vishnusomank <[email protected]> Modify Incoming/Outgoing display string to Ingress/Egress in summary Signed-off-by: Eswar Rajan Subramanian <[email protected]> karmor recommend: handling policy-templates - Updated `policy recommend` with `--update` flag - Added functions to check for new policy-template releases - Added functions to generate rules.yaml from metadata.yaml in policy-templates - Updated policy creation logic will select embeded rules.yaml if it cannot generate rules.yaml from policy-templates - Updated rules structure to include policy-template policies - Updated runtime policy generation logic - added ability to continue generate policies from rules.yaml even if runtime policy generation fails - Included `and operation` on preconditions while creating policy - Updated code to use existing rules.yaml if user doesnt want to downlaod policy-templates Fixes: kubearmor#176 Signed-off-by: vishnusomank <[email protected]> karmor recommend: policy-template fix - Added option to show latest version on policy-template update warning - Updated logic to create runtime policy to block access to serviceaccount Signed-off-by: vishnusomank <[email protected]> `karmor recommend` enhancement and bug fix - Updated table writer summary with policy-template version and output directory path - Removed relative policy path from table writer to avoid clutter - Performance improvement in policy recommendation - Added metadata for runtime serviceaccount access policies Fixes: kubearmor#186 kubearmor#187 Signed-off-by: vishnusomank <[email protected]> Adding count/updatedTime for kubearmor ingress/egress Signed-off-by: Eswar Rajan Subramanian <[email protected]> revert changes Signed-off-by: Nathaniel Jason <[email protected]> improve help message for observe command Signed-off-by: Nathaniel Jason <[email protected]> improve observe command network error handling Signed-off-by: Nathaniel Jason <[email protected]>
nthnieljson · Oct 7, 2022 · df42bb2 · df42bb2
1 parent 9bbd501
commit df42bb2
Show file tree

Hide file tree

Showing 65 changed files with 5,460 additions and 1,016 deletions.
diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml
@@ -56,3 +56,17 @@ jobs:
         uses: morphy2k/revive-action@v2
         with:
           path: "./..."
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+
+      - uses: actions/setup-go@v2
+        with:
+          go-version: v1.18
+
+      - name: Run unit tests
+        run: make test
+
diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,7 @@
 *.dylib
 kubearmor*
 karmor
+out/
 
 # Test binary, built with `go test -c`
 *.test

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -8,6 +8,6 @@ builds:
     goarch:
       - amd64
       - arm64
-    ldflags: -w -s -X github.com/kubearmor/kubearmor-client/version.BuildDate={{.Date}} -X github.com/kubearmor/kubearmor-client/version.GitSummary={{.Version}}
+    ldflags: -w -s -X github.com/kubearmor/kubearmor-client/selfupdate.BuildDate={{.Date}} -X github.com/kubearmor/kubearmor-client/selfupdate.GitSummary={{.Version}}
     env:
       - CGO_ENABLED=0
diff --git a/Makefile b/Makefile
@@ -5,16 +5,20 @@ CURDIR     := $(shell pwd)
 INSTALLDIR := $(shell go env GOPATH)/bin/
 
 ifeq (, $(shell which govvv))
-$(shell go get github.com/ahmetb/govvv@latest)
+$(shell go install github.com/ahmetb/govvv@latest)
 endif
 
-PKG      := $(shell go list ./version)
+PKG      := $(shell go list ./selfupdate)
 GIT_INFO := $(shell govvv -flags -pkg $(PKG))
 
 .PHONY: build
 build:
 	cd $(CURDIR); go mod tidy; CGO_ENABLED=0 go build -ldflags "-w -s ${GIT_INFO}" -o karmor
 
+.PHONY: debug
+debug:
+	cd $(CURDIR); go mod tidy; CGO_ENABLED=0 go build -ldflags "${GIT_INFO}" -o karmor
+
 .PHONY: install
 install: build
 	install -m 0755 karmor $(DESTDIR)$(INSTALLDIR)
@@ -23,13 +27,18 @@ install: build
 clean:
 	cd $(CURDIR); rm -f karmor
 
+.PHONY: test
+test:
+	cd $(CURDIR); go test -v ./...
+
 .PHONY: protobuf
 vm-protobuf:
 	cd $(CURDIR)/vm/protobuf; protoc --proto_path=. --go_opt=paths=source_relative --go_out=plugins=grpc:. vm.proto
 
 .PHONY: gofmt
 gofmt:
 	cd $(CURDIR); gofmt -s -d $(shell find . -type f -name '*.go' -print)
+	cd $(CURDIR); test -z "$(shell gofmt -s -l $(shell find . -type f -name '*.go' -print) | tee /dev/stderr)"
 
 .PHONY: golint
 golint:

diff --git a/README.md b/README.md
@@ -1,28 +1,16 @@
-# kArmor
+# karmor
 
-**kArmor** is a CLI client to help manage [KubeArmor](github.com/kubearmor/KubeArmor).
-
-KubeArmor is a container-aware runtime security enforcement system that
-restricts the behavior (such as process execution, file access, and networking
-operation) of containers at the system level.
+**karmor** is a client tool to help manage [KubeArmor](https://github.com/kubearmor/KubeArmor).
 
 ## Installation
 
-The following sections show how to install the kArmor. It can be installed either from source, or from pre-built binary releases.
-
-### From Script
-
-kArmor has an installer script that will automatically grab the latest version of kArmor and install it locally.
-
 ```
-curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin
+curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin
 ```
 
-The binary will be installed in `/usr/local/bin` folder.
+### Installing from Source 
 
-### From Source 
-
-Building kArmor from source is slightly more work, but is the best way to go if you want to test the latest (pre-release) kArmor version.
+Build karmor from source if you want to test the latest (pre-release) karmor version.
 
 ```
 git clone https://github.com/kubearmor/kubearmor-client.git
@@ -35,23 +23,28 @@ make install
 ```
 CLI Utility to help manage KubeArmor
 
+KubeArmor is a container-aware runtime security enforcement system that
+restricts the behavior (such as process execution, file access, and networking
+operation) of containers at the system level.
+
 Usage:
   karmor [command]
 
 Available Commands:
-  completion  generate the autocompletion script for the specified shell
+  completion  Generate the autocompletion script for the specified shell
+  discover    Discover applicable policies
   get         Display specified resources
   help        Help about any command
+  insight     Policy insight from discovery engine
   install     Install KubeArmor in a Kubernetes Cluster
   log         Observe Logs from KubeArmor
+  rotate-tls  Rotate webhook controller tls certificates
+  selfupdate  selfupdate this cli tool
   sysdump     Collect system dump information for troubleshooting and error report
   uninstall   Uninstall KubeArmor from a Kubernetes Cluster
   version     Display version information
-  vm          VM commands
-
-Available VM SubCommands:
-  getscript   download vm installation script for nonk8s control plane
-  policy      policy handling for vm nonk8s control plane
+  vm          VM commands for kvmservice
+  probe       Checks for supported kubearmor features in the current environment       
 
 Flags:
   -h, --help   help for karmor

diff --git a/cmd/insight.go b/cmd/insight.go
@@ -13,8 +13,8 @@ var insightOptions insight.Options
 // insightCmd represents the insight command
 var insightCmd = &cobra.Command{
 	Use:   "insight",
-	Short: "Observe policy from the discovery engine",
-	Long:  `Observe policy from the discovery engine`,
+	Short: "Policy insight from discovery engine",
+	Long:  `Policy insight from discovery engine`,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if err := insight.StartInsight(insightOptions); err != nil {
 			return err
@@ -27,9 +27,12 @@ func init() {
 	rootCmd.AddCommand(insightCmd)
 
 	insightCmd.Flags().StringVar(&insightOptions.GRPC, "gRPC", "", "gRPC server information")
+	insightCmd.Flags().StringVar(&insightOptions.Source, "source", "all", "The DB for insight : system|network|all")
 	insightCmd.Flags().StringVar(&insightOptions.Labels, "labels", "", "Labels for resources")
 	insightCmd.Flags().StringVar(&insightOptions.Containername, "containername", "", "Filter according to the Container name")
 	insightCmd.Flags().StringVar(&insightOptions.Clustername, "clustername", "", "Filter according to the Cluster name")
 	insightCmd.Flags().StringVar(&insightOptions.Fromsource, "fromsource", "", "Filter according to the source path")
 	insightCmd.Flags().StringVarP(&insightOptions.Namespace, "namespace", "n", "", "Namespace for resources")
+	insightCmd.Flags().StringVar(&insightOptions.Type, "type", "", "NW packet type : ingress|egress")
+	insightCmd.Flags().StringVar(&insightOptions.Rule, "rule", "", "NW packet Rule")
 }
diff --git a/cmd/install.go b/cmd/install.go
@@ -16,6 +16,7 @@ var installCmd = &cobra.Command{
 	Short: "Install KubeArmor in a Kubernetes Cluster",
 	Long:  `Install KubeArmor in a Kubernetes Clusters`,
 	RunE: func(cmd *cobra.Command, args []string) error {
+		installOptions.Animation = true
 		if err := install.K8sInstaller(client, installOptions); err != nil {
 			return err
 		}
@@ -28,4 +29,7 @@ func init() {
 
 	installCmd.Flags().StringVarP(&installOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources")
 	installCmd.Flags().StringVarP(&installOptions.KubearmorImage, "image", "i", "kubearmor/kubearmor:stable", "Kubearmor daemonset image to use")
+	installCmd.Flags().StringVarP(&installOptions.Audit, "audit", "a", "", "Kubearmor Audit Posture Context [all,file,network,capabilities]")
+	installCmd.Flags().BoolVar(&installOptions.Save, "save", false, "Save KubeArmor Manifest ")
+
 }
diff --git a/cmd/log.go b/cmd/log.go
@@ -39,4 +39,6 @@ func init() {
 	logCmd.Flags().StringVar(&logOptions.PodName, "pod", "", "name of the pod ")
 	logCmd.Flags().StringVar(&logOptions.Resource, "resource", "", "command used by the user")
 	logCmd.Flags().StringVar(&logOptions.Source, "source", "", "binary used by the system ")
+	logCmd.Flags().Uint32Var(&logOptions.Limit, "limit", 0, "number of logs you want to see")
+	logCmd.Flags().StringArrayVarP(&logOptions.Selector, "selector", "l", []string{}, "use the label to get the particular log")
 }
diff --git a/cmd/observe.go b/cmd/observe.go
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2021 Authors of KubeArmor
+
+package cmd
+
+import (
+	"errors"
+
+	"github.com/kubearmor/kubearmor-client/observe"
+	"github.com/spf13/cobra"
+)
+
+var observeTelemetryOptions observe.TelemetryOptions
+
+var observeCmd = &cobra.Command{
+	Use:   "observe",
+	Short: "Retrieve observabilities data",
+	Long:  "Retrieve observabilities data",
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) < 1 {
+			return errors.New("requires an operation to observe as argument, valid operations are [file|network|process|syscall|alert]")
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if err := observe.StartObserveTelemetry(args, observeTelemetryOptions); err != nil {
+			return err
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(observeCmd)
+
+	observeCmd.Flags().StringVarP(&observeTelemetryOptions.Namespace, "namespace", "n", "default", "the desired namespace")
+	observeCmd.Flags().BoolVarP(&observeTelemetryOptions.AllNamespace, "all", "A", false, "the desired namespace")
+	observeCmd.Flags().StringVarP(&observeTelemetryOptions.Labels, "labels", "l", "", "the labels of the resource")
+	observeCmd.Flags().BoolVar(&observeTelemetryOptions.ShowLabels, "show-labels", false, "display the labels")
+	observeCmd.Flags().StringVar(&observeTelemetryOptions.Since, "since", "", "duration of observabilities data to be displayed")
+	observeCmd.Flags().StringVar(
+		&observeTelemetryOptions.CustomColumns,
+		"custom-columns",
+		"",
+		"the custom columns of the output, the valid keys are process_name, type, data, host_name, labels, container_image, ppid, cluster_name, parent_process_name, host_ppid, operation, result, created_at, namespace_name, container_name, host_pid, source, resource, pod_name, container_id, pid",
+	)
+	observeCmd.Flags().StringVar(&observeTelemetryOptions.GRPC, "gRPC", "", "gRPC server information")
+}
diff --git a/cmd/observe_alert.go b/cmd/observe_alert.go
@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2021 Authors of KubeArmor
+
+package cmd
+
+import (
+	"github.com/kubearmor/kubearmor-client/observe"
+	"github.com/spf13/cobra"
+)
+
+var observeAlertOptions observe.AlertOptions
+
+var observeAlertCmd = &cobra.Command{
+	Use:   "alert",
+	Short: "Retrieve alert",
+	Long:  "Retrieve alert",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if err := observe.StartObserveAlert(args, observeAlertOptions); err != nil {
+			return err
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	observeCmd.AddCommand(observeAlertCmd)
+
+	observeAlertCmd.Flags().StringVarP(&observeAlertOptions.Namespace, "namespace", "n", "", "Specify the namespace")
+	observeAlertCmd.Flags().StringVar(&observeAlertOptions.Pod, "pod", "", "name of the pod ")
+	observeAlertCmd.Flags().StringVar(&observeAlertOptions.Container, "container", "", "name of the container ")
+	observeAlertCmd.Flags().BoolVar(&observeAlertOptions.JSON, "json", false, "Flag to print alerts and logs in the JSON format")
+	observeAlertCmd.Flags().StringVar(&observeAlertOptions.GRPC, "gRPC", "", "gRPC server information")
+}
diff --git a/cmd/probe.go b/cmd/probe.go
@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2022 Authors of KubeArmor
+
+package cmd
+
+import (
+	"github.com/kubearmor/kubearmor-client/probe"
+	"github.com/spf13/cobra"
+)
+
+var probeInstallOptions probe.Options
+
+// probeCmd represents the get command
+var probeCmd = &cobra.Command{
+	Use:   "probe",
+	Short: "Checks for supported KubeArmor features in the current environment",
+	Long: `Checks for supported KubeArmor features in the current environment.
+
+If KubeArmor is not running, it does a precheck to know if kubearmor will be supported in the environment
+and what KubeArmor features will be supported e.g: observability, enforcement, etc. 
+	 
+If KubeArmor is running, It probes which environment KubeArmor is running on (e.g: systemd mode, kubernetes etc.), 
+the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if err := probe.PrintProbeResult(client, probeInstallOptions); err != nil {
+			return err
+		}
+		return nil
+
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(probeCmd)
+	probeCmd.Flags().StringVarP(&probeInstallOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources")
+	probeCmd.Flags().BoolVar(&probeInstallOptions.Full, "full", false, `If KubeArmor is not running, it deploys a daemonset to have access to more
+information on KubeArmor support in the environment and deletes daemonset after probing`)
+}
diff --git a/cmd/recommend.go b/cmd/recommend.go
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2022 Authors of KubeArmor
+
+package cmd
+
+import (
+	"github.com/kubearmor/kubearmor-client/recommend"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+var recommendOptions recommend.Options
+
+// recommendCmd represents the recommend command
+var recommendCmd = &cobra.Command{
+	Use:   "recommend",
+	Short: "Recommend Policies",
+	Long:  `Recommend policies based on container image, k8s manifest or the actual runtime env`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if err := recommend.Recommend(client, recommendOptions); err != nil {
+			return err
+		}
+		return nil
+	},
+}
+var updateCmd = &cobra.Command{
+	Use:   "update",
+	Short: "Updates policy-template cache",
+	Long:  "Updates the local cache of policy-templates ($HOME/.cache/karmor)",
+	RunE: func(cmd *cobra.Command, args []string) error {
+
+		if _, err := recommend.DownloadAndUnzipRelease(); err != nil {
+			return err
+		}
+		log.WithFields(log.Fields{
+			"Current Version": recommend.CurrentVersion,
+		}).Info("policy-templates updated")
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(recommendCmd)
+	recommendCmd.AddCommand(updateCmd)
+
+	recommendCmd.Flags().StringSliceVarP(&recommendOptions.Images, "image", "i", []string{}, "Container image list (comma separated)")
+	recommendCmd.Flags().StringSliceVarP(&recommendOptions.Labels, "labels", "l", []string{}, "User defined labels for policy (comma separated)")
+	recommendCmd.Flags().StringVarP(&recommendOptions.Namespace, "namespace", "n", "", "User defined namespace value for policies")
+	recommendCmd.Flags().StringVarP(&recommendOptions.OutDir, "outdir", "o", "out", "output folder to write policies")
+	recommendCmd.Flags().StringVarP(&recommendOptions.ReportFile, "report", "r", "report.txt", "report file")
+	recommendCmd.Flags().StringSliceVarP(&recommendOptions.Tags, "tag", "t", []string{}, "tags (comma-separated) to apply. Eg. PCI-DSS, MITRE")
+}
diff --git a/cmd/root.go b/cmd/root.go
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2021 Authors of KubeArmor
 
+// Package cmd is the collection of all the subcommands available in kArmor while providing relevant options for the same
 package cmd
 
 import (
@@ -37,6 +38,11 @@ operation) of containers at the system level.
 	SilenceErrors: true,
 }
 
+func init() {
+	rootCmd.PersistentFlags().StringVar(&k8s.KubeConfig, "kubeconfig", "", "Path to the kubeconfig file to use")
+	rootCmd.PersistentFlags().StringVar(&k8s.ContextName, "context", "", "Name of the kubeconfig context to use")
+}
+
 // Execute adds all child commands to the root command and sets flags appropriately.
 // This is called by main.main(). It only needs to happen once to the rootCmd.
 func Execute() {
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,6 +6,7 @@ @@
     *.dylib
     kubearmor*
     karmor
+    out/
     # Test binary, built with `go test -c`
     *.test
@@ Expand Down @@