Skip to content

Commit

Permalink
feat(adapters): Reconcilation for native policies
Browse files Browse the repository at this point in the history 
Signed-off-by: Anurag Rajawat <[email protected]>
  • Loading branch information
@anurag-rajawat
anurag-rajawat committed Feb 7, 2024
1 parent c460dc3 commit d82c23a
Show file tree
Hide file tree
Showing 16 changed files with 607 additions and 255 deletions.
32 changes: 18 additions & 14 deletions .github/workflows/pr-checks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,17 +83,21 @@ jobs:
- name: Build image
run: make docker-build

build-adapters-image:
strategy:
matrix:
adapters: [ "nimbus-kubearmor", "nimbus-netpol" ]
name: Build ${{ matrix.adapters }} adapter's image
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Checkout source code
uses: actions/checkout@v3

- name: Build image
working-directory: ./pkg/adapter/${{ matrix.adapters }}
run: make docker-build
# Temporarily disabled, since adapters have dependency on nimbus and this PR contains changes
# for both nimbus and for adapters. Due to which this job is failing. Once the adapters dependency
# for nimbus updated in a subsequent PR this job will be enabled.

# build-adapters-image:
# strategy:
# matrix:
# adapters: [ "nimbus-kubearmor", "nimbus-netpol" ]
# name: Build ${{ matrix.adapters }} adapter's image
# runs-on: ubuntu-latest
# timeout-minutes: 20
# steps:
# - name: Checkout source code
# uses: actions/checkout@v3
#
# - name: Build image
# working-directory: ./pkg/adapter/${{ matrix.adapters }}
# run: make docker-build
9 changes: 9 additions & 0 deletions pkg/adapter/common/common.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
// SPDX-License-Identifier: Apache-2.0
// Copyright 2023 Authors of Nimbus

package common

type Request struct {
Name string
Namespace string
}
18 changes: 10 additions & 8 deletions pkg/adapter/k8s/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,38 +16,40 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
)

// New returns a new Kubernetes client.
func New(scheme *runtime.Scheme) (client.Client, error) {
// NewOrDie returns a new Kubernetes client and panics if there is an error in
// the config.
func NewOrDie(scheme *runtime.Scheme) client.Client {
config, err := rest.InClusterConfig()
if err != nil && errors.Is(err, rest.ErrNotInCluster) {
kubeconfig := filepath.Join(os.Getenv("HOME"), ".kube", "config")
config, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
if err != nil {
return nil, fmt.Errorf("failed to load kubeconfig '%v', error: %v", kubeconfig, err)
panic(fmt.Sprintf("failed to load kubeconfig '%v', error: %v\n", kubeconfig, err))
}
}
k8sClient, err := client.New(config, client.Options{
Scheme: scheme,
})
if err != nil {
return nil, fmt.Errorf("failed to create client, error: %v", err)
panic(fmt.Sprintf("failed to create client, error: %v", err))
}
return k8sClient, nil
return k8sClient
}

// NewDynamicClient returns a Dynamic Kubernetes client.
// NewDynamicClient returns a Dynamic Kubernetes client and panics if there is an
// error in the config.
func NewDynamicClient() dynamic.Interface {
config, err := rest.InClusterConfig()
if err != nil && errors.Is(err, rest.ErrNotInCluster) {
kubeconfig := filepath.Join(os.Getenv("HOME"), ".kube", "config")
config, err = clientcmd.BuildConfigFromFlags("", kubeconfig)
if err != nil {
return nil
panic(err)
}
}
clientSet, err := dynamic.NewForConfig(config)
if err != nil {
return nil
panic(err)
}
return clientSet
}
2 changes: 1 addition & 1 deletion pkg/adapter/nimbus-kubearmor/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ require (
github.com/go-logr/logr v1.4.1
github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20240125171707-8e6641511fe3
k8s.io/apimachinery v0.29.1
k8s.io/client-go v0.29.1
sigs.k8s.io/controller-runtime v0.17.0
)

Expand Down Expand Up @@ -58,7 +59,6 @@ require (
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/api v0.29.1 // indirect
k8s.io/apiextensions-apiserver v0.29.1 // indirect
k8s.io/client-go v0.29.1 // indirect
k8s.io/component-base v0.29.1 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240126223410-2919ad4fcfec // indirect
Expand Down
11 changes: 1 addition & 10 deletions pkg/adapter/nimbus-kubearmor/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log/zap"

"github.com/5GSEC/nimbus/pkg/adapter/nimbus-kubearmor/manager"
"github.com/5GSEC/nimbus/pkg/adapter/watcher"
)

func main() {
Expand All @@ -23,14 +22,6 @@ func main() {
ctx, cancelFunc := context.WithCancel(context.Background())
ctrl.LoggerInto(ctx, logger)

nimbusPolicyCh := make(chan [2]string)
nimbusPolicyToDeleteCh := make(chan [2]string)
go watcher.WatchNimbusPolicies(ctx, nimbusPolicyCh, nimbusPolicyToDeleteCh)

clusterNpChan := make(chan string)
clusterNpToDeleteChan := make(chan string)
go watcher.WatchClusterNimbusPolicies(ctx, clusterNpChan, clusterNpToDeleteChan)

go func() {
termChan := make(chan os.Signal)
signal.Notify(termChan, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
Expand All @@ -41,5 +32,5 @@ func main() {
}()

logger.Info("KubeArmor adapter started")
manager.ManageKsps(ctx, nimbusPolicyCh, nimbusPolicyToDeleteCh, clusterNpChan, clusterNpToDeleteChan)
manager.Run(ctx)
}
146 changes: 0 additions & 146 deletions pkg/adapter/nimbus-kubearmor/manager/kspmanager.go
View file

This file was deleted.

Loading

0 comments on commit d82c23a

Please sign in to comment.