Skip to content

Commit

Permalink
fix: probe command
Browse files Browse the repository at this point in the history
  • Loading branch information
jokestax committed Nov 15, 2024
1 parent e2d828a commit 78fa78f
Show file tree
Hide file tree
Showing 36 changed files with 202 additions and 219 deletions.
2 changes: 0 additions & 2 deletions cmd/probe.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,8 @@ and what KubeArmor features will be supported e.g: observability, enforcement, e
If KubeArmor is running, It probes which environment KubeArmor is running on (e.g: systemd mode, kubernetes etc.),
the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`,
RunE: func(cmd *cobra.Command, args []string) error {

err := probe.PrintProbeResult(client, probeInstallOptions)
return err

},
}

Expand Down
2 changes: 1 addition & 1 deletion cmd/recommend.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ var recommendCmd = &cobra.Command{
return err
},
}

var updateCmd = &cobra.Command{
Use: "update",
Short: "Updates policy-template cache",
Long: "Updates the local cache of policy-templates ($HOME/.cache/karmor)",
RunE: func(cmd *cobra.Command, args []string) error {

if _, err := genericpolicies.DownloadAndUnzipRelease(); err != nil {
return err
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ var rootCmd = &cobra.Command{
PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
var err error

//Initialise k8sClient for all child commands to inherit
// Initialise k8sClient for all child commands to inherit
client, err = k8s.ConnectK8sClient()
// fmt.Printf("%v", client.K8sClientset)
if err != nil {
Expand Down
26 changes: 14 additions & 12 deletions cmd/rotate-tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,20 @@ import (
"github.com/spf13/cobra"
)

var namespace string
var rotateCmd = &cobra.Command{
Use: "rotate-tls",
Short: "Rotate webhook controller tls certificates",
Long: `Rotate webhook controller tls certificates`,
RunE: func(cmd *cobra.Command, args []string) error {
if err := rotatetls.RotateTLS(client, namespace); err != nil {
return err
}
return nil
},
}
var (
namespace string
rotateCmd = &cobra.Command{
Use: "rotate-tls",
Short: "Rotate webhook controller tls certificates",
Long: `Rotate webhook controller tls certificates`,
RunE: func(cmd *cobra.Command, args []string) error {
if err := rotatetls.RotateTLS(client, namespace); err != nil {
return err
}
return nil
},
}
)

func init() {
rootCmd.AddCommand(rotateCmd)
Expand Down
2 changes: 1 addition & 1 deletion cmd/vm.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ var (
HTTPIP string
// HTTPPort : Port of the http request
HTTPPort string
//IsKvmsEnv : Is kubearmor virtual machine env?
// IsKvmsEnv : Is kubearmor virtual machine env?
IsKvmsEnv bool
)

Expand Down
4 changes: 1 addition & 3 deletions cmd/vmlabel.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,7 @@ import (
"github.com/spf13/cobra"
)

var (
labelOptions vm.LabelOptions
)
var labelOptions vm.LabelOptions

// vmLabelCmd represents the vm command for label management
var vmLabelCmd = &cobra.Command{
Expand Down
19 changes: 9 additions & 10 deletions deployment/probedeployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,25 +16,24 @@ var Karmorprobe = "karmor-probe"

// GenerateDaemonSet Function
func GenerateDaemonSet(namespace string, krnhdr bool) *appsv1.DaemonSet {

var label = map[string]string{
label := map[string]string{
"kubearmor-app": Karmorprobe,
}
var privileged = bool(true)
var terminationGracePeriodSeconds = int64(30)
var args = []string{
privileged := bool(true)
terminationGracePeriodSeconds := int64(30)
args := []string{
"while true; do sleep 30; done;",
}

var volumeMounts = []corev1.VolumeMount{
volumeMounts := []corev1.VolumeMount{
{
Name: "lsm-path", //lsm (read-only)
Name: "lsm-path", // lsm (read-only)
MountPath: "/sys/kernel/security",
ReadOnly: true,
},
}

var volumes = []corev1.Volume{
volumes := []corev1.Volume{
{
Name: "lsm-path",
VolumeSource: corev1.VolumeSource{
Expand All @@ -48,12 +47,12 @@ func GenerateDaemonSet(namespace string, krnhdr bool) *appsv1.DaemonSet {
if krnhdr {
volumeMounts = append(volumeMounts, []corev1.VolumeMount{
{
Name: "lib-modules", //lib modules (read-only)
Name: "lib-modules", // lib modules (read-only)
MountPath: "/lib/modules",
ReadOnly: true,
},
{
Name: "kernel-header", //kernel header (read-only)
Name: "kernel-header", // kernel header (read-only)
MountPath: "/usr/src",
ReadOnly: true,
},
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ require (
github.com/accuknox/auto-policy-discovery/src v0.0.0-20230912162532-0b5b73425c5a
github.com/charmbracelet/bubbles v0.17.1
github.com/charmbracelet/bubbletea v0.25.0
github.com/charmbracelet/lipgloss v0.9.1
github.com/charmbracelet/lipgloss v0.10.0
github.com/deckarep/golang-set/v2 v2.6.0
github.com/evertras/bubble-table v0.15.6
github.com/google/go-cmp v0.6.0
Expand Down Expand Up @@ -285,7 +285,7 @@ require (
github.com/protocolbuffers/txtpbfmt v0.0.0-20231025115547-084445ff1adf // indirect
github.com/r3labs/diff v1.1.0 // indirect
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/robfig/cron v1.2.0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/rubenv/sql-migrate v1.6.0 // indirect
Expand Down
8 changes: 4 additions & 4 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -332,8 +332,8 @@ github.com/charmbracelet/bubbles v0.17.1 h1:0SIyjOnkrsfDo88YvPgAWvZMwXe26TP6drRv
github.com/charmbracelet/bubbles v0.17.1/go.mod h1:9HxZWlkCqz2PRwsCbYl7a3KXvGzFaDHpYbSYMJ+nE3o=
github.com/charmbracelet/bubbletea v0.25.0 h1:bAfwk7jRz7FKFl9RzlIULPkStffg5k6pNt5dywy4TcM=
github.com/charmbracelet/bubbletea v0.25.0/go.mod h1:EN3QDR1T5ZdWmdfDzYcqOCAps45+QIJbLOBxmVNWNNg=
github.com/charmbracelet/lipgloss v0.9.1 h1:PNyd3jvaJbg4jRHKWXnCj1akQm4rh8dbEzN1p/u1KWg=
github.com/charmbracelet/lipgloss v0.9.1/go.mod h1:1mPmG4cxScwUQALAAnacHaigiiHB9Pmr+v1VEawJl6I=
github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s=
github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE=
github.com/chavacava/garif v0.0.0-20210405163807-87a70f3d418b/go.mod h1:Qjyv4H3//PWVzTeCezG2b9IRn6myJxJSr4TD/xo6ojU=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM=
Expand Down Expand Up @@ -1352,8 +1352,8 @@ github.com/rhysd/go-github-selfupdate v1.2.3 h1:iaa+J202f+Nc+A8zi75uccC8Wg3omaM7
github.com/rhysd/go-github-selfupdate v1.2.3/go.mod h1:mp/N8zj6jFfBQy/XMYoWsmfzxazpPAODuqarmPDe2Rg=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=
github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/robfig/cron v1.2.0 h1:ZjScXvvxeQ63Dbyxy76Fj3AT3Ut0aKsyd2/tl3DTMuQ=
github.com/robfig/cron v1.2.0/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
Expand Down
6 changes: 4 additions & 2 deletions install/customResource.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,10 @@ import (
apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
)

var kspName = "kubearmorpolicies.security.kubearmor.com"
var hspName = "kubearmorhostpolicies.security.kubearmor.com"
var (
kspName = "kubearmorpolicies.security.kubearmor.com"
hspName = "kubearmorhostpolicies.security.kubearmor.com"
)

// CreateCustomResourceDefinition creates the CRD and add it into Kubernetes.
func CreateCustomResourceDefinition(crdName string) apiextensions.CustomResourceDefinition {
Expand Down
54 changes: 30 additions & 24 deletions install/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,29 +5,35 @@ package install

var kubearmor = "kubearmor"

var serviceAccountName = kubearmor
var operatorServiceAccountName = "kubearmor-operator"
var KubeArmorOperatorClusterRoleName = "kubearmor-operator-clusterrole"
var KubeArmorOperatorManageClusterRoleName = "kubearmor-operator-manage-kubearmor-clusterrole"
var KubeArmorOperatorManageControllerClusterRoleName = "kubearmor-operator-manage-controller-clusterrole"
var KubeArmorClusterRoleName = "kubearmor-clusterrole"
var RelayClusterRoleName = "kubearmor-relay-clusterrole"
var KubeArmorControllerClusterRoleName = "kubearmor-controller-clusterrole"
var KubeArmorSnitchClusterRoleName = "kubearmor-snitch"
var KubeArmorControllerProxyClusterRoleName = "kubearmor-controller-proxy-role"
var (
serviceAccountName = kubearmor
operatorServiceAccountName = "kubearmor-operator"
KubeArmorOperatorClusterRoleName = "kubearmor-operator-clusterrole"
KubeArmorOperatorManageClusterRoleName = "kubearmor-operator-manage-kubearmor-clusterrole"
KubeArmorOperatorManageControllerClusterRoleName = "kubearmor-operator-manage-controller-clusterrole"
KubeArmorClusterRoleName = "kubearmor-clusterrole"
RelayClusterRoleName = "kubearmor-relay-clusterrole"
KubeArmorControllerClusterRoleName = "kubearmor-controller-clusterrole"
KubeArmorSnitchClusterRoleName = "kubearmor-snitch"
KubeArmorControllerProxyClusterRoleName = "kubearmor-controller-proxy-role"
)

var KubeArmorSnitchClusterroleBindingName = "kubearmor-snitch-binding"
var RelayClusterRoleBindingName = "kubearmor-relay-clusterrolebinding"
var KubeArmorControllerProxyClusterRoleBindingName = "kubearmor-controller-proxy-rolebinding"
var KubeArmorControllerClusterRoleBindingName = "kubearmor-controller-clusterrolebinding"
var KubeArmorClusterRoleBindingName = "kubearmor-clusterrolebinding"
var KubeArmorOperatorManageControllerClusterRoleBindingName = "kubearmor-operator-manage-controller-clusterrole-binding"
var KubeArmorOperatorManageClusterRoleBindingName = "kubearmor-operator-manage-kubearmor-clusterrole-binding"
var KubeArmorOperatorClusterRoleBindingName = "kubearmor-operator-clusterrole-binding"
var (
KubeArmorSnitchClusterroleBindingName = "kubearmor-snitch-binding"
RelayClusterRoleBindingName = "kubearmor-relay-clusterrolebinding"
KubeArmorControllerProxyClusterRoleBindingName = "kubearmor-controller-proxy-rolebinding"
KubeArmorControllerClusterRoleBindingName = "kubearmor-controller-clusterrolebinding"
KubeArmorClusterRoleBindingName = "kubearmor-clusterrolebinding"
KubeArmorOperatorManageControllerClusterRoleBindingName = "kubearmor-operator-manage-controller-clusterrole-binding"
KubeArmorOperatorManageClusterRoleBindingName = "kubearmor-operator-manage-kubearmor-clusterrole-binding"
KubeArmorOperatorClusterRoleBindingName = "kubearmor-operator-clusterrole-binding"
)

var relayServiceName = kubearmor
var relayDeploymentName = "kubearmor-relay"
var policyManagerServiceName = "kubearmor-policy-manager-metrics-service"
var policyManagerDeploymentName = "kubearmor-policy-manager"
var hostPolicyManagerServiceName = "kubearmor-host-policy-manager-metrics-service"
var hostPolicyManagerDeploymentName = "kubearmor-host-policy-manager"
var (
relayServiceName = kubearmor
relayDeploymentName = "kubearmor-relay"
policyManagerServiceName = "kubearmor-policy-manager-metrics-service"
policyManagerDeploymentName = "kubearmor-policy-manager"
hostPolicyManagerServiceName = "kubearmor-host-policy-manager-metrics-service"
hostPolicyManagerDeploymentName = "kubearmor-host-policy-manager"
)
20 changes: 10 additions & 10 deletions install/install.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,13 @@ package install

import (
"context"
"io"
"path/filepath"

"errors"
"fmt"
"io"
"log"
"os"
"path"
"path/filepath"
"slices"
"strings"
"time"
Expand Down Expand Up @@ -75,10 +74,12 @@ type envOption struct {
Environment string
}

var verify bool
var progress int
var cursorcount int
var validEnvironments = []string{"k0s", "k3s", "microK8s", "minikube", "gke", "bottlerocket", "eks", "docker", "oke", "generic"}
var (
verify bool
progress int
cursorcount int
validEnvironments = []string{"k0s", "k3s", "microK8s", "minikube", "gke", "bottlerocket", "eks", "docker", "oke", "generic"}
)

// Checks if passed string is a valid environment
func (env *envOption) CheckAndSetValidEnvironmentOption(envOption string) error {
Expand Down Expand Up @@ -377,7 +378,6 @@ func checkPodsLegacy(c *k8s.Client, o Options) {
}
break
}

}

func checkTerminatingPods(c *k8s.Client, ns string) int {
Expand Down Expand Up @@ -903,7 +903,7 @@ func writeHelmManifests(manifests string, filename string, printYAML []interface
}
}

file, _ := os.OpenFile("kubearmor.yaml", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
file, _ := os.OpenFile("kubearmor.yaml", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o600)
// Write the string to the file
_, err = file.WriteString(manifests + "\n")
if err != nil {
Expand Down Expand Up @@ -972,7 +972,7 @@ func K8sInstaller(c *k8s.Client, o Options) error {

var repoFile repo.File
repoFile.Update(entry)
if err := repoFile.WriteFile(settings.RepositoryConfig, 0644); err != nil {
if err := repoFile.WriteFile(settings.RepositoryConfig, 0o644); err != nil {
return fmt.Errorf("failed to write repository file: %w", err)
}

Expand Down
14 changes: 9 additions & 5 deletions log/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,17 @@ type Options struct {
}

// StopChan Channel
var StopChan chan struct{}
var sigChan chan os.Signal
var (
StopChan chan struct{}
sigChan chan os.Signal
)

// UnblockSignal is a flag to check whether the Watch* APIs have exited or signal has rcvd
var UnblockSignal error
var matchLabels = map[string]string{"kubearmor-app": "kubearmor-relay"}
var port int64 = 32767
var (
UnblockSignal error
matchLabels = map[string]string{"kubearmor-app": "kubearmor-relay"}
port int64 = 32767
)

// GetOSSigChannel Function
func GetOSSigChannel() chan os.Signal {
Expand Down
14 changes: 6 additions & 8 deletions log/logClient.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,10 @@ type EventInfo struct {
}

// Limitchan handles telemetry event output limit
var Limitchan chan bool
var i uint32
var (
Limitchan chan bool
i uint32
)

// ============ //
// == Common == //
Expand All @@ -53,7 +55,7 @@ func StrToFile(str, destFile string) {
}

// #nosec
file, err := os.OpenFile(destFile, os.O_WRONLY|os.O_APPEND, 0644)
file, err := os.OpenFile(destFile, os.O_WRONLY|os.O_APPEND, 0o644)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to open a file (%s, %s)\n", destFile, err.Error())
}
Expand Down Expand Up @@ -81,7 +83,7 @@ type Feeder struct {
// server
server string

//limit
// limit
limit uint32

// connection
Expand Down Expand Up @@ -228,7 +230,6 @@ func (fd *Feeder) WatchMessages(msgPath string, jsonFormat bool) error {
}

func regexMatcher(filter *regexp.Regexp, res string) bool {

match := filter.MatchString(res)
if !match {
return false
Expand Down Expand Up @@ -413,7 +414,6 @@ func WatchTelemetryHelper(arr []byte, t string, o Options) {

var prettyJSON bytes.Buffer
err = json.Indent(&prettyJSON, arr, "", " ")

if err != nil {
fmt.Fprintf(os.Stderr, "Failed to prettify JSON (%s)\n", err.Error())
}
Expand Down Expand Up @@ -479,7 +479,6 @@ func WatchTelemetryHelper(arr []byte, t string, o Options) {
} else if o.LogPath != "" {
StrToFile(str, o.LogPath)
}

}

// DestroyClient Function
Expand All @@ -498,7 +497,6 @@ func selectLabels(o Options, labels []string) error {
return nil
}
}

}
return errors.New("Not found any flag")
}
Expand Down
Loading

0 comments on commit 78fa78f

Please sign in to comment.