Merge pull request #286 from seungsoo-lee/dev

Updated minor
accuknox · Aug 12, 2021 · 8274104 · 8274104
2 parents 4d2704a + 8b01b7d
commit 8274104
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 33 deletions.
diff --git a/deployments/k8s/dev-config.yaml b/deployments/k8s/dev-config.yaml
@@ -25,7 +25,7 @@ data:
         system-policy-to: "db|file"               # db, file
         system-policy-dir: "./"
       cluster:
-        cluster-info-from: "accuknox"            # k8sclient|accuknox
+        cluster-info-from: "k8sclient"            # k8sclient|accuknox
         cluster-mgmt-url: "http://cluster-management-service.accuknox-dev-cluster-mgmt.svc.cluster.local/cm"
 
     database:
@@ -39,6 +39,7 @@ data:
       table-network-log: network_log
       table-network-policy: network_policy
       table-system-log: system_log
+      table-system-alert: system_alert
       table-system-policy: system_policy
 
     feed-consumer:

diff --git a/src/conf/local.yaml b/src/conf/local.yaml
@@ -9,7 +9,7 @@ application:
     network-policy-to: "db|file"              # db, file
     network-policy-dir: "./"
   system:
-    operation-mode: 2                         # 1: cronjob | 2: one-time-job
+    operation-mode: 1                         # 1: cronjob | 2: one-time-job
     cron-job-time-interval: "0h0m10s"         # format: XhYmZs
     operation-trigger: 100 
     system-log-from: "db"                     # db|kubearmor

diff --git a/src/networkpolicy/helperFunctions.go b/src/networkpolicy/helperFunctions.go
@@ -211,7 +211,7 @@ func getNetworkLogs() []types.KnoxNetworkLog {
 
 		// get flows from hubble relay
 		flows := plugin.GetCiliumFlowsFromHubble(OperationTrigger)
-		if len(flows) == 0 {
+		if len(flows) == 0 || len(flows) < OperationTrigger {
 			return nil
 		}
 

diff --git a/src/networkpolicy/networkPolicy.go b/src/networkpolicy/networkPolicy.go
@@ -101,6 +101,28 @@ func init() {
 	NetworkWaitG = sync.WaitGroup{}
 }
 
+func initNetPolicyDiscoveryConfiguration() {
+	CfgDB = cfg.GetCfgDB()
+
+	OneTimeJobTime = cfg.GetCfgNetOneTime()
+
+	OperationTrigger = cfg.GetCfgNetOperationTrigger()
+
+	NetworkLogFrom = cfg.GetCfgNetworkLogFrom()
+	NetworkLogFile = cfg.GetCfgNetworkLogFile()
+	NetworkPolicyTo = cfg.GetCfgNetworkPolicyTo()
+
+	L3DiscoveryLevel = cfg.GetCfgNetworkL3Level()
+	L4DiscoveryLevel = cfg.GetCfgNetworkL4Level()
+	L7DiscoveryLevel = cfg.GetCfgNetworkL7Level()
+
+	CIDRBits = cfg.GetCfgCIDRBits()
+	HTTPThreshold = cfg.GetCfgNetworkHTTPThreshold()
+
+	NetworkLogFilters = cfg.GetCfgNetworkLogFilters()
+	NamespaceFilters = cfg.GetCfgNetworkSkipNamespaces()
+}
+
 // ============================= //
 // == Multi Cluster Variables == //
 // ============================= //
@@ -1491,28 +1513,6 @@ func DiscoverNetworkPolicy(namespace string,
 	return networkPolicies
 }
 
-func initNetPolicyDiscoveryConfiguration() {
-	CfgDB = cfg.GetCfgDB()
-
-	OneTimeJobTime = cfg.GetCfgNetOneTime()
-
-	OperationTrigger = cfg.GetCfgNetOperationTrigger()
-
-	NetworkLogFrom = cfg.GetCfgNetworkLogFrom()
-	NetworkLogFile = cfg.GetCfgNetworkLogFile()
-	NetworkPolicyTo = cfg.GetCfgNetworkPolicyTo()
-
-	L3DiscoveryLevel = cfg.GetCfgNetworkL3Level()
-	L4DiscoveryLevel = cfg.GetCfgNetworkL4Level()
-	L7DiscoveryLevel = cfg.GetCfgNetworkL7Level()
-
-	CIDRBits = cfg.GetCfgCIDRBits()
-	HTTPThreshold = cfg.GetCfgNetworkHTTPThreshold()
-
-	NetworkLogFilters = cfg.GetCfgNetworkLogFilters()
-	NamespaceFilters = cfg.GetCfgNetworkSkipNamespaces()
-}
-
 func DiscoverNetworkPolicyMain() {
 	if NetworkWorkerStatus == STATUS_RUNNING {
 		return
@@ -1568,9 +1568,7 @@ func DiscoverNetworkPolicyMain() {
 			// reset flow id track at each target namespace
 			clearTrackFlowIDMaps()
 
-			// ========================================================= //
-			// == discover network policies based on the network logs == //
-			// ========================================================= //
+			// discover network policies based on the network logs
 			discoveredNetPolicies := DiscoverNetworkPolicy(targetNamespace, namespaceFilteredLogs, services, endpoints, pods)
 
 			// get existing network policies in db

diff --git a/src/server/grpcServer.go b/src/server/grpcServer.go
@@ -240,13 +240,13 @@ func GetNewServer() *grpc.Server {
 	if cfg.GetCurrentCfg().ConfigClusterMgmt.ClusterInfoFrom != "k8sclient" {
 		// start consumer automatically
 		feedconsumer.StartConsumer()
+	}
 
-		// start net worker automatically
-		networker.StartNetworkWorker()
+	// start net worker automatically
+	networker.StartNetworkWorker()
 
-		// start sys worker automatically
-		sysworker.StartSystemWorker()
-	}
+	// start sys worker automatically
+	sysworker.StartSystemWorker()
 
 	return s
 }