Merge pull request #106 from seungsoo-lee/master

Update ignoring flows/policy/rule types
accuknox · Jan 21, 2021 · 91d12aa · 91d12aa
2 parents bd6d93d + 54a8586
commit 91d12aa
Show file tree

Hide file tree

Showing 10 changed files with 334 additions and 163 deletions.
diff --git a/database/mysql/init/flow_management.sql b/database/mysql/init/flow_management.sql
@@ -31,17 +31,16 @@ CREATE TABLE IF NOT EXISTS `network_flow` (
 
 CREATE TABLE IF NOT EXISTS `discovered_policy` (
   `id` int NOT NULL AUTO_INCREMENT,
-
   `apiVersion` varchar(20) DEFAULT NULL,
   `kind` varchar(20) DEFAULT NULL,
   `name` varchar(50) DEFAULT NULL,
+  `cluster_name` varchar(50) DEFAULT NULL,
   `namespace` varchar(50) DEFAULT NULL,
   `type` varchar(10) DEFAULT NULL,
   `rule` varchar(30) DEFAULT NULL,
   `status` varchar(10) DEFAULT NULL,
   `outdated` varchar(50) DEFAULT NULL,
   `spec` JSON DEFAULT NULL,
-
   `generatedTime` int DEFAULT NULL,
   PRIMARY KEY (`id`)
 );

diff --git a/scripts/startService.sh b/scripts/startService.sh
@@ -37,6 +37,6 @@ export DISCOVERY_POLICY_TYPES=1
 export DISCOVERY_RULE_TYPES=1
 
 # skip namepsace info
-export IGNORING_SELECTOR_NAMESPACES="kube-system|knox-auto-policy|cilium|hipster"
+export IGNORING_NAMESPACES="kube-system|knox-auto-policy|cilium|hipster"
 
-$KNOX_AUTO_HOME/src/knoxAutoPolicy
+$KNOX_AUTO_HOME/src/knoxAutoPolicy
diff --git a/src/core/configManager.go b/src/core/configManager.go
@@ -12,6 +12,9 @@ import (
 // Cfg ...
 var Cfg types.Configuration
 
+// SkipNamespaces ...
+var SkipNamespaces []string
+
 func init() {
 	// initially, default -> applied
 	LoadDefaultConfig()
@@ -102,20 +105,14 @@ func LoadDefaultConfig() {
 
 	// discovery types
 	Cfg.DiscoveryPolicyTypes = libs.GetEnvInt("DISCOVERY_POLICY_TYPES", 3)
-	Cfg.DiscoveryPolicyTypes = libs.GetEnvInt("DISCOVERY_RULE_TYPES", 1)
+	Cfg.DiscoveryRuleTypes = libs.GetEnvInt("DISCOVERY_RULE_TYPES", 511)
 
 	// cidr bits
 	Cfg.CIDRBits = 32
 
 	// ignoring flows
-	skipNamespacesStr := libs.GetEnv("IGNORING_SELECTOR_NAMESPACES", "")
-	igFlow1 := types.IgnoringFlows{IgSelectorNamespaces: strings.Split(skipNamespacesStr, "|")}
-	igFlow2 := types.IgnoringFlows{
-		IgSelectorLabels: []string{"pod-template-hash",
-			"controller-revision-hash",            // from istana robot-shop
-			"statefulset.kubernetes.io/pod-name"}, // from istana robot-shop
-	}
-	Cfg.IgnoringFlows = []types.IgnoringFlows{igFlow1, igFlow2}
+	skipNamespacesStr := libs.GetEnv("IGNORING_NAMESPACES", "")
+	SkipNamespaces = strings.Split(skipNamespacesStr, "|")
 
 	// aggregation level
 	Cfg.L3AggregationLevel = 3