Merged

.gitignore

@@ -1,4 +1,5 @@
 .vscode/
+*.yaml
 src/knoxAutoPolicy
 src/go.sum
 script/log

deployments/k8s/dev-config.yaml

@@ -6,52 +6,57 @@ data:
   conf.yaml: |-
     application:
       name: knoxautopolicy
-      operation-mode: 2
-      cron-job-time-interval: "@every 0h0m10s"
-      network-log-from: db
-      network-log-file: "./flow.json"
-      network-policy-to: "db|file"
-      network-policy-dir: "./"
-      network-policy-types: 3
-      network-policy-rule-types: 511
-      network-policy-ignoring-namespaces: "kube-system"
-      system-log-from: db
-      system-log-file: "./log.json"
-      system-policy-to: "db|file"
-      system-policy-dir: "./"
-      #accuknox-cluster-mgmt: "http://cluster-management-service.accuknox-dev-cluster-mgmt.svc.cluster.local/cm"
-      accuknox-cluster-mgmt: "http://localhost:8080"
-
-    logging:
-      level: INFO
-
-    kafka:
-      broker-address-family: v4
-      session-timeout-ms: 6000
-      auto-offset-reset: "earliest"
-      bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092"
-      group-id: policy.cilium
-      topics: 
-        - cilium-telemetry
-        - kubearmor-syslogs
-      ssl:
-        enabled: false
-      events:
-        buffer: 50
+      network:
+        operation-mode: 1                         # 1: cronjob | 2: one-time-job
+        cron-job-time-interval: "0h0m10s"         # format: XhYmZs 
+        network-log-from: "db"                    # db|hubble
+        network-log-file: "./flow.json"           # file path
+        network-policy-to: "db|file"              # db, file
+        network-policy-dir: "./"
+        network-policy-types: 3
+        network-policy-rule-types: 511
+      system:
+        operation-mode: 1                         # 1: cronjob | 2: one-time-job
+        cron-job-time-interval: "0h0m10s"         # format: XhYmZs 
+        system-log-from: "db"                     # db|kubearmor
+        system-log-file: "./log.json"             # file path
+        system-policy-to: "db|file"               # db, file
+        system-policy-dir: "./"
+      cluster:
+        cluster-info-from: "accuknox"            # k8sclient|accuknox
+        cluster-mgmt-url: "http://cluster-management-service.accuknox-dev-cluster-mgmt.svc.cluster.local/cm"
 
     database:
       driver: mysql
-      host: mysql.accuknox-dev-mysql.svc.cluster.local
+      host: 127.0.0.1
       port: 3306
-      user: accuknox_user
-      password: EAy5Kq4uhc5Gkws
-      dbname: accuknox
+      user: root
+      password: password
+      dbname: knoxautopolicy
       table-configuration: auto_policy_config
       table-network-log: network_log
       table-network-policy: network_policy
       table-system-log: system_log
       table-system-policy: system_policy
 
+    feed-consumer:
+      kafka:
+        broker-address-family: v4
+        session-timeout-ms: 6000
+        auto-offset-reset: "earliest"
+        bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092"
+        group-id: policy.cilium
+        topics: 
+          - cilium-telemetry
+          - kubearmor-syslogs
+        ssl:
+          enabled: false
+        events:
+          buffer: 50
+
+    logging:
+      level: "INFO"
+
     cilium-hubble:
       url: 10.4.41.240
-      port: 80
+      port: 80

helm/templates/deployment.yaml

@@ -14,8 +14,7 @@ spec:
         container: knoxautopolicy
     spec:
       containers:
-      - image: gcr.io/accuknox/snapshot/knoxautopolicy
-        #image: "{{ .Values.knoxautopolicy.repository }}:{{ .Values.knoxautopolicy.image.tag | default .Chart.AppVersion }}"
+      - image: "{{ .Values.knoxautopolicy.image.repository }}:{{ .Values.knoxautopolicy.image.tag | default .Chart.AppVersion }}"
         name: knoxautopolicy
         ports:
         - containerPort: 9089

helm/templates/dev-config.yaml

@@ -7,32 +7,25 @@ data:
   conf.yaml: |-
     application:
       name: knoxautopolicy
-      operation-mode: 1
-      cron-job-time-interval: "@every 0h0m10s"
-      network-log-from: db
-      discovered-policy-to: "db|file"
-      policy-dir: "./"
-      discovery-policy-types: 3
-      discovery-rule-types: 511
-      ignoring-namespaces: "kube-system"
-      accuknox-cluster-mgmt: "http://cluster-management-service.accuknox-dev-cluster-mgmt.svc.cluster.local"
-
-    logging:
-      level: INFO
-
-    kafka:
-      broker-address-family: v4
-      session-timeout-ms: 6000
-      auto-offset-reset: "earliest"
-      bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092"
-      group-id: policy.cilium
-      topics: 
-        - cilium-telemetry
-        - kubearmor-syslogs
-      ssl:
-        enabled: false
-      events:
-        buffer: 50
+      network:
+        operation-mode: 1                         # 1: cronjob | 2: one-time-job
+        cron-job-time-interval: "0h0m10s"         # format: XhYmZs 
+        network-log-from: "db"                    # db|hubble
+        network-log-file: "./flow.json"           # file path
+        network-policy-to: "db|file"              # db, file
+        network-policy-dir: "./"
+        network-policy-types: 3
+        network-policy-rule-types: 511
+      system:
+        operation-mode: 1                         # 1: cronjob | 2: one-time-job
+        cron-job-time-interval: "0h0m10s"         # format: XhYmZs 
+        system-log-from: "db"                     # db|kubearmor
+        system-log-file: "./log.json"             # file path
+        system-policy-to: "db|file"               # db, file
+        system-policy-dir: "./"
+      cluster:
+        cluster-info-from: "accuknox"            # k8sclient|accuknox
+        cluster-mgmt-url: "http://cluster-management-service.accuknox-dev-cluster-mgmt.svc.cluster.local/cm"
 
     database:
       driver: mysql
@@ -41,11 +34,30 @@ data:
       user: accuknox_user
       password: EAy5Kq4uhc5Gkws
       dbname: accuknox
-      table-network-flow: network_flow_events
-      table-discovered-policies: discovered_policies
       table-configuration: auto_policy_config
-      table-system-log: system_log_events
+      table-network-log: network_log
+      table-network-policy: network_policy
+      table-system-log: system_log
+      table-system-policy: system_policy
 
+    feed-consumer:
+      kafka:
+        broker-address-family: v4
+        session-timeout-ms: 6000
+        auto-offset-reset: "earliest"
+        bootstrap-servers: "dev-kafka-kafka-bootstrap.accuknox-dev-kafka.svc.cluster.local:9092"
+        group-id: policy.cilium
+        topics: 
+          - cilium-telemetry
+          - kubearmor-syslogs
+        ssl:
+          enabled: false
+        events:
+          buffer: 50
+
+    logging:
+      level: "INFO"
+
     cilium-hubble:
       url: 10.4.41.240
-      port: 80
+      port: 80

helm/values.yaml

@@ -5,10 +5,10 @@
 replicaCount: 1
 knoxautopolicy:
   image:
-    repository: gcr.io/accuknox/snapshot/knoxautopolicy
+    repository: gcr.io/accuknox/dev/knoxautopolicy
     pullPolicy: Always
     # Overrides the image tag whose default is the chart appVersion.
-    tag: 1.0.14
+    tag: ""
 
 
 volumeMounts:
@@ -20,7 +20,7 @@ volumes:
     configMap:
       name: knoxautopolicy-config
 
-      
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

onboarding/check_grpcurl.sh

@@ -2,7 +2,7 @@
 
 echo "[INFO] Check grpcurl"
 
-if ! command -v go &> /dev/null
+if ! command -v grpcurl &> /dev/null
 then
     echo "[INFO] grpcurl could not be found"
     exit 1