-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial sysdump utility Collect required System Information to troubleshoot issues from the various k8s resources available Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> collect logs from kubearmor pod Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Archive sysdump Create dump files in the temp directory and then archive them into `karmor-sysdump.zip` Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> dump more infromation using exec syscalls added boot-config, ls,m, apparmor, dmesg to dump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> add timestamp to sysdump archive name Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> copy from inside kubearmor pod * Removed host side deps * Used Remote Command executor for streaming file for sysdump ( inspired from kubectl cp ) * Fixed sec vuln for file permission bits Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> volume mount apparmor.d if not minikube env Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add description of annotated pods to sysdump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> concurrently dump resources Fetch all the resources for sysdump concurrently, if there's an empty dump we return err, else if we have dump but there's an error, we create the partial sysdump and return error. Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add pod events to sysdump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add sysdump usage to README Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> update deps updated direct dependencies pinned archiver dep to latest commit to fix vulnerability in a transitive dep Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> add codeql analysis workflow Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> docs: updates README.md Signed-off-by: Thiago Navarro <navarro@accuknox.com> add namespace flag to install and unistall Increase timeout for lint action Add troubleshoot information in log client Failure to connect to log grpc server is mostly due to not port-forwarding, so added relevant commands in the error message for convenience Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add eks environment detection Configure daemonset options w.r.t. eks Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> reconfigure daemonset - added k3s support - use maps to store environment specific configuration Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> [VM] Added new command to download vm installation script from kvmsoperator [VM Support]Added option for providing external IP as input Support for VM command : 1. added option to provide namespace 2. option to provide port value Karmor VM support -- Addressed review comments using revive for go-lint [VM Support] Modified code to identify the namespace of kvmservice instead of inputting the same [VM Support] Modified code to identify the namespace of kvmservice instead of inputting the same Fixed protobuf package definition to match the same as KVMService protobuf package Fixed protobuf package definition to match the same as KVMService proto added karmor install --image option fixed lint warnings add GH workflow for just code build fixed gosec issue with kvm option prepare for release 0.3 * cleanup duplicate protobuf * add vm usage to README Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Modifying/Adding support for karmor to support non-k8s control plane Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com> refactor vm policy boilerplate code added argument validation Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Add policy handling mechanism configure gRPC client in kArmor to send host policy event based on argument policy YAML Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Prepare for release 0.4 - Update README with vm related commands - Remove fork based KubeArmor dep - Remove duplicate VM policy subcommand Signed-off-by: daemon1024 <barun.acharya@accuknox.com> fix: fix mounts for minikube Karmor now works with minikube. Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com> sync with deploygen Signed-off-by: Jaehyun Nam <jn@accuknox.com> add license headers Signed-off-by: Jaehyun Nam <jn@accuknox.com> fix golint issues Signed-off-by: Jaehyun Nam <jn@accuknox.com> clean up whitespaces Signed-off-by: Jaehyun Nam <jn@accuknox.com> add license headers Signed-off-by: Jaehyun Nam <jn@accuknox.com> update Makefile Signed-off-by: Jaehyun Nam <jn@accuknox.com> fix typo Signed-off-by: Jaehyun Nam <jn@accuknox.com> update log Signed-off-by: Jaehyun Nam <jn@accuknox.com> update logClient Signed-off-by: Jaehyun Nam <jn@accuknox.com> Fetch installation deployments from KubeArmor Signed-off-by: daemon1024 <barun.acharya@accuknox.com> new containerImage field added Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> update karmor to use stable KubeArmor release instead of latest Signed-off-by: Ankur Kothiwal <ankur.kothiwal@accuknox.com> update deployment package Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Added new commands and modified existing vm commands for vm onboarding, policy enforcement for nonk8s control plane Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com>
- Loading branch information
1 parent
205c5d6
commit be9cca7
Showing
30 changed files
with
2,304 additions
and
618 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
# For most projects, this workflow file will not need changing; you simply need | ||
# to commit it to your repository. | ||
# | ||
# You may wish to alter this file to override the set of languages analyzed, | ||
# or to provide custom queries or build logic. | ||
# | ||
# ******** NOTE ******** | ||
# We have attempted to detect the languages in your repository. Please check | ||
# the `language` matrix defined below to confirm you have the correct set of | ||
# supported CodeQL languages. | ||
# | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [main] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: [main] | ||
schedule: | ||
- cron: "27 20 * * 2" | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: ["go"] | ||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | ||
# Learn more about CodeQL language support at https://git.io/codeql-language-support | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v2 | ||
|
||
# Initializes the CodeQL tools for scanning. | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v1 | ||
with: | ||
languages: ${{ matrix.language }} | ||
# If you wish to specify custom queries, you can do so here or in a config file. | ||
# By default, queries listed here will override any specified in a config file. | ||
# Prefix the list here with "+" to use these queries and those in the config file. | ||
# queries: ./path/to/local/query, your-org/your-repo/queries@main | ||
|
||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | ||
# If this step fails, then you should remove it and run the build manually (see below) | ||
- name: Autobuild | ||
uses: github/codeql-action/autobuild@v1 | ||
|
||
# ℹ️ Command-line programs to run using the OS shell. | ||
# 📚 https://git.io/JvXDl | ||
|
||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines | ||
# and modify them (or add more) to build your code if your project | ||
# uses a compiled language | ||
|
||
#- run: | | ||
# make bootstrap | ||
# make release | ||
|
||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// Copyright 2021 Authors of KubeArmor | ||
|
||
package cmd | ||
|
||
import ( | ||
"errors" | ||
|
||
"github.com/kubearmor/kubearmor-client/vm" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
var policyOptions vm.PolicyOptions | ||
|
||
// vmPolicyCmd represents the vm command for policy enforcement | ||
var vmPolicyCmd = &cobra.Command{ | ||
Use: "policy", | ||
Short: "policy handling for vm/nonk8s control plane", | ||
Long: `policy handling for vm/nonk8s control plane`, | ||
} | ||
|
||
// vmPolicyAddCmd represents the vm add policy command for policy enforcement | ||
var vmPolicyAddCmd = &cobra.Command{ | ||
Use: "add", | ||
Short: "add policy for vm k8s/nonk8s control plane", | ||
Long: `add policy for vm k8s/nonk8s control plane`, | ||
Args: func(cmd *cobra.Command, args []string) error { | ||
if len(args) < 1 { | ||
return errors.New("requires a path to valid policy YAML as argument") | ||
} | ||
return nil | ||
}, | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if err := vm.PolicyHandling("ADDED", args[0], policyOptions); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
} | ||
|
||
// vmPolicyDeleteCmd represents the vm delete policy command for policy enforcement | ||
var vmPolicyDeleteCmd = &cobra.Command{ | ||
Use: "delete", | ||
Short: "delete policy for vm k8s/nonk8s control plane", | ||
Long: `delete policy for vm k8s/nonk8s control plane`, | ||
Args: func(cmd *cobra.Command, args []string) error { | ||
if len(args) < 1 { | ||
return errors.New("requires a path to valid policy YAML as argument") | ||
} | ||
return nil | ||
}, | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if err := vm.PolicyHandling("DELETED", args[0], policyOptions); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
} | ||
|
||
// ========== // | ||
// == Init == // | ||
// ========== // | ||
|
||
func init() { | ||
vmCmd.AddCommand(vmPolicyCmd) | ||
|
||
// Subcommand for policy command | ||
vmPolicyCmd.AddCommand(vmPolicyAddCmd) | ||
vmPolicyCmd.AddCommand(vmPolicyDeleteCmd) | ||
|
||
// gRPC endpoint flag to communicate with KubeArmor. Available across subcommands. | ||
vmPolicyCmd.PersistentFlags().StringVar(&policyOptions.GRPC, "gRPC", "", "gRPC server information") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// Copyright 2021 Authors of KubeArmor | ||
|
||
package cmd | ||
|
||
import ( | ||
"github.com/kubearmor/kubearmor-client/sysdump" | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
// sysdumpCmd represents the get command | ||
var sysdumpCmd = &cobra.Command{ | ||
Use: "sysdump", | ||
Short: "Collect system dump information for troubleshooting and error report", | ||
Long: `Collect system dump information for troubleshooting and error reports`, | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if err := sysdump.Collect(client); err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
} | ||
|
||
func init() { | ||
rootCmd.AddCommand(sysdumpCmd) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.