option names for karmor #76
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
|
Ready for review |
Ankurk99
requested changes
May 28, 2022
cmd/discover.go
Outdated
| discoverCmd.Flags().StringVarP(&discoverOptions.Policy, "policy", "p", "kubearmor", "Type of policies to be discovered: cilium or kubearmor") | ||
| discoverCmd.Flags().StringVar(&discoverOptions.Policy, "class", "", "Type of policies to be discovered: cilium or kubearmor") |
There was a problem hiding this comment.
here "kubearmor" option was provided as a default for the policy flag. You will also need to add a default flag here (application) and change the logic for the same.
|
Please request a review once the PR is fully ready. |
|
@Ankurk99 review pls |
nyrahul
reviewed
Jun 2, 2022
cmd/discover.go
Outdated
| discoverCmd.Flags().StringVarP(&discoverOptions.Format, "format", "f", "json", "Format: json or yaml") | ||
| discoverCmd.Flags().StringVarP(&discoverOptions.Policy, "policy", "p", "kubearmor", "Type of policies to be discovered: cilium or kubearmor") | ||
| discoverCmd.Flags().StringVar(&discoverOptions.Policy, "class", "kubearmor", "Type of policies to be discovered: cilium or kubearmor") |
There was a problem hiding this comment.
The class should be same in discover/insight.
There was a problem hiding this comment.
@nyrahul discover/insight or discover/discover ?
There was a problem hiding this comment.
We will need to have a consistent naming options for discover and insight. Please update cmd/discover.go to have application and network as options and application as default.
There was a problem hiding this comment.
@Ankurk99 I noticed this function . If i update cmd/discover as you requested, wouldn't this eliminate the need for this function?
There was a problem hiding this comment.
Okay, so you will need to remove the cilium if condition and update kubearmor condition with o.Policy == "application" instead
4 tasks
Ankurk99
requested changes
Jun 7, 2022
|
@s1ntaxe770r , please squash the commits into a single one and please re-request reviews if this is ready. Thanks |
|
squashed 👍🏽 |
|
Hey @s1ntaxe770r can you please address the ci-go warning and squash your commits into one? |
|
@Ankurk99 does this look good now? |
|
Hey @s1ntaxe770r, the commits are not squashed yet, can you please do so? |
s1ntaxe770r
force-pushed
the
main
branch
2 times, most recently
from
5d0330e
to
be9cca7
Compare
initial sysdump utility Collect required System Information to troubleshoot issues from the various k8s resources available Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> collect logs from kubearmor pod Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Archive sysdump Create dump files in the temp directory and then archive them into `karmor-sysdump.zip` Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> dump more infromation using exec syscalls added boot-config, ls,m, apparmor, dmesg to dump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> add timestamp to sysdump archive name Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> copy from inside kubearmor pod * Removed host side deps * Used Remote Command executor for streaming file for sysdump ( inspired from kubectl cp ) * Fixed sec vuln for file permission bits Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> volume mount apparmor.d if not minikube env Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add description of annotated pods to sysdump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> concurrently dump resources Fetch all the resources for sysdump concurrently, if there's an empty dump we return err, else if we have dump but there's an error, we create the partial sysdump and return error. Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add pod events to sysdump Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add sysdump usage to README Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> update deps updated direct dependencies pinned archiver dep to latest commit to fix vulnerability in a transitive dep Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> add codeql analysis workflow Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> docs: updates README.md Signed-off-by: Thiago Navarro <navarro@accuknox.com> add namespace flag to install and unistall Increase timeout for lint action Add troubleshoot information in log client Failure to connect to log grpc server is mostly due to not port-forwarding, so added relevant commands in the error message for convenience Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Add eks environment detection Configure daemonset options w.r.t. eks Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> reconfigure daemonset - added k3s support - use maps to store environment specific configuration Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> [VM] Added new command to download vm installation script from kvmsoperator [VM Support]Added option for providing external IP as input Support for VM command : 1. added option to provide namespace 2. option to provide port value Karmor VM support -- Addressed review comments using revive for go-lint [VM Support] Modified code to identify the namespace of kvmservice instead of inputting the same [VM Support] Modified code to identify the namespace of kvmservice instead of inputting the same Fixed protobuf package definition to match the same as KVMService protobuf package Fixed protobuf package definition to match the same as KVMService proto added karmor install --image option fixed lint warnings add GH workflow for just code build fixed gosec issue with kvm option prepare for release 0.3 * cleanup duplicate protobuf * add vm usage to README Signed-off-by: Barun Acharya <barun.acharya@accuknox.com> Modifying/Adding support for karmor to support non-k8s control plane Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com> refactor vm policy boilerplate code added argument validation Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Add policy handling mechanism configure gRPC client in kArmor to send host policy event based on argument policy YAML Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Prepare for release 0.4 - Update README with vm related commands - Remove fork based KubeArmor dep - Remove duplicate VM policy subcommand Signed-off-by: daemon1024 <barun.acharya@accuknox.com> fix: fix mounts for minikube Karmor now works with minikube. Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com> sync with deploygen Signed-off-by: Jaehyun Nam <jn@accuknox.com> add license headers Signed-off-by: Jaehyun Nam <jn@accuknox.com> fix golint issues Signed-off-by: Jaehyun Nam <jn@accuknox.com> clean up whitespaces Signed-off-by: Jaehyun Nam <jn@accuknox.com> add license headers Signed-off-by: Jaehyun Nam <jn@accuknox.com> update Makefile Signed-off-by: Jaehyun Nam <jn@accuknox.com> fix typo Signed-off-by: Jaehyun Nam <jn@accuknox.com> update log Signed-off-by: Jaehyun Nam <jn@accuknox.com> update logClient Signed-off-by: Jaehyun Nam <jn@accuknox.com> Fetch installation deployments from KubeArmor Signed-off-by: daemon1024 <barun.acharya@accuknox.com> new containerImage field added Signed-off-by: Rahul Jadhav <nyrahul@gmail.com> update karmor to use stable KubeArmor release instead of latest Signed-off-by: Ankur Kothiwal <ankur.kothiwal@accuknox.com> update deployment package Signed-off-by: daemon1024 <barun.acharya@accuknox.com> Added new commands and modified existing vm commands for vm onboarding, policy enforcement for nonk8s control plane Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com> Signed-off-by: s1ntaxe770r <jubril@accuknox.com>
nyrahul
requested changes
Oct 1, 2022
| @@ -23,10 +25,12 @@ install: build | |||
| clean: | |||
| cd $(CURDIR); rm -f karmor | |||
|
|
|||
|
|
|||
| @@ -2,16 +2,25 @@ | |||
|
|
|||
| **karmor** is a client tool to help manage [KubeArmor](github.com/kubearmor/KubeArmor). | |||
|
|
|||
|
|
|||
Comment on lines
+8
to
+13
| The following sections show how to install the kArmor. It can be installed either from source, or from pre-built binary releases. | ||
|
|
||
| ### From Script | ||
|
|
||
| kArmor has an installer script that will automatically grab the latest version of kArmor and install it locally. | ||
|
|
There was a problem hiding this comment.
Suggested change
| The following sections show how to install the kArmor. It can be installed either from source, or from pre-built binary releases. | |
| ### From Script | |
| kArmor has an installer script that will automatically grab the latest version of kArmor and install it locally. |
| ``` | ||
|
|
| curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin | ||
| ``` | ||
|
|
||
| ### Installing from Source | ||
|
|
||
| Build karmor from source if you want to test the latest (pre-release) karmor version. | ||
|
|
||
|
|
Co-authored-by: Rahul Jadhav <nyrahul@gmail.com>
Co-authored-by: Rahul Jadhav <nyrahul@gmail.com>
Co-authored-by: Rahul Jadhav <nyrahul@gmail.com>
Co-authored-by: Rahul Jadhav <nyrahul@gmail.com>
|
@yasin-cs-ko-ak Yes, and we need to update the changes to reflect the currect version. For eg insight command is no more there. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes some of the issues described in #66