Merge pull request kubearmor#702 from kloudmax/Helm

update helm
daemon1024 · May 24, 2022 · 2eca94d · 2eca94d
2 parents 8a5b9ce + 4df6b4f
commit 2eca94d
Show file tree

Hide file tree

Showing 9 changed files with 181 additions and 340 deletions.
diff --git a/deployments/helm/README.md b/deployments/helm/README.md
@@ -1,21 +1,27 @@
-## Install KubeArmor using helm
-* Install kubearmor via helm, enable/disable kuberarmor relay by specifying either true or false.
-* Specify the namespace.
-* Specify environment depends on your environment like { docker, microk8s, minikube, k3s and generic (GKE, EKS)} by default it is generic.
+## Install KubeArmor
+
+Install KubeArmor using helm
 
 ```
 helm upgrade --install kubearmor . \
     --set kubearmorrelay.enabled=true \
-    --set environment.name=<environment> \
-    --set namespace.name=<namespace>
-
+    --set namespace.name=<namespace> \
+    --set environment.name=<environment>
 ```
-Check if all the pods are up and running.
+* kubearmorrelay.enabled = {true | false} (default: true)
+* namespace.name = [namespace name] (default: kube-system)
+* environment.name = {generic | docker | microk8s | minikube | k3s} (default: generic) / use 'generic' for GKE and EKS
+
+Check if all the pods are up and running
+
 ```
 kubectl get all -n <namespace>
 ```
 
-## To uninstall KubeArmor using helm
+## Remove KubeArmor
+
+Uninstall KubeArmor using helm
+
 ```
 helm uninstall kubearmor
-```
+```
diff --git a/deployments/helm/templates/clusterrolebinding.yaml b/deployments/helm/templates/clusterrolebinding.yaml
@@ -11,5 +11,3 @@ subjects:
 - kind: ServiceAccount
   name: kubearmor
   namespace: {{ .Values.namespace.name }}
-
-
diff --git a/deployments/helm/templates/crd.yaml b/deployments/helm/templates/crd.yaml
@@ -2,7 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.5
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
   name: kubearmorpolicies.security.kubearmor.com
 spec:
   group: security.kubearmor.com
@@ -67,7 +68,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -116,13 +117,13 @@ spec:
                           - Block
                           type: string
                         dir:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)+\/$
+                          pattern: ^\/$|^\/.*\/$
                           type: string
                         fromSource:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -159,7 +160,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -168,7 +169,7 @@ spec:
                         ownerOnly:
                           type: boolean
                         path:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                          pattern: ^\/+.*[^\/]$
                           type: string
                         readOnly:
                           type: boolean
@@ -247,7 +248,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -299,13 +300,13 @@ spec:
                           - Block
                           type: string
                         dir:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)+\/$
+                          pattern: ^\/$|^\/.*\/$
                           type: string
                         fromSource:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -340,7 +341,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -349,7 +350,7 @@ spec:
                         ownerOnly:
                           type: boolean
                         path:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                          pattern: ^\/+.*[^\/]$
                           type: string
                         severity:
                           maximum: 10
@@ -408,56 +409,6 @@ spec:
                       type: string
                     type: object
                 type: object
-              selinux:
-                properties:
-                  action:
-                    enum:
-                    - Allow
-                    - Audit
-                    - Block
-                    type: string
-                  matchVolumeMounts:
-                    items:
-                      properties:
-                        action:
-                          enum:
-                          - Allow
-                          - Audit
-                          - Block
-                          type: string
-                        dir:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)+\/$
-                          type: string
-                        message:
-                          type: string
-                        path:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
-                          type: string
-                        readOnly:
-                          type: boolean
-                        severity:
-                          maximum: 10
-                          minimum: 1
-                          type: integer
-                        tags:
-                          items:
-                            type: string
-                          type: array
-                      type: object
-                    type: array
-                  message:
-                    type: string
-                  severity:
-                    maximum: 10
-                    minimum: 1
-                    type: integer
-                  tags:
-                    items:
-                      type: string
-                    type: array
-                required:
-                - matchVolumeMounts
-                type: object
               severity:
                 maximum: 10
                 minimum: 1
@@ -480,15 +431,13 @@ spec:
     storage: true
     subresources:
       status: {}
-
-
---- 
-
+---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.2.5
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
   name: kubearmorhostpolicies.security.kubearmor.com
 spec:
   group: security.kubearmor.com
@@ -554,7 +503,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -604,13 +553,13 @@ spec:
                           - Block
                           type: string
                         dir:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)+\/$
+                          pattern: ^\/$|^\/.*\/$
                           type: string
                         fromSource:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -647,7 +596,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -656,7 +605,7 @@ spec:
                         ownerOnly:
                           type: boolean
                         path:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                          pattern: ^\/+.*[^\/]$
                           type: string
                         readOnly:
                           type: boolean
@@ -735,14 +684,14 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
                         message:
                           type: string
                         protocol:
-                          pattern: (icmp|ICMP|tcp|TCP|udp|UDP)$
+                          pattern: (icmp|ICMP|tcp|TCP|udp|UDP|raw|RAW)$
                           type: string
                         severity:
                           maximum: 10
@@ -795,13 +744,13 @@ spec:
                           - Block
                           type: string
                         dir:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)+\/$
+                          pattern: ^\/$|^\/.*\/$
                           type: string
                         fromSource:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -836,7 +785,7 @@ spec:
                           items:
                             properties:
                               path:
-                                pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                                pattern: ^\/+.*[^\/]$
                                 type: string
                             type: object
                           type: array
@@ -845,7 +794,7 @@ spec:
                         ownerOnly:
                           type: boolean
                         path:
-                          pattern: ^\/([A-z0-9-_.]+\/)*([A-z0-9-_.]+)$
+                          pattern: ^\/+.*[^\/]$
                           type: string
                         severity:
                           maximum: 10

diff --git a/deployments/helm/templates/deamonset.yaml b/deployments/helm/templates/deamonset.yaml
@@ -75,5 +75,3 @@ spec:
       {{- else }} # generic
         {{- toYaml .Values.kubearmor.volumesGeneric | nindent 8 }}
       {{- end }}
-
-
diff --git a/deployments/helm/templates/deployment.yaml b/deployments/helm/templates/deployment.yaml
@@ -27,9 +27,7 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: kubearmor
 {{- end }}
-
 ---
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -83,10 +81,7 @@ spec:
             memory: 20Mi
       serviceAccountName: kubearmor
       terminationGracePeriodSeconds: 10
-
-
 ---
-
 apiVersion: apps/v1
 kind: Deployment
 metadata:

diff --git a/deployments/helm/templates/hpa.yaml b/deployments/helm/templates/hpa.yaml
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,5 +11,3 @@ subjects:
		- kind: ServiceAccount
		name: kubearmor
		namespace: {{ .Values.namespace.name }}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -75,5 +75,3 @@ spec:
		{{- else }} # generic
		{{- toYaml .Values.kubearmor.volumesGeneric \| nindent 8 }}
		{{- end }}