diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000000..f0bfe88b25 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,44 @@ +name: goreleaser + +on: + push: + tags: + - "*" + +permissions: + contents: write + +jobs: + goreleaser: + runs-on: ubuntu-18.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Build bcc + run: | + set -x + sudo apt-get update + sudo apt-get -y install build-essential cmake bison flex git python3 python3-pip clang-9 libllvm9 llvm-9-dev libclang-9-dev zlib1g-dev libelf-dev libedit-dev libfl-dev + pushd /tmp + git clone https://github.com/iovisor/bcc.git + mkdir -p bcc/build; cd bcc/build + sudo ln -s /usr/lib/llvm-9 /usr/local/llvm + cmake .. -DPYTHON_CMD=python3 -DCMAKE_INSTALL_PREFIX=/usr + make -j$(nproc) + sudo make install + popd + - name: Set up Go + uses: actions/setup-go@v2 + with: + go-version: 1.17 + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + distribution: goreleaser + version: latest + args: release --rm-dist + workdir: KubeArmor + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 76367e1fc2..11305f3ac9 100644 --- a/.gitignore +++ b/.gitignore @@ -5,5 +5,9 @@ kubearmor .vscode # vagrant -contribution/vagrant/.vagrant +.vagrant contribution/vagrant/ubuntu-*-console.log + +# Packages +*.deb +*.rpm diff --git a/KubeArmor/.goreleaser.yaml b/KubeArmor/.goreleaser.yaml new file mode 100644 index 0000000000..248cb1ad40 --- /dev/null +++ b/KubeArmor/.goreleaser.yaml @@ -0,0 +1,41 @@ +project_name: kubearmor + +builds: + - binary: kubearmor + id: kubearmor + goos: + - linux + goarch: + - amd64 + +nfpms: + - id: "kubearmor" + builds: + - "kubearmor" + formats: + - deb + - rpm + replaces: + - kubearmor + maintainer: "Barun Acharya " + description: | + Cloud-native Runtime Security Enforcement System + vendor: "kubearmor" + homepage: "https://kubearmor.com" + license: "Apache 2" + file_name_template: "{{.ProjectName}}_{{.Version}}_{{.Os}}-{{.Arch}}" + contents: + - dst: /opt/kubearmor + type: dir + - src: ./packaging/kubearmor.conf + dst: /opt/kubearmor/kubearmor.conf + type: config + - src: ./packaging/kubearmor.service + dst: /usr/lib/systemd/system/kubearmor.service + type: config + - src: ./BPF/* + dst: /opt/kubearmor/BPF/ + - src: ./templates/* + dst: /opt/kubearmor/templates/ + scripts: + postinstall: packaging/postinstall.sh diff --git a/KubeArmor/Makefile b/KubeArmor/Makefile index 4ef931b8dd..3b2ec63143 100644 --- a/KubeArmor/Makefile +++ b/KubeArmor/Makefile @@ -89,6 +89,29 @@ ifeq (, $(shell which gosec)) endif cd $(CURDIR); gosec ./... +.PHONY: systemd-deb +systemd-deb: build +ifeq (, $(shell which nfpm)) + @{ \ + set -e ;\ + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest + } +endif + cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) nfpm pkg --packager deb + +.PHONY: systemd-rpm +systemd-rpm: build +ifeq (, $(shell which nfpm)) + @{ \ + set -e ;\ + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest + } +endif + cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) nfpm pkg --packager rpm + +.PHONY: systemd +systemd: systemd-deb systemd-rpm + .PHONY: clean clean: cd $(CURDIR); sudo rm -f kubearmor /tmp/kubearmor.log diff --git a/KubeArmor/nfpm.yaml b/KubeArmor/nfpm.yaml new file mode 100644 index 0000000000..4c1553a02c --- /dev/null +++ b/KubeArmor/nfpm.yaml @@ -0,0 +1,33 @@ +name: "kubearmor" +arch: "${ARCH}" +platform: "linux" +version: "${VERSION}" +section: "default" +priority: "extra" +replaces: + - kubearmor +provides: + - kubearmor +maintainer: "Barun Acharya " +description: | + Cloud-native Runtime Security Enforcement System +vendor: "kubearmor" +homepage: "https://kubearmor.com" +license: "Apache 2" +contents: + - src: ./kubearmor + dst: /usr/local/bin/kubearmor + - dst: /opt/kubearmor + type: dir + - src: ./packaging/kubearmor.conf + dst: /opt/kubearmor/kubearmor.conf + type: config + - src: ./packaging/kubearmor.service + dst: /usr/lib/systemd/system/kubearmor.service + type: config + - src: ./BPF/* + dst: /opt/kubearmor/BPF/ + - src: ./templates/* + dst: /opt/kubearmor/templates/ +scripts: + postinstall: packaging/postinstall.sh \ No newline at end of file diff --git a/KubeArmor/packaging/kubearmor.conf b/KubeArmor/packaging/kubearmor.conf new file mode 100644 index 0000000000..de71ce96fd --- /dev/null +++ b/KubeArmor/packaging/kubearmor.conf @@ -0,0 +1,4 @@ +LOG_PATH=/tmp/kubearmor.log +ENABLE_HOST_POLICY=true +ENABLE_KVM=true +GRPC=32767 diff --git a/KubeArmor/packaging/kubearmor.service b/KubeArmor/packaging/kubearmor.service new file mode 100644 index 0000000000..e25315220c --- /dev/null +++ b/KubeArmor/packaging/kubearmor.service @@ -0,0 +1,13 @@ +[Unit] +Description=KubeArmor + +[Service] +User=root +KillMode=process +EnvironmentFile=/opt/kubearmor/kubearmor.conf +WorkingDirectory=/opt/kubearmor/ +ExecStart=/usr/local/bin/kubearmor -logPath=${LOG_PATH} -enableKubeArmorHostPolicy=${ENABLE_HOST_POLICY} -enableKubeArmorVm=${ENABLE_KVM} -gRPC=${GRPC} + +[Install] +WantedBy=multi-user.target + diff --git a/KubeArmor/packaging/postinstall.sh b/KubeArmor/packaging/postinstall.sh new file mode 100644 index 0000000000..9760e4534c --- /dev/null +++ b/KubeArmor/packaging/postinstall.sh @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright 2021 Authors of KubeArmor +#!/usr/bin/env bash + +set -e + +/bin/systemctl daemon-reload +/bin/systemctl start kubearmor.service