Merge pull request #1280 from DelusionalOptimist/latest-quickfix

chore: fix failing tests due to old controller script
kubearmor · Jun 26, 2023 · 7ce0284 · 7ce0284
2 parents 9dd6514 + 1b765b5
commit 7ce0284
Show file tree

Hide file tree

Showing 8 changed files with 90 additions and 90 deletions.
diff --git a/.github/workflows/ci-latest-release.yml b/.github/workflows/ci-latest-release.yml
@@ -48,9 +48,6 @@ jobs:
           fi
           RUNTIME=docker ./contribution/k3s/install_k3s.sh
 
-      - name: Install KubeArmor controller
-        run: ./.github/workflows/install-kubearmor-controller.sh
-
       - name: Generate KubeArmor artifacts
         run: GITHUB_SHA=$GITHUB_SHA ./KubeArmor/build/build_kubearmor.sh ${{ steps.vars.outputs.tag }}
 

diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go
@@ -18,7 +18,6 @@ import (
 	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	"github.com/kubearmor/KubeArmor/KubeArmor/monitor"
 	tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
-	get "github.com/kubearmor/KubeArmor/deployments/get"
 	ksp "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1"
 	kspinformer "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/client/informers/externalversions"
 	corev1 "k8s.io/api/core/v1"
@@ -2242,60 +2241,59 @@ func (dm *KubeArmorDaemon) WatchDefaultPosture() {
 
 // WatchConfigMap function
 func (dm *KubeArmorDaemon) WatchConfigMap() {
-	factory := informers.NewSharedInformerFactory(K8s.K8sClient, 0)
+	configMapLabelOption := informers.WithTweakListOptions(func(opts *metav1.ListOptions) {
+		opts.LabelSelector = fmt.Sprintf("kubearmor-app=%s", "kubearmor-configmap")
+	})
+	factory := informers.NewSharedInformerFactoryWithOptions(K8s.K8sClient, 0, configMapLabelOption)
 	informer := factory.Core().V1().ConfigMaps().Informer()
 
 	cmNS := dm.GetConfigMapNS()
 
 	if _, err := informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
 		AddFunc: func(obj interface{}) {
-			if cm, ok := obj.(*corev1.ConfigMap); ok {
-				if cm.Name == get.KubeArmorConfigMapName && cm.Namespace == cmNS {
-					cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
-					cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
-					globalPosture := tp.DefaultPosture{
-						FileAction:         cm.Data[cfg.ConfigDefaultFilePosture],
-						NetworkAction:      cm.Data[cfg.ConfigDefaultNetworkPosture],
-						CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
-					}
-					currentGlobalPosture := tp.DefaultPosture{
-						FileAction:         cfg.GlobalCfg.DefaultFilePosture,
-						NetworkAction:      cfg.GlobalCfg.DefaultNetworkPosture,
-						CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
-					}
-					dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
-					dm.UpdateGlobalPosture(globalPosture)
-
-					// update default posture for endpoints
-					dm.updatEndpointsWithCM(cm, "ADDED")
-					// update visibility for namespaces
-					dm.updateVisibilityWithCM(cm, "ADDED")
+			if cm, ok := obj.(*corev1.ConfigMap); ok && cm.Namespace == cmNS {
+				cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
+				cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
+				globalPosture := tp.DefaultPosture{
+					FileAction:         cm.Data[cfg.ConfigDefaultFilePosture],
+					NetworkAction:      cm.Data[cfg.ConfigDefaultNetworkPosture],
+					CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
+				}
+				currentGlobalPosture := tp.DefaultPosture{
+					FileAction:         cfg.GlobalCfg.DefaultFilePosture,
+					NetworkAction:      cfg.GlobalCfg.DefaultNetworkPosture,
+					CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
 				}
+				dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
+				dm.UpdateGlobalPosture(globalPosture)
+
+				// update default posture for endpoints
+				dm.updatEndpointsWithCM(cm, "ADDED")
+				// update visibility for namespaces
+				dm.updateVisibilityWithCM(cm, "ADDED")
 			}
 		},
 		UpdateFunc: func(_, new interface{}) {
-			if cm, ok := new.(*corev1.ConfigMap); ok {
-				if cm.Name == get.KubeArmorConfigMapName && cm.Namespace == cmNS {
-					cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
-					cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
-					globalPosture := tp.DefaultPosture{
-						FileAction:         cm.Data[cfg.ConfigDefaultFilePosture],
-						NetworkAction:      cm.Data[cfg.ConfigDefaultNetworkPosture],
-						CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
-					}
-					currentGlobalPosture := tp.DefaultPosture{
-						FileAction:         cfg.GlobalCfg.DefaultFilePosture,
-						NetworkAction:      cfg.GlobalCfg.DefaultNetworkPosture,
-						CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
-					}
-					dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
-					dm.UpdateGlobalPosture(globalPosture)
-
-					// update default posture for endpoints
-					dm.updatEndpointsWithCM(cm, "MODIFIED")
-					// update visibility for namespaces
-					dm.updateVisibilityWithCM(cm, "MODIFIED")
+			if cm, ok := new.(*corev1.ConfigMap); ok && cm.Namespace == cmNS {
+				cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
+				cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
+				globalPosture := tp.DefaultPosture{
+					FileAction:         cm.Data[cfg.ConfigDefaultFilePosture],
+					NetworkAction:      cm.Data[cfg.ConfigDefaultNetworkPosture],
+					CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
+				}
+				currentGlobalPosture := tp.DefaultPosture{
+					FileAction:         cfg.GlobalCfg.DefaultFilePosture,
+					NetworkAction:      cfg.GlobalCfg.DefaultNetworkPosture,
+					CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
 				}
+				dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
+				dm.UpdateGlobalPosture(globalPosture)
+
+				// update default posture for endpoints
+				dm.updatEndpointsWithCM(cm, "MODIFIED")
+				// update visibility for namespaces
+				dm.updateVisibilityWithCM(cm, "MODIFIED")
 			}
 		},
 		DeleteFunc: func(obj interface{}) {

diff --git a/KubeArmor/go.mod b/KubeArmor/go.mod
@@ -32,7 +32,6 @@ require (
 	github.com/containerd/typeurl/v2 v2.1.1
 	github.com/docker/docker v23.0.6+incompatible
 	github.com/google/uuid v1.3.0
-	github.com/kubearmor/KubeArmor/deployments v0.0.0-20230510133055-4e30a28b6352
 	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230510133055-4e30a28b6352
 	github.com/kubearmor/KubeArmor/protobuf v0.0.0-20230510133055-4e30a28b6352
 	github.com/opencontainers/runtime-spec v1.1.0-rc.2

diff --git a/...workflows/install-kubearmor-controller.sh → ...ontroller/install-kubearmor-controller.sh b/...workflows/install-kubearmor-controller.sh → ...ontroller/install-kubearmor-controller.sh
@@ -12,5 +12,5 @@ rm -rf LICENSES cmctl.tar.gz
 kubectl apply -f deployments/controller/cert-manager.yaml
 kubectl wait pods --for=condition=ready -n cert-manager -l app.kubernetes.io/instance=cert-manager
 cmctl check api --wait 300s
-kubectl apply -f deployments/controller/kubearmor-controller.yaml
+kubectl apply -f deployments/controller/kubearmor-controller-mutating-webhook-config.yaml
 kubectl wait pods --for=condition=ready -n kube-system -l kubearmor-app=kubearmor-controller
diff --git a/deployments/controller/kubearmor-controller-mutating-webhook-config.yaml b/deployments/controller/kubearmor-controller-mutating-webhook-config.yaml
@@ -10,7 +10,7 @@ spec:
   issuerRef:
     kind: Issuer
     name: kubearmor-controller-selfsigned-issuer
-  secretName: webhook-server-cert
+  secretName: kubearmor-controller-webhook-server-cert
 ---
 apiVersion: cert-manager.io/v1
 kind: Issuer
@@ -26,6 +26,7 @@ metadata:
   annotations:
     cert-manager.io/inject-ca-from: kube-system/kubearmor-controller-serving-cert
   name: kubearmor-controller-mutating-webhook-configuration
+  namespace: kube-system
 webhooks:
 - admissionReviewVersions:
   - v1

diff --git a/deployments/go.mod b/deployments/go.mod
@@ -1,20 +1,21 @@
 module github.com/kubearmor/KubeArmor/deployments
 
-go 1.18
+go 1.20
 
 replace (
 	github.com/kubearmor/KubeArmor => ../
 	github.com/kubearmor/KubeArmor/pkg/KubeArmorController => ../pkg/KubeArmorController
-	github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy => ../pkg/KubeArmorHostPolicy
-	github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy => ../pkg/KubeArmorPolicy
+	k8s.io/api => k8s.io/api v0.26.4
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.4
+	k8s.io/apimachinery => k8s.io/apimachinery v0.26.4
 )
 
 require (
 	github.com/clarketm/json v1.17.1
-	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230510133055-4e30a28b6352
-	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230510133055-4e30a28b6352
-	k8s.io/api v0.27.1
-	k8s.io/apimachinery v0.27.1
+	github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230626060245-4f5b8ac4f298
+	github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298
+	k8s.io/api v0.27.3
+	k8s.io/apimachinery v0.27.3
 	sigs.k8s.io/yaml v1.3.0
 )
 
@@ -29,24 +30,24 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
 	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cast v1.5.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.15.0 // indirect
+	github.com/spf13/viper v1.16.0 // indirect
 	github.com/subosito/gotenv v1.4.2 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.24.0 // indirect
-	golang.org/x/net v0.10.0 // indirect
-	golang.org/x/sys v0.8.0 // indirect
-	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/net v0.11.0 // indirect
+	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/text v0.10.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.27.1 // indirect
+	k8s.io/apiextensions-apiserver v0.27.3 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect