Merge pull request #1903 from DelusionalOptimist/feat/non-k8s-misc

feat: set probe service health
kubearmor · Dec 2, 2024 · a42103e · a42103e
2 parents 1ead4f1 + d889b73
commit a42103e
Showing 1 changed file with 30 additions and 18 deletions.
diff --git a/KubeArmor/core/kubeArmor.go b/KubeArmor/core/kubeArmor.go
@@ -567,8 +567,6 @@ func KubeArmor() {
 	// Un-orchestrated workloads
 	if !dm.K8sEnabled && cfg.GlobalCfg.Policy {
 
-		dm.SetContainerNSVisibility()
-
 		// Check if cri socket set, if not then auto detect
 		if cfg.GlobalCfg.CRISocket == "" {
 			if kl.GetCRISocket("") == "" {
@@ -577,26 +575,39 @@ func KubeArmor() {
 			} else {
 				cfg.GlobalCfg.CRISocket = "unix://" + kl.GetCRISocket("")
 			}
+		} else {
+			// CRI socket supplied by user, check for existence
+			criSocketPath := strings.TrimPrefix(cfg.GlobalCfg.CRISocket, "unix://")
+			_, err := os.Stat(criSocketPath)
+			if err != nil {
+				enableContainerPolicy = false
+				dm.Logger.Warnf("Error while looking for CRI socket file %s", err.Error())
+			}
 		}
 
-		// monitor containers
-		if strings.Contains(cfg.GlobalCfg.CRISocket, "docker") {
-			// update already deployed containers
-			dm.GetAlreadyDeployedDockerContainers()
-			// monitor docker events
-			go dm.MonitorDockerEvents()
-		} else if strings.Contains(cfg.GlobalCfg.CRISocket, "containerd") {
-			// monitor containerd events
-			go dm.MonitorContainerdEvents()
-		} else if strings.Contains(cfg.GlobalCfg.CRISocket, "cri-o") {
-			// monitor crio events
-			go dm.MonitorCrioEvents()
-		} else {
-			dm.Logger.Warnf("Failed to monitor containers: %s is not a supported CRI socket.", cfg.GlobalCfg.CRISocket)
-			enableContainerPolicy = false
+		if enableContainerPolicy {
+			dm.SetContainerNSVisibility()
+
+			// monitor containers
+			if strings.Contains(cfg.GlobalCfg.CRISocket, "docker") {
+				// update already deployed containers
+				dm.GetAlreadyDeployedDockerContainers()
+				// monitor docker events
+				go dm.MonitorDockerEvents()
+			} else if strings.Contains(cfg.GlobalCfg.CRISocket, "containerd") {
+				// monitor containerd events
+				go dm.MonitorContainerdEvents()
+			} else if strings.Contains(cfg.GlobalCfg.CRISocket, "cri-o") {
+				// monitor crio events
+				go dm.MonitorCrioEvents()
+			} else {
+				enableContainerPolicy = false
+				dm.Logger.Warnf("Failed to monitor containers: %s is not a supported CRI socket.", cfg.GlobalCfg.CRISocket)
+			}
+
+			dm.Logger.Printf("Using %s for monitoring containers", cfg.GlobalCfg.CRISocket)
 		}
 
-		dm.Logger.Printf("Using %s for monitoring containers", cfg.GlobalCfg.CRISocket)
 	}
 
 	if dm.K8sEnabled && cfg.GlobalCfg.Policy {
@@ -799,6 +810,7 @@ func KubeArmor() {
 		pb.RegisterProbeServiceServer(dm.Logger.LogServer, probe)
 
 		dm.SetHealthStatus(pb.PolicyService_ServiceDesc.ServiceName, grpc_health_v1.HealthCheckResponse_SERVING)
+		dm.SetHealthStatus(pb.ProbeService_ServiceDesc.ServiceName, grpc_health_v1.HealthCheckResponse_SERVING)
 	}
 
 	reflection.Register(dm.Logger.LogServer) // Helps grpc clients list out what all svc/endpoints available