Skip to content

Commit

Permalink
refactor: decouple kubearmor & deployments
Browse files Browse the repository at this point in the history
Signed-off-by: Rudraksh Pareek <[email protected]>
  • Loading branch information
DelusionalOptimist committed Jun 26, 2023
1 parent d263cec commit f78ee28
Show file tree
Hide file tree
Showing 5 changed files with 87 additions and 87 deletions.
88 changes: 42 additions & 46 deletions KubeArmor/core/kubeUpdate.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
"github.com/kubearmor/KubeArmor/KubeArmor/monitor"
tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
get "github.com/kubearmor/KubeArmor/deployments/get"
ksp "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1"
kspinformer "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/client/informers/externalversions"
corev1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -2242,60 +2241,57 @@ func (dm *KubeArmorDaemon) WatchDefaultPosture() {

// WatchConfigMap function
func (dm *KubeArmorDaemon) WatchConfigMap() {
factory := informers.NewSharedInformerFactory(K8s.K8sClient, 0)
configMapLabelOption := informers.WithTweakListOptions(func(opts *metav1.ListOptions) {
opts.LabelSelector = fmt.Sprintf("kubearmor-app=%s", "kubearmor-configmap")
})
factory := informers.NewSharedInformerFactoryWithOptions(K8s.K8sClient, 0, configMapLabelOption)
informer := factory.Core().V1().ConfigMaps().Informer()

cmNS := dm.GetConfigMapNS()

if _, err := informer.AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: func(obj interface{}) {
if cm, ok := obj.(*corev1.ConfigMap); ok {
if cm.Name == get.KubeArmorConfigMapName && cm.Namespace == cmNS {
cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
globalPosture := tp.DefaultPosture{
FileAction: cm.Data[cfg.ConfigDefaultFilePosture],
NetworkAction: cm.Data[cfg.ConfigDefaultNetworkPosture],
CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
}
currentGlobalPosture := tp.DefaultPosture{
FileAction: cfg.GlobalCfg.DefaultFilePosture,
NetworkAction: cfg.GlobalCfg.DefaultNetworkPosture,
CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
}
dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
dm.UpdateGlobalPosture(globalPosture)

// update default posture for endpoints
dm.updatEndpointsWithCM(cm, "ADDED")
// update visibility for namespaces
dm.updateVisibilityWithCM(cm, "ADDED")
if cm, ok := obj.(*corev1.ConfigMap); ok && cm.Namespace == "kube-system" {
cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
globalPosture := tp.DefaultPosture{
FileAction: cm.Data[cfg.ConfigDefaultFilePosture],
NetworkAction: cm.Data[cfg.ConfigDefaultNetworkPosture],
CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
}
currentGlobalPosture := tp.DefaultPosture{
FileAction: cfg.GlobalCfg.DefaultFilePosture,
NetworkAction: cfg.GlobalCfg.DefaultNetworkPosture,
CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
}
dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
dm.UpdateGlobalPosture(globalPosture)

// update default posture for endpoints
dm.updatEndpointsWithCM(cm, "ADDED")
// update visibility for namespaces
dm.updateVisibilityWithCM(cm, "ADDED")
}
},
UpdateFunc: func(_, new interface{}) {
if cm, ok := new.(*corev1.ConfigMap); ok {
if cm.Name == get.KubeArmorConfigMapName && cm.Namespace == cmNS {
cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
globalPosture := tp.DefaultPosture{
FileAction: cm.Data[cfg.ConfigDefaultFilePosture],
NetworkAction: cm.Data[cfg.ConfigDefaultNetworkPosture],
CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
}
currentGlobalPosture := tp.DefaultPosture{
FileAction: cfg.GlobalCfg.DefaultFilePosture,
NetworkAction: cfg.GlobalCfg.DefaultNetworkPosture,
CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
}
dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
dm.UpdateGlobalPosture(globalPosture)

// update default posture for endpoints
dm.updatEndpointsWithCM(cm, "MODIFIED")
// update visibility for namespaces
dm.updateVisibilityWithCM(cm, "MODIFIED")
if cm, ok := new.(*corev1.ConfigMap); ok && cm.Namespace == "kube-system" {
cfg.GlobalCfg.HostVisibility = cm.Data[cfg.ConfigHostVisibility]
cfg.GlobalCfg.Visibility = cm.Data[cfg.ConfigVisibility]
globalPosture := tp.DefaultPosture{
FileAction: cm.Data[cfg.ConfigDefaultFilePosture],
NetworkAction: cm.Data[cfg.ConfigDefaultNetworkPosture],
CapabilitiesAction: cm.Data[cfg.ConfigDefaultCapabilitiesPosture],
}
currentGlobalPosture := tp.DefaultPosture{
FileAction: cfg.GlobalCfg.DefaultFilePosture,
NetworkAction: cfg.GlobalCfg.DefaultNetworkPosture,
CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
}
dm.Logger.Printf("Current Global Posture is %v", currentGlobalPosture)
dm.UpdateGlobalPosture(globalPosture)

// update default posture for endpoints
dm.updatEndpointsWithCM(cm, "MODIFIED")
// update visibility for namespaces
dm.updateVisibilityWithCM(cm, "MODIFIED")
}
},
DeleteFunc: func(obj interface{}) {
Expand Down
1 change: 0 additions & 1 deletion KubeArmor/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ require (
github.com/containerd/typeurl/v2 v2.1.1
github.com/docker/docker v23.0.6+incompatible
github.com/google/uuid v1.3.0
github.com/kubearmor/KubeArmor/deployments v0.0.0-20230510133055-4e30a28b6352
github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230510133055-4e30a28b6352
github.com/kubearmor/KubeArmor/protobuf v0.0.0-20230510133055-4e30a28b6352
github.com/opencontainers/runtime-spec v1.1.0-rc.2
Expand Down
29 changes: 15 additions & 14 deletions deployments/go.mod
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
module github.com/kubearmor/KubeArmor/deployments

go 1.18
go 1.20

replace (
github.com/kubearmor/KubeArmor => ../
github.com/kubearmor/KubeArmor/pkg/KubeArmorController => ../pkg/KubeArmorController
github.com/kubearmor/KubeArmor/pkg/KubeArmorHostPolicy => ../pkg/KubeArmorHostPolicy
github.com/kubearmor/KubeArmor/pkg/KubeArmorPolicy => ../pkg/KubeArmorPolicy
k8s.io/api => k8s.io/api v0.26.4
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.4
k8s.io/apimachinery => k8s.io/apimachinery v0.26.4
)

require (
github.com/clarketm/json v1.17.1
github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230510133055-4e30a28b6352
github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230510133055-4e30a28b6352
k8s.io/api v0.27.1
k8s.io/apimachinery v0.27.1
github.com/kubearmor/KubeArmor/KubeArmor v0.0.0-20230626060245-4f5b8ac4f298
github.com/kubearmor/KubeArmor/pkg/KubeArmorController v0.0.0-20230626060245-4f5b8ac4f298
k8s.io/api v0.27.3
k8s.io/apimachinery v0.27.3
sigs.k8s.io/yaml v1.3.0
)

Expand All @@ -29,24 +30,24 @@ require (
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/pelletier/go-toml/v2 v2.0.7 // indirect
github.com/pelletier/go-toml/v2 v2.0.8 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.0 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/spf13/viper v1.15.0 // indirect
github.com/spf13/viper v1.16.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
go.uber.org/atomic v1.11.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.24.0 // indirect
golang.org/x/net v0.10.0 // indirect
golang.org/x/sys v0.8.0 // indirect
golang.org/x/text v0.9.0 // indirect
golang.org/x/net v0.11.0 // indirect
golang.org/x/sys v0.9.0 // indirect
golang.org/x/text v0.10.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/apiextensions-apiserver v0.27.1 // indirect
k8s.io/apiextensions-apiserver v0.27.3 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
Expand Down
Loading

0 comments on commit f78ee28

Please sign in to comment.