Merge pull request #402 from rootxrishabh/karmorOperator

Enabled operator installation for karmor
kubearmor · Mar 14, 2024 · 8cc3935 · 8cc3935
2 parents 77ffd8d + e3df2ed
commit 8cc3935
Show file tree

Hide file tree

Showing 9 changed files with 1,373 additions and 677 deletions.
diff --git a/.github/workflows/ci-ginkgo-test.yml b/.github/workflows/ci-ginkgo-test.yml
@@ -15,9 +15,9 @@ jobs:
     steps:
       - name: Checkout Source
         uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
-          go-version: "v1.21"
+          go-version-file: './go.mod'
       - name: Create k8s Kind Cluster
         uses: helm/[email protected]
       - name: Test connectivity

diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml
@@ -16,9 +16,9 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v2
 
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
-          go-version: "v1.21"
+          go-version-file: './go.mod'
 
       - name: Build karmor
         run: make
@@ -29,9 +29,9 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v2
 
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
-          go-version: "v1.21"
+          go-version-file: './go.mod'
 
       - name: Check gofmt
         run: make gofmt
@@ -42,9 +42,9 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v2
 
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
-          go-version: "v1.21"
+          go-version-file: './go.mod'
 
       - name: Run Gosec Security Scanner
         run: make gosec
@@ -66,9 +66,9 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v2
 
-      - uses: actions/setup-go@v2
+      - uses: actions/setup-go@v5
         with:
-          go-version: "v1.21"
+          go-version-file: './go.mod'
 
       - name: Run unit tests
         run: make test

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -45,18 +45,22 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
           # By default, queries listed here will override any specified in a config file.
           # Prefix the list here with "+" to use these queries and those in the config file.
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: './go.mod'
+
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -70,4 +74,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
diff --git a/cmd/install.go b/cmd/install.go
@@ -18,35 +18,53 @@ var installCmd = &cobra.Command{
 	Short: "Install KubeArmor in a Kubernetes Cluster",
 	Long:  `Install KubeArmor in a Kubernetes Clusters`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		if err := installOptions.Env.CheckAndSetValidEnvironmentOption(cmd.Flag("env").Value.String()); err != nil {
-			return fmt.Errorf("error in checking environment option: %v", err)
-		}
-		if err := install.K8sInstaller(client, installOptions); err != nil {
-			return err
+		if installOptions.Legacy {
+			if err := installOptions.Env.CheckAndSetValidEnvironmentOption(cmd.Flag("env").Value.String()); err != nil {
+				return fmt.Errorf("error in checking environment option: %v", err)
+			}
+			if err := install.K8sLegacyInstaller(client, installOptions); err != nil {
+				return fmt.Errorf("error installing kubearmor in legacy mode: %v", err)
+			}
+		} else {
+			if err := install.K8sInstaller(client, installOptions); err != nil {
+				return fmt.Errorf("error installing kubearmor: %v", err)
+			}
 		}
 		return nil
 	},
 }
 
+func markDeprecated(cmd *cobra.Command, flag, message string) {
+	if err := cmd.Flags().MarkDeprecated(flag, message); err != nil {
+		fmt.Printf("Error marking '%s' as deprecated: %v\n", flag, err)
+	}
+}
+
 func init() {
 	rootCmd.AddCommand(installCmd)
 
 	installCmd.Flags().StringVarP(&installOptions.Namespace, "namespace", "n", "kubearmor", "Namespace for resources")
 	installCmd.Flags().StringVarP(&installOptions.KubearmorImage, "image", "i", "kubearmor/kubearmor:stable", "Kubearmor daemonset image to use")
 	installCmd.Flags().StringVarP(&installOptions.InitImage, "init-image", "", "kubearmor/kubearmor-init:stable", "Kubearmor daemonset init container image to use")
+	installCmd.Flags().StringVarP(&installOptions.OperatorImage, "operator-image", "", "kubearmor/kubearmor-operator:latest", "Kubearmor operator container image to use")
 	installCmd.Flags().StringVarP(&installOptions.ControllerImage, "controller-image", "", "kubearmor/kubearmor-controller:latest", "Kubearmor controller image to use")
 	installCmd.Flags().StringVarP(&installOptions.RelayImage, "relay-image", "", "kubearmor/kubearmor-relay-server:latest", "Kubearmor relay image to use")
 	installCmd.Flags().StringVarP(&installOptions.KubeArmorTag, "tag", "t", "", "Change image tag/version for default kubearmor images (This will overwrite the tags provided in --image/--init-image)")
 	installCmd.Flags().StringVarP(&installOptions.KubeArmorRelayTag, "relay-tag", "", "", "Change image tag/version for default kubearmor-relay image (This will overwrite the tag provided in --relay-image)")
 	installCmd.Flags().StringVarP(&installOptions.KubeArmorControllerTag, "controller-tag", "", "", "Change image tag/version for default kubearmor-controller image (This will overwrite the tag provided in --controller-image)")
+	installCmd.Flags().StringVarP(&installOptions.KubeArmorOperatorTag, "operator-tag", "", "", "Change image tag/version for default kubearmor-operator image (This will overwrite the tag provided in --operator-image)")
 	installCmd.Flags().StringVarP(&installOptions.Audit, "audit", "a", "", "Kubearmor Audit Posture Context [all,file,network,capabilities]")
 	installCmd.Flags().StringVarP(&installOptions.Block, "block", "b", "", "Kubearmor Block Posture Context [all,file,network,capabilities]")
 	installCmd.Flags().StringVarP(&installOptions.Visibility, "viz", "", "", "Kubearmor Telemetry Visibility [process,file,network,none]")
 	installCmd.Flags().BoolVar(&installOptions.Save, "save", false, "Save KubeArmor Manifest ")
 	installCmd.Flags().BoolVar(&installOptions.Verify, "verify", true, "Verify whether all KubeArmor resources are created, running and also probes whether KubeArmor has armored the cluster or not")
 	installCmd.Flags().BoolVar(&installOptions.Local, "local", false, "Use Local KubeArmor Images (sets ImagePullPolicy to 'IfNotPresent') ")
-	installCmd.Flags().StringVarP(&installOptions.Env.Environment, "env", "e", "", "Supported KubeArmor Environment [k0s,k3s,microK8s,minikube,gke,bottlerocket,eks,docker,oke,generic]")
 	installCmd.Flags().StringVarP(&installOptions.ImageRegistry, "registry", "r", "", "Image registry to use to pull the images")
+	installCmd.Flags().BoolVar(&installOptions.Legacy, "legacy", false, "Installs kubearmor in legacy mode if set to true")
+	installCmd.Flags().BoolVar(&installOptions.SkipDeploy, "skip-deploy", false, "Saves kubearmor operator CR manifest rather than deploying it")
 	installCmd.Flags().BoolVar(&installOptions.PreserveUpstream, "preserve-upstream", true, "Do not override the image registry when using -r flag, prefix only")
-
+	installCmd.Flags().StringVarP(&installOptions.Env.Environment, "env", "e", "", "Supported KubeArmor Environment [k0s,k3s,microK8s,minikube,gke,bottlerocket,eks,docker,oke,generic]")
+	installCmd.MarkFlagsMutuallyExclusive("verify", "save")
+	markDeprecated(installCmd, "env", "Only relevant when using legacy")
+	markDeprecated(installCmd, "legacy", "KubeArmor now utilizes operator-based installation. This command may not set up KubeArmor in the intended way.")
 }
diff --git a/cmd/uninstall.go b/cmd/uninstall.go
@@ -16,8 +16,12 @@ var uninstallCmd = &cobra.Command{
 	Short: "Uninstall KubeArmor from a Kubernetes Cluster",
 	Long:  `Uninstall KubeArmor from a Kubernetes Clusters`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-		err := install.K8sUninstaller(client, uninstallOptions)
-		return err
+		if err := install.K8sUninstaller(client, uninstallOptions); err != nil {
+			if err := install.K8sLegacyUninstaller(client, uninstallOptions); err != nil {
+				return err
+			}
+		}
+		return nil
 	},
 }