Merge pull request #256 from PrimalPimmy/block

Added block posture flag in install
kubearmor · Feb 10, 2023 · 47f3670 · 47f3670
2 parents ead8e59 + b1dd398
commit 47f3670
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/cmd/install.go b/cmd/install.go
@@ -30,6 +30,7 @@ func init() {
 	installCmd.Flags().StringVarP(&installOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources")
 	installCmd.Flags().StringVarP(&installOptions.KubearmorImage, "image", "i", "kubearmor/kubearmor:stable", "Kubearmor daemonset image to use")
 	installCmd.Flags().StringVarP(&installOptions.Audit, "audit", "a", "", "Kubearmor Audit Posture Context [all,file,network,capabilities]")
+	installCmd.Flags().StringVarP(&installOptions.Block, "block", "b", "", "Kubearmor Block Posture Context [all,file,network,capabilities]")
 	installCmd.Flags().BoolVar(&installOptions.Save, "save", false, "Save KubeArmor Manifest ")
 
 }
diff --git a/install/install.go b/install/install.go
@@ -33,6 +33,7 @@ type Options struct {
 	Namespace      string
 	KubearmorImage string
 	Audit          string
+	Block          string
 	Force          bool
 	Save           bool
 	Animation      bool
@@ -243,6 +244,15 @@ func K8sInstaller(c *k8s.Client, o Options) error {
 	if o.Audit == "all" || strings.Contains(o.Audit, "capabilities") {
 		daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=audit")
 	}
+	if o.Block == "all" || strings.Contains(o.Block, "file") {
+		daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultFilePosture=block")
+	}
+	if o.Block == "all" || strings.Contains(o.Block, "network") {
+		daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultNetworkPosture=block")
+	}
+	if o.Block == "all" || strings.Contains(o.Block, "capabilities") {
+		daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=block")
+	}
 	s := strings.Join(daemonset.Spec.Template.Spec.Containers[0].Args, " ")
 	printMessage("🛡   KubeArmor DaemonSet"+daemonset.Spec.Template.Spec.Containers[0].Image+s+"  ", true)