From b92d099f107d0cc12118f79dbe02e9d7b5b5b0d5 Mon Sep 17 00:00:00 2001 From: PrimalPimmy Date: Mon, 6 Feb 2023 21:48:25 +0530 Subject: [PATCH 1/2] Added block posture flag in install Signed-off-by: PrimalPimmy --- cmd/install.go | 1 + install/install.go | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/cmd/install.go b/cmd/install.go index 75453962..51d21551 100644 --- a/cmd/install.go +++ b/cmd/install.go @@ -30,6 +30,7 @@ func init() { installCmd.Flags().StringVarP(&installOptions.Namespace, "namespace", "n", "kube-system", "Namespace for resources") installCmd.Flags().StringVarP(&installOptions.KubearmorImage, "image", "i", "kubearmor/kubearmor:stable", "Kubearmor daemonset image to use") installCmd.Flags().StringVarP(&installOptions.Audit, "audit", "a", "", "Kubearmor Audit Posture Context [all,file,network,capabilities]") + installCmd.Flags().StringVarP(&installOptions.Block, "block", "b", "", "Kubearmor Block Posture Context [all,file,network,capabilities]") installCmd.Flags().BoolVar(&installOptions.Save, "save", false, "Save KubeArmor Manifest ") } diff --git a/install/install.go b/install/install.go index 6c4ae3d1..5642666f 100644 --- a/install/install.go +++ b/install/install.go @@ -33,6 +33,7 @@ type Options struct { Namespace string KubearmorImage string Audit string + Block string Force bool Save bool Animation bool @@ -243,6 +244,15 @@ func K8sInstaller(c *k8s.Client, o Options) error { if o.Audit == "all" || strings.Contains(o.Audit, "capabilities") { daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=audit") } + if o.Block == "all" || strings.Contains(o.Audit, "file") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultFilePosture=block") + } + if o.Block == "all" || strings.Contains(o.Audit, "network") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultNetworkPosture=block") + } + if o.Block == "all" || strings.Contains(o.Audit, "capabilities") { + daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=block") + } s := strings.Join(daemonset.Spec.Template.Spec.Containers[0].Args, " ") printMessage("🛡 KubeArmor DaemonSet"+daemonset.Spec.Template.Spec.Containers[0].Image+s+" ", true) From b1dd398906e0d16a17bcaa0f85a31c156d4f1558 Mon Sep 17 00:00:00 2001 From: PrimalPimmy Date: Tue, 7 Feb 2023 00:27:10 +0530 Subject: [PATCH 2/2] fix Signed-off-by: PrimalPimmy --- install/install.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/install.go b/install/install.go index 5642666f..e8f7ad2e 100644 --- a/install/install.go +++ b/install/install.go @@ -244,13 +244,13 @@ func K8sInstaller(c *k8s.Client, o Options) error { if o.Audit == "all" || strings.Contains(o.Audit, "capabilities") { daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=audit") } - if o.Block == "all" || strings.Contains(o.Audit, "file") { + if o.Block == "all" || strings.Contains(o.Block, "file") { daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultFilePosture=block") } - if o.Block == "all" || strings.Contains(o.Audit, "network") { + if o.Block == "all" || strings.Contains(o.Block, "network") { daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultNetworkPosture=block") } - if o.Block == "all" || strings.Contains(o.Audit, "capabilities") { + if o.Block == "all" || strings.Contains(o.Block, "capabilities") { daemonset.Spec.Template.Spec.Containers[0].Args = append(daemonset.Spec.Template.Spec.Containers[0].Args, "-defaultCapabilitiesPosture=block") } s := strings.Join(daemonset.Spec.Template.Spec.Containers[0].Args, " ")