Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

karmor probe should show namespace/host visibility and default posture setting #298

Closed
nyrahul opened this issue Mar 27, 2023 · 2 comments
Closed

karmor probe should show namespace/host visibility and default posture setting #298

nyrahul opened this issue Mar 27, 2023 · 2 comments
Assignees
@Aryan-sharma11
Labels
enhancement New feature or request

Comments

@nyrahul
Copy link
Contributor

nyrahul commented Mar 27, 2023
edited
Loading

KubeArmor has a way to set visibility at host/namespace level similary it can set the default posture at the namespace/host/global level. These settings are configurable and thus should be shown as part of karmor probe.

Found KubeArmor running in Kubernetes                                                                                                                                                                                          
                                                                                                                                                                                                                               
Daemonset :                                                                                                                                                                                                                    
        kubearmor       Desired: 1      Ready: 1        Available: 1                                 
Deployments :                                                                                                  
        kubearmor-annotation-manager    Desired: 1      Ready: 1        Available: 1                 
        kubearmor-host-policy-manager   Desired: 1      Ready: 1        Available: 1                 
        kubearmor-policy-manager        Desired: 1      Ready: 1        Available: 1                 
        kubearmor-relay                 Desired: 1      Ready: 1        Available: 1                 
Containers :                                                                                                   
        kubearmor-annotation-manager-797c848b9c-b6pjh   Running: 2      Image Version: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
        kubearmor-host-policy-manager-57c46bdbc-nkqwn   Running: 2      Image Version: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
        kubearmor-policy-manager-f58b6bf68-s9645        Running: 2      Image Version: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
        kubearmor-pv6pw                                 Running: 1      Image Version: kubearmor/kubearmor:stable               
        kubearmor-relay-645667c695-fprz9                Running: 1      Image Version: kubearmor/kubearmor-relay-server:latest  
Node 1 :                                                                                                       
        OS Image:                       Ubuntu 20.04.5 LTS                                           
        Kernel Version:                 5.15.0-1029-oracle                                           
        Kubelet Version:                v1.22.8                                                      
        Container Runtime:              containerd://1.5.8                                           
        Active LSM:                     AppArmor                                                     
        Host Security:                  false                                                        
        Container Security:             true                                                         
        Container Default Posture:      audit(File)             audit(Capabilities)     audit(Network)
        Host Default Posture:           audit(File)             audit(Capabilities)     audit(Network)
        **Visibility: disabled/process/file/network**
Armored Up pods :                                                                                              
+------------------------------+------------------+-----------+-----------------------------------------------------------+--------+
|          NAMESPACE           | Security Posture | Visibilty |                   NAME                            | POLICY |
+------------------------------+-----------------------------------------------------------+--------+
| config-management-monitoring | otel-collector-74697cf6bd-kh5d4                           |        |
+------------------------------+-----------------------------------------------------------+--------+
| config-management-system     | config-management-operator-6579fb64f5-5wbv5               |        |
+                              +-----------------------------------------------------------+--------+
|                              | reconciler-manager-59d4f8c77b-tlptg                       |        |
+------------------------------+-----------------------------------------------------------+--------+
| nephio-system                | ipam-controller-65fb5fc8d4-qzprq                          |        |
+                              +-----------------------------------------------------------+--------+
|                              | nephio-5gc-controller-594cfd86b8-j9d24                    |        |
+                              +-----------------------------------------------------------+--------+
|                              | nf-injector-controller-66f885d554-7sl86                   |        |
+                              +-----------------------------------------------------------+--------+
|                              | package-deployment-controller-controller-785688cb75-bvx76 |        |
+------------------------------+-----------------------------------------------------------+--------+
::: <snip> :::

In the above text, the Visibility at the node level and Security Posture + Visibility at namespace level are new additions that are expected out of this task.
@nyrahul nyrahul added the good first issue Good for newcomers label Mar 27, 2023
@Aryan-sharma11
Copy link
Member

Hey, I would like to work on this

This was referenced Mar 30, 2023
Closed
Closed
@Aryan-sharma11 Aryan-sharma11 mentioned this issue May 2, 2023
Merged
@nyrahul nyrahul added enhancement New feature or request and removed good first issue Good for newcomers labels Jun 25, 2023
@Aryan-sharma11
Copy link
Member

This issue is resolved with this #310 .

@nyrahul nyrahul closed this as completed Jun 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Aryan-sharma11 Aryan-sharma11

Labels
enhancement New feature or request
Projects
v0.11 Backlog
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added security posture and visibilty column in karmor probe Aryan-sharma11/kubearmor-client
2 participants
@nyrahul @Aryan-sharma11