Updated install command to receive env as argument

[TheRealSibasishBehera]

Signed-off-by: sibashi fangedhamster3114@gmail.com

Fixes #252

• user can pass no env flag , in such case AutoDetectEnvironment will be called
• if valid environment is passed as flad eg karmor install -e k3s env variable would be manually set

[Prateeknandle]

@TheRealSibasishBehera the ginkgo test ci is updated #264

[TheRealSibasishBehera]

@TheRealSibasishBehera the ginkgo test ci is updated #264

I am new with ginkgo , can you please elaborate what changes i can make to pass the test
In this issue , i have added a new env flag

[Prateeknandle]

hey @TheRealSibasishBehera just update the main branch and merge it with env-check branch

[Prateeknandle]

you can ask on slack for review

[daemon1024]

Thanks a lot for the PR. Find my review inline. Can you please also handle the linter warnings?

[daemon1024]

Hey @TheRealSibasishBehera , LGTM in general. Can you execute and share if it's working as expected? before I merge. Thanks.

[TheRealSibasishBehera]

Thanks for reviewing @daemon1024 , here are 3 cases , 1st when i enter environment manually , second when i pass wrong one , third is when i pass nothing

vagrant@kubearmor-dev2:~/kubearmor-client$ ./kubearmor-client install -e docker
😄  Environment : docker                                                                  
🔥  CRD kubearmorpolicies.security.kubearmor.com                                          
ℹ️   CRD kubearmorpolicies.security.kubearmor.com already exists                           
🔥  CRD kubearmorhostpolicies.security.kubearmor.com                                      
.....

vagrant@kubearmor-dev2:~/kubearmor-client$ ./kubearmor-client install -e dock
Error: error in checking environment option: Invalid environment passed

vagrant@kubearmor-dev2:~/kubearmor-client$ ./kubearmor-client install 
😄  Auto Detected Environment : docker                                                    
🔥  CRD kubearmorpolicies.security.kubearmor.com                                          
ℹ️   CRD kubearmorpolicies.security.kubearmor.com already exists    
.......

[daemon1024]

One more thing to check is can you try.

karmor install -e docker --save
karmor install -e k3s --save

Let's check the daemonset volume mounts to see if both of them are correct.

[TheRealSibasishBehera]

vagrant@kubearmor-dev2:~/kubearmor-client$ ./kubearmor-client install -e docker --save
😄  Environment : docker                                                                  
🛡   KubeArmor DaemonSetkubearmor/kubearmor:stable-gRPC=32767 -enableKubeArmorHostPolicy   
🤩   KubeArmor manifest file saved to /home/vagrant/kubearmor-client/kubearmor.yaml       
🥳  Done Checking , ALL Services are running!                                                                                            
⌚️  Execution Time : 225.007451ms 

vagrant@kubearmor-dev2:~/kubearmor-client$ ./kubearmor-client install -e k3s --save
😄  Environment : k3s                                                                     
🛡   KubeArmor DaemonSetkubearmor/kubearmor:stable-gRPC=32767 -enableKubeArmorHostPolicy   
🤩   KubeArmor manifest file saved to /home/vagrant/kubearmor-client/kubearmor.yaml       
🥳  Done Checking , ALL Services are running!                                                                                            
⌚️  Execution Time : 224.50631ms 

vagrant@kubearmor-dev2:~/kubearmor-client$ kubectl describe daemonset kubearmor -n kube-system
Name:           kubearmor
Selector:       kubearmor-app=kubearmor
Node-Selector:  kubernetes.io/os=linux
Labels:         kubearmor-app=kubearmor
Annotations:    deprecated.daemonset.template.generation: 1
Desired Number of Nodes Scheduled: 1
Current Number of Nodes Scheduled: 1
Number of Nodes Scheduled with Up-to-date Pods: 1
Number of Nodes Scheduled with Available Pods: 1
Number of Nodes Misscheduled: 0
Pods Status:  1 Running / 0 Waiting / 0 Succeeded / 0 Failed
Pod Template:
  Labels:           kubearmor-app=kubearmor
  Annotations:      container.apparmor.security.beta.kubernetes.io/kubearmor: unconfined
  Service Account:  kubearmor
  Init Containers:
   init:
    Image:        kubearmor/kubearmor-init:latest
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:
      /lib/modules from lib-modules-path (ro)
      /media/root/etc/os-release from os-release-path (ro)
      /opt/kubearmor/BPF from bpf (rw)
      /sys/fs/bpf from sys-fs-bpf-path (rw)
      /sys/kernel/debug from sys-kernel-debug-path (rw)
      /sys/kernel/security from sys-kernel-security-path (rw)
      /usr/src from usr-src-path (ro)
  Containers:
   kubearmor:
    Image:      kubearmor/kubearmor:stable
    Port:       32767/TCP
    Host Port:  32767/TCP
    Args:
      -gRPC=32767
      -enableKubeArmorHostPolicy
    Liveness:  exec [/bin/bash -c if [ -z $(pgrep kubearmor) ]; then exit 1; fi;] delay=60s timeout=1s period=10s #success=1 #failure=3
    Environment:
      KUBEARMOR_NODENAME:   (v1:spec.nodeName)
    Mounts:
      /etc/apparmor.d from etc-apparmor-d-path (rw)
      /lib/modules from lib-modules-path (ro)
      /media/root/etc/os-release from os-release-path (ro)
      /opt/kubearmor/BPF from bpf (rw)
      /sys/fs/bpf from sys-fs-bpf-path (rw)
      /sys/kernel/debug from sys-kernel-debug-path (rw)
      /sys/kernel/security from sys-kernel-security-path (rw)
      /usr/src from usr-src-path (ro)
      /var/lib/docker from docker-storage-path (ro)
      /var/run/docker.sock from docker-sock-path (ro)
  Volumes:
   bpf:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:     
    SizeLimit:  <unset>
   lib-modules-path:
    Type:          HostPath (bare host directory volume)
    Path:          /lib/modules
    HostPathType:  DirectoryOrCreate
   sys-fs-bpf-path:
    Type:          HostPath (bare host directory volume)
    Path:          /sys/fs/bpf
    HostPathType:  Directory
   sys-kernel-security-path:
    Type:          HostPath (bare host directory volume)
    Path:          /sys/kernel/security
    HostPathType:  Directory
   sys-kernel-debug-path:
    Type:          HostPath (bare host directory volume)
    Path:          /sys/kernel/debug
    HostPathType:  Directory
   os-release-path:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/os-release
    HostPathType:  File
   usr-src-path:
    Type:          HostPath (bare host directory volume)
    Path:          /usr/src
    HostPathType:  Directory
   etc-apparmor-d-path:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/apparmor.d
    HostPathType:  DirectoryOrCreate
   docker-sock-path:
    Type:          HostPath (bare host directory volume)
    Path:          /var/run/docker.sock
    HostPathType:  Socket
   docker-storage-path:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/docker
    HostPathType:  DirectoryOrCreate
Events:            <none>

can you specify like which volume mounts to check

[daemon1024]

@TheRealSibasishBehera with save we don't install just create a file. As mentioned in the output a file called /home/vagrant/kubearmor-client/kubearmor.yaml is created.

If it's docker you will see docker.sock with k3s it will have something with k3s in it.

[TheRealSibasishBehera]

Makes sense

In case of ./kubearmor-client install -e docker --save i can see docker.sock in DaemonSet

      - hostPath:
          path: /var/run/docker.sock
          type: Socket
        name: docker-sock-path

        - mountPath: /var/run/docker.sock
          name: docker-sock-path

But in the case of ./kubearmor-client install -e k3s --save i can see k3s in hostPath in DaemonSet but not in any mountPath

      - hostPath:
          path: /run/k3s/containerd/containerd.sock
          type: Socket
        name: containerd-sock-path
      - hostPath:
          path: /run/k3s/containerd
          type: DirectoryOrCreate
        name: containerd-storage-path

in its MountPath i can see containerd

      readOnly: true
      - mountPath: /usr/src
        name: usr-src-path
        readOnly: true
      - mountPath: /etc/apparmor.d
        name: etc-apparmor-d-path
      - mountPath: /var/run/containerd/containerd.sock
        name: containerd-sock-path
        readOnly: true
      - mountPath: /run/containerd
        name: containerd-storage-path
        readOnly: true

could it be becasuse k3s uses containerd ?

[daemon1024]

Yup this looks as expected.

[daemon1024]

Thanks a lot for working on it and seeing this through 🚀