`karmor probe` output in json format #310

Aryan-sharma11 · 2023-04-25T06:25:24Z

Purpose of PR?:

Does this PR introduce a breaking change?
No

Description
We can get the karmor probe data in json format using karmor probe -f json .

  "Probe Data": {
    "ArmoredPods": {
      "Namespaces": {
        "accuknox-agents": {
          "default_posture": {
            "file": "audit",
            "network": "audit",
            "capabilties": "audit"
          },
          "visibility": {
            "file": true,
            "capabilities": true,
            "process": true,
            "network": true
          },
          "pod_list": [
            {
              "pod_name": "discovery-engine-5b7f44795d-fvzgr",
              "policy": ""
            }
          ]
        },
        "cert-manager": {
          "default_posture": {
            "file": "audit",
            "network": "audit",
            "capabilties": "audit"
          },
          "visibility": {
            "file": true,
            "capabilities": true,
            "process": true,
            "network": true
          },
          "pod_list": [
            {
              "pod_name": "cert-manager-6868fddcb4-zm7sk",
              "policy": ""
            },
            {
              "pod_name": "cert-manager-cainjector-ccb9bc698-bmv9n",
              "policy": ""
            },
            {
              "pod_name": "cert-manager-webhook-8bc4cf7d8-7j8c7",
              "policy": ""
            }
          ]
        },
        "default": {
          "default_posture": {
            "file": "audit",
            "network": "audit",
            "capabilties": "audit"
          },
          "visibility": {
            "file": true,
            "capabilities": true,
            "process": true,
            "network": true
          },
          "pod_list": [
            {
              "pod_name": "nginx-8f458dc5b-8rk76",
              "policy": ""
            }
          ]
        },
        "external-secrets": {
          "default_posture": {
            "file": "audit",
            "network": "audit",
            "capabilties": "audit"
          },
          "visibility": {
            "file": false,
            "capabilities": false,
            "process": true,
            "network": false
          },
          "pod_list": [
            {
              "pod_name": "external-secrets-588748d7c8-l94hz",
              "policy": ""
            },
            {
              "pod_name": "external-secrets-cert-controller-b5b7bc794-rd89b",
              "policy": ""
            },
            {
              "pod_name": "external-secrets-webhook-5f6c98bbd9-bwkzq",
              "policy": ""
            }
          ]
        }
      }
    },
    "Containers": {
      "kubearmor-annotation-manager-85857fc8d7-tj6wl": {
        "running": "2",
        "image_version": "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0"
      },
      "kubearmor-controller-manager-7d84b6c4d9-6b9gn": {
        "running": "2",
        "image_version": "ttl.sh/dsp-controller:24h"
      },
      "kubearmor-host-policy-manager-7b9c9db44-dc89c": {
        "running": "2",
        "image_version": "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0"
      },
      "kubearmor-policy-manager-8569dd9d6f-gd76j": {
        "running": "2",
        "image_version": "gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0"
      },
      "kubearmor-relay-64c6fff875-crbpp": {
        "running": "1",
        "image_version": "kubearmor/kubearmor-relay-server:latest"
      },
      "kubearmor-thlcr": {
        "running": "1",
        "image_version": "kubearmor/kubearmor:stable"
      },
      "kubearmor-wsmzf": {
        "running": "1",
        "image_version": "kubearmor/kubearmor:stable"
      }
    },
    "DaemonsetStatus": {
      "desired": "2",
      "ready": "2",
      "available": "2"
    },
    "Deployments": {
      "kubearmor-annotation-manager": {
        "desired": "1",
        "ready": "1",
        "available": "1"
      },
      "kubearmor-controller-manager": {
        "desired": "1",
        "ready": "1",
        "available": "1"
      },
      "kubearmor-host-policy-manager": {
        "desired": "1",
        "ready": "1",
        "available": "1"
      },
      "kubearmor-policy-manager": {
        "desired": "1",
        "ready": "1",
        "available": "1"
      },
      "kubearmor-relay": {
        "desired": "1",
        "ready": "1",
        "available": "1"
      }
    },
    "Nodes": {
      "Node1": {
        "OSImage": "Ubuntu 18.04.6 LTS",
        "KernelVersion": "5.4.0-1104-azure",
        "KubeletVersion": "v1.24.10",
        "ContainerRuntime": "containerd://1.6.18+azure-1",
        "ActiveLSM": "AppArmor",
        "KernelHeaderPresent": true,
        "HostSecurity": false,
        "ContainerSecurity": true,
        "ContainerDefaultPosture": {
          "file": "audit",
          "network": "audit",
          "capabilties": "audit"
        },
        "HostDefaultPosture": {
          "file": "audit",
          "network": "audit",
          "capabilties": "audit"
        },
        "HostVisibility": "none"
      },
      "Node2": {
        "OSImage": "Ubuntu 18.04.6 LTS",
        "KernelVersion": "5.4.0-1104-azure",
        "KubeletVersion": "v1.24.10",
        "ContainerRuntime": "containerd://1.6.18+azure-1",
        "ActiveLSM": "AppArmor",
        "KernelHeaderPresent": true,
        "HostSecurity": false,
        "ContainerSecurity": true,
        "ContainerDefaultPosture": {
          "file": "audit",
          "network": "audit",
          "capabilties": "audit"
        },
        "HostDefaultPosture": {
          "file": "audit",
          "network": "audit",
          "capabilties": "audit"
        },
        "HostVisibility": "none"
      }
    }
  }

output for karmor probe -f text


Daemonset :
 	kubearmor 	Desired: 1	Ready: 1	Available: 1	
Deployments : 
 	kubearmor-relay     	Desired: 1	Ready: 1	Available: 1	
 	kubearmor-controller	Desired: 1	Ready: 1	Available: 1	
Containers : 
 	kubearmor-relay-5656cc5bf7-htzft    	Running: 1	Image Version: kubearmor/kubearmor-relay-server:latest  	
 	kubearmor-controller-5c955748d-kb6xs	Running: 2	Image Version: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0	
 	kubearmor-74t8s                     	Running: 1	Image Version: kubearmor/kubearmor:stable               	
Node 1 : 
 	OS Image:                 	Ubuntu 22.04.1 LTS	
 	Kernel Version:           	5.19.0-45-generic 	
 	Kubelet Version:          	v1.23.9+k3s1      	
 	Container Runtime:        	docker://24.0.2   	
 	Active LSM:               	AppArmor          	
 	Host Security:            	false             	
 	Container Security:       	true              	
 	Container Default Posture:	audit(File)       	audit(Capabilities)	audit(Network)	
 	Host Default Posture:     	audit(File)       	audit(Capabilities)	audit(Network)	
 	Host Visibility:          	none              	
Armored Up pods : 
+-------------+--------------------------------+------------+--------------------------------------+--------+
|  NAMESPACE  |        DEFAULT POSTURE         | VISIBILITY |                 NAME                 | POLICY |
+-------------+--------------------------------+------------+--------------------------------------+--------+
| multiubuntu |  file (block), capabilities    | file       | ubuntu-3-deployment-59445d6fb7-ns7ql |        |
|             | (audit), Network (audit)       |            |                                      |        |
+             +                                +            +--------------------------------------+--------+
|             |                                |            | ubuntu-5-deployment-6c6b5fccbb-wm98j |        |
|             |                                |            |                                      |        |
+             +                                +            +--------------------------------------+--------+
|             |                                |            | ubuntu-4-deployment-868dd7ddb-rvc7j  |        |
|             |                                |            |                                      |        |
+             +                                +            +--------------------------------------+--------+
|             |                                |            | ubuntu-1-deployment-5bd4dff469-5snlr |        |
|             |                                |            |                                      |        |
+             +                                +            +--------------------------------------+--------+
|             |                                |            | ubuntu-2-deployment-55c894ddb5-6bmtd |        |
|             |                                |            |                                      |        |
+-------------+--------------------------------+------------+--------------------------------------+--------+

cmd/probe.go

probe/probe.go

seswarrajan

Fix all lint errors.

probe/probe.go

nyrahul · 2023-06-27T06:19:22Z

deprecates #301

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>

daemon1024

I have tested it out, Works great for me. I went through the codebase and realised we are printing a lot of stuff inside the function.

Since the JSON here is providing us with the data in a centralised structure, let's avoid printing data inside.

We could avoid side effects and each function is loosely coupled so as we can use them independently as we need them.

probe/probe.go

daemon1024

LGTM, a small refactor suggestion

probe/probe.go

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>

Aryan-sharma11 force-pushed the json-format branch 4 times, most recently from 540aed1 to d738c34 Compare April 26, 2023 07:22

seswarrajan requested review from nyrahul, achrefbensaad, Ankurk99, vishnusomank and seswarrajan April 26, 2023 07:34

Aryan-sharma11 force-pushed the json-format branch from d738c34 to 2fb5100 Compare April 26, 2023 12:11

seswarrajan requested changes Apr 26, 2023

View reviewed changes

cmd/probe.go Outdated Show resolved Hide resolved

vishnusomank requested changes Apr 26, 2023

View reviewed changes

Aryan-sharma11 force-pushed the json-format branch from 2fb5100 to ea6a0c6 Compare April 27, 2023 10:46

Aryan-sharma11 requested review from vishnusomank and seswarrajan April 28, 2023 09:29

seswarrajan reviewed Apr 28, 2023

View reviewed changes

Aryan-sharma11 force-pushed the json-format branch 2 times, most recently from 72f54ae to d0be4bc Compare May 2, 2023 04:10

vishnusomank requested changes May 2, 2023

View reviewed changes

Aryan-sharma11 force-pushed the json-format branch 4 times, most recently from 3263182 to 6b8f259 Compare May 9, 2023 04:20

Aryan-sharma11 requested a review from seswarrajan May 9, 2023 04:43

Aryan-sharma11 force-pushed the json-format branch 2 times, most recently from 212e7cf to 087709d Compare May 25, 2023 12:29

Aryan-sharma11 requested a review from vishnusomank June 1, 2023 05:44

Aryan-sharma11 mentioned this pull request Jun 25, 2023

Added security posture and visibilty column in karmor probe #301

Closed

Added security posture and visibilty column in karmor probe

b5edf3b

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>

Aryan-sharma11 force-pushed the json-format branch 2 times, most recently from 8be7f6f to ea39d08 Compare June 28, 2023 08:38

daemon1024 requested changes Jun 28, 2023

View reviewed changes

probe/probe.go Outdated Show resolved Hide resolved

Aryan-sharma11 force-pushed the json-format branch from b421180 to 372c01e Compare June 28, 2023 12:15

daemon1024 requested changes Jun 28, 2023

View reviewed changes

probe/probe.go Outdated Show resolved Hide resolved

probe/probe.go Outdated Show resolved Hide resolved

Added option for JSON output for karmor probe

5d186ec

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>

Aryan-sharma11 force-pushed the json-format branch from 372c01e to 5d186ec Compare June 28, 2023 14:23

daemon1024 approved these changes Jun 28, 2023

View reviewed changes

daemon1024 merged commit 0ad054c into kubearmor:main Jun 28, 2023
9 checks passed

This was referenced Jun 28, 2023

Karmor probe update to show security posture per namespace #250

Closed

karmor probe should show namespace/host visibility and default posture setting #298

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`karmor probe` output in json format #310

`karmor probe` output in json format #310

Aryan-sharma11 commented Apr 25, 2023 •

edited

Loading

seswarrajan left a comment

nyrahul commented Jun 27, 2023

daemon1024 left a comment

daemon1024 left a comment

karmor probe output in json format #310

karmor probe output in json format #310

Conversation

Aryan-sharma11 commented Apr 25, 2023 • edited Loading

seswarrajan left a comment

Choose a reason for hiding this comment

nyrahul commented Jun 27, 2023

daemon1024 left a comment

Choose a reason for hiding this comment

daemon1024 left a comment

Choose a reason for hiding this comment

`karmor probe` output in json format #310

`karmor probe` output in json format #310

Aryan-sharma11 commented Apr 25, 2023 •

edited

Loading