Remove kernel security path dependecy for kubearmor-controller

[rksharma95]

Feature Request

Short Description

KubeArmor Controller make use of kernel security path /sys/kernel/security/lsm to detect the enforcer and this dependency can be removed safely now with KubeArmor Operator, as it deploys snitch on the cluster which detects the enforcer and attach this information to node using the labels. KubeArmor Controller can make use of this therefore it's no longer will required kernel security path to be mounted.

Is your feature request related to a problem? Please describe the use case.

It will remove the dependency of a hostpath to be mounted and will improve the securityContext of the deployment.

remove dependency of kernel security path for KubeArmor Controller, get information of the enforcer using:

• node labels, or
• Add label to the KubeArmor Controller itself with the operator and use that.

[swastik959]

hi @rksharma95 as far as looked it up I assume the snitch also uses this dependency to detect enforcer https://github.com/kubearmor/KubeArmor/blob/d350b0e9d269940596af7ec28d12c3408b4754ec/pkg/KubeArmorOperator/cmd/snitch-cmd/main.go#L100 , correct me if I am wrong

[rksharma95]

@swastik959 yes you're right! Snitch make use of security path to detect the enforcer and adds that information to the node labels.

Now Controller no longer needed access to the kernel security path to get the same information, instead it can look for the enforcer detail using node labels.

[RipulHandoo]

Hey @swastik959 , are you still working on this issue?

[swastik959]

Hey @swastik959 , are you still working on this issue?

Actually it will be implemented later on you can see the reviews in the pr

[Aryan-sharma11]

Resolved in PR #1335