KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

modifies the detect enforcer function in the controller

Open swastik959 opened this issue 1 year ago • 4 comments

Purpose of PR?: kubearmor makes use of /sys/kernel/security/lsm to detect enforcer this can be removed as the operator now deploys the snitch which detects the enforcer and adds it to the node label Fixes #1389

Does this PR introduce a breaking change?

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? : Mention if this PR is part of any design or a continuation of previous PRs

Checklist:

  • [ ] Bug fix. Fixes #
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] This change requires a documentation update
  • [ ] PR Title follows the convention of <type>(<scope>): <subject>
  • [ ] Commit has unit tests
  • [ ] Commit has integration tests

swastik959 avatar Nov 06 '23 09:11 swastik959

@swastik959 thanks for your contribution, can you also handle the deployment related changes with this PR itself.

rksharma95 avatar Nov 06 '23 11:11 rksharma95

if someone deploys the kubearmor using the karmor cli then these labels are present.

using the karmor cli then these labels are not present. Correct :+1:

Ankurk99 avatar Nov 13 '23 15:11 Ankurk99

@nyrahul can you create a seperate issue for that I would like to work on it .

swastik959 avatar Nov 14 '23 16:11 swastik959

Folks, FYI kubearmor-client now installs KubeArmor using the operator, since it was a blocker to this PR earlier. cc @swastik959 @rksharma95 @kranurag7

DelusionalOptimist avatar Mar 19 '24 08:03 DelusionalOptimist

Resolved with #1335. Thanks for the PR @swastik959

Aryan-sharma11 avatar Aug 05 '24 11:08 Aryan-sharma11