KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

feat:Adding support for KubeArmorClusterPolicy

Open Prateeknandle opened this issue 9 months ago • 0 comments

Purpose of PR?: Adding support for KubeArmorClusterPolicy

Fixes #1769

Does this PR introduce a breaking change?

If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? : Mention if this PR is part of any design or a continuation of previous PRs

  1. Added a separate watcher WatchClusterSecurityPolicies() for KubeArmorClusterPolicy.
  2. Leverage CreateSecurityPolicy() for creating security policy object:
    • To handle matchExpressions, added NamespaceList to tp.SecurityPolicy.
    • NamespaceList contains list of namespaces on which cluster policy will be enforced.
    • we do all computations w.r.t. matchExpressions in CreateSecurityPolicy().
  3. UpdateSecurityPolicy() is used to update endPoints security policies.

Checklist:

  • [ ] Bug fix. Fixes #
  • [x] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [x] This change requires a documentation update
  • [x] PR Title follows the convention of <type>(<scope>): <subject>
  • [ ] Commit has unit tests
  • [x] Commit has integration tests

Prateeknandle avatar May 30 '24 20:05 Prateeknandle