KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

Rancher Plugin Integration

Open daemon1024 opened this issue 2 years ago • 11 comments

An extension for Rancher Manager (^v2.7.0) which allows you to interact with KubeArmor.

Initial Scope

  • [ ] Installation
  • [ ] Manager to See and apply Policies
    • [ ] Intuitive Form to Create Policies
  • [ ] Recommended Policies
  • [ ] KubeArmor state dashboard
    • [ ] Show and configure default posture/visibility for a pod/namespace.
    • [ ] List KubeArmor/KubeArmorHost policies.
    • [ ] List protected containers/nodes
  • [ ] Alerts/Telemetry leveraging Grafana Stack

Future Items

  • Multi Cluster Integration

Notes :

  • Needs v2.7.0 Rancher, (~~still in RC yet to be stable~~ Released Now 🚀 )
  • About Rancher Extensions - https://docs.ranchermanager.rancher.io/integrations-in-rancher/rancher-extensions
  • Largely based around https://github.com/kubewarden/ui workflow

daemon1024 avatar Nov 17 '22 14:11 daemon1024

WIP at https://github.com/daemon1024/ucy

daemon1024 avatar Nov 17 '22 14:11 daemon1024

Regarding the Form to create policies

I was planning to have the following grouping and inputs

- General
    * Name
    * Namespace
- Policy Details
    * Selector 
    * Tags
    * Message
    * Severity
    * Action
- Process
- File 
- Network

For context this what grouping mean image

Any feedback/inputs here?

daemon1024 avatar Nov 23 '22 19:11 daemon1024

This is nice!

Imo, it would be ok to club "General" and "Policy Details" together. So my assumption is that in the policy details we will have, Policy Name, Namespace, Selector Labels, Tags, Message, Severity.

Process, File, Network will have relevant options.

Is there a config change if a new attribute has to be added or do we have to change the code?

nyrahul avatar Nov 24 '22 02:11 nyrahul

That said I can prolly split it into General and Rules. Since it's going to be one rule at a time anyway 🤔

Is there a config change if a new attribute has to be added or do we have to change the code?

It's a code change for now, I will try to figure out how it could be just a config change later.

daemon1024 avatar Nov 24 '22 05:11 daemon1024

Update: No it will have to be a code change, but since it's filled up of components, would most likely be a copy pasta job if we need to extend it.

Also.

General Tab Done

image

And yeah they convert to actual rules.

image

Yet to figure out how to form Policy Rules,

daemon1024 avatar Nov 24 '22 14:11 daemon1024

Hello @nyrahul and @daemon1024, I'm interested in working on this issue under LFX Spring Mentorship!

im-adithya avatar Feb 17 '23 11:02 im-adithya

Ref #1591

daemon1024 avatar Feb 08 '24 12:02 daemon1024

What's the status of this issue? Is it resolved, or are there pending tasks?

harkiratsm avatar Feb 18 '24 03:02 harkiratsm

Hey @daemon1024 I'm interested in this issue. Since it is under gsoc 2024, I would love to work on with KubeArmor Rancher Plugin.

Nitinshukla88 avatar Feb 22 '24 01:02 Nitinshukla88

hi @daemon1024 @PrimalPimmy @DelusionalOptimist @kranurag7 I have done the setup of Rancher over my Azure AKS cluster, I have installed some tools using Helm:

image

I have also done the installation of KubeArmor on same cluster, I can see my KubeArmor resources deployed on my cluster using Rancher. I do had a prior working experience with Rancher, as I worked with SUSE under Google Summer of Code 2024. But, I want to know more about Plugin integration. Do we need to install Kubearmor as a Rancher extension.

Here, this doc explains about Rancher extension: https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions image

Do we need the same for KubeArmor ?

abhi-bhatra avatar Mar 04 '24 17:03 abhi-bhatra

@daemon1024 i am also interested in this issue for GSoC 2024.

Ayush9026 avatar Mar 07 '24 09:03 Ayush9026