Merge pull request #822 from Essietom/main

kubearmor · Aug 23, 2022 · cfe270e · cfe270e
2 parents 4455a18 + a520652
commit cfe270e
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 1 deletion.
diff --git a/KubeArmor/common/common.go b/KubeArmor/common/common.go
@@ -430,3 +430,16 @@ func MatchIdentities(identities []string, superIdentities []string) bool {
 	// otherwise, return true
 	return matched
 }
+
+// WriteToFile writes given string to file as JSON
+func WriteToFile(val interface{}, destFile string) error {
+	j, err := json.Marshal(val)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(destFile, j, 0600)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/KubeArmor/core/karmorprobedata.go b/KubeArmor/core/karmorprobedata.go
@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2022 Authors of KubeArmor
+
+package core
+
+import (
+	kl "github.com/kubearmor/KubeArmor/KubeArmor/common"
+	cfg "github.com/kubearmor/KubeArmor/KubeArmor/config"
+	tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
+)
+
+type KarmorData struct {
+	OSImage                 string
+	KernelVersion           string
+	KubeletVersion          string
+	ContainerRuntime        string
+	ActiveLSM               string
+	KernelHeaderPresent     bool
+	HostSecurity            bool
+	ContainerSecurity       bool
+	ContainerDefaultPosture tp.DefaultPosture
+	HostDefaultPosture      tp.DefaultPosture
+}
+
+// SetKarmorData generates runtime configuration for KubeArmor to be consumed by kArmor
+func (dm *KubeArmorDaemon) SetKarmorData() {
+	var kd KarmorData
+
+	kd.ContainerDefaultPosture = tp.DefaultPosture{
+		FileAction:         cfg.GlobalCfg.DefaultFilePosture,
+		NetworkAction:      cfg.GlobalCfg.DefaultNetworkPosture,
+		CapabilitiesAction: cfg.GlobalCfg.DefaultCapabilitiesPosture,
+	}
+	kd.HostDefaultPosture = tp.DefaultPosture{
+		FileAction:         cfg.GlobalCfg.HostDefaultFilePosture,
+		NetworkAction:      cfg.GlobalCfg.HostDefaultNetworkPosture,
+		CapabilitiesAction: cfg.GlobalCfg.HostDefaultCapabilitiesPosture,
+	}
+
+	kd.OSImage = dm.Node.OSImage
+	kd.ContainerRuntime = dm.Node.ContainerRuntimeVersion
+	kd.KernelVersion = dm.Node.KernelVersion
+	kd.KubeletVersion = dm.Node.KubeletVersion
+	kd.ContainerRuntime = dm.Node.ContainerRuntimeVersion
+	if dm.RuntimeEnforcer != nil {
+		kd.ActiveLSM = dm.RuntimeEnforcer.EnforcerType
+
+		if cfg.GlobalCfg.Policy {
+			kd.ContainerSecurity = true
+		}
+		if cfg.GlobalCfg.HostPolicy {
+			kd.HostSecurity = true
+		}
+	}
+	kd.KernelHeaderPresent = true //this is always true since KubeArmor is running
+	err := kl.WriteToFile(kd, "/tmp/karmorProbeData.cfg")
+	if err != nil {
+		dm.Logger.Errf("Error writing karmor config data", err)
+	}
+
+}
diff --git a/KubeArmor/core/kubeArmor.go b/KubeArmor/core/kubeArmor.go
@@ -631,7 +631,7 @@ func KubeArmor() {
 	dm.Logger.Print("Started to serve gRPC-based log feeds")
 
 	// == //
-
+	go dm.SetKarmorData()
 	dm.Logger.Print("Initialized KubeArmor")
 
 	// == //