Merge branch 'main' into installfix

.gitignore

@@ -14,6 +14,6 @@ out/
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
-
+dist/
 # Dependency directories (remove the comment below to include it)
 # vendor/

.goreleaser.yaml

@@ -5,6 +5,7 @@ builds:
     goos:
       - darwin
       - linux
+      - windows
     goarch:
       - amd64
       - arm64

CONTRIBUTING.md

@@ -18,7 +18,7 @@ Contributions are not necessarily in the form of code changes. KubeArmor communi
 
 2. Blogs
 
-   a. Explain The use of KubeArmor-Client's features (KVMService, Event Auditor, Visibility, etc)
+   a. Explain The use of KubeArmor-Client's features (Event Auditor, Visibility, etc)
 
    b. Describe How to use KubeArmor-Client to protect your workload with specific use-cases you may have. Please do not shy away from getting as technical as you can.
 

Makefile

@@ -74,4 +74,14 @@ scan:
 		go install golang.org/x/vuln/cmd/govulncheck@latest ;\
 	fi
 	cd $(CURDIR);\
-	govulncheck -test ./... ;
+	govulncheck -test ./... ;
+
+.PHONY: local-release
+local-release: build
+ifeq (, $(shell which goreleaser))
+	@{ \
+	set -e ;\
+	go install github.com/goreleaser/goreleaser@latest ;\
+	}
+endif
+	cd $(CURDIR); VERSION=$(shell git describe --tags --always --dirty) goreleaser release --clean --skip=publish --skip=sign --skip=validate --snapshot

README.md

@@ -84,7 +84,7 @@ Available Commands:
   sysdump     Collect system dump information for troubleshooting and error report
   uninstall   Uninstall KubeArmor from a Kubernetes Cluster
   version     Display version information
-  vm          VM commands for kvmservice
+  vm          VM commands for non kubernetes/bare metal KubeArmor
 
 Flags:
       --context string      Name of the kubeconfig context to use

cmd/install.go

@@ -65,6 +65,9 @@ func init() {
 	installCmd.Flags().BoolVar(&installOptions.PreserveUpstream, "preserve-upstream", true, "Do not override the image registry when using -r flag, prefix only")
 	installCmd.Flags().StringVarP(&installOptions.Env.Environment, "env", "e", "", "Supported KubeArmor Environment [k0s,k3s,microK8s,minikube,gke,bottlerocket,eks,docker,oke,generic]")
 	installCmd.MarkFlagsMutuallyExclusive("verify", "save")
+	installCmd.Flags().BoolVar(&installOptions.AlertThrottling, "alertThrottling", true, "Enable/Disable Alert Throttling, by default it's enabled")
+	installCmd.Flags().Int32Var(&installOptions.MaxAlertPerSec, "maxAlertPerSec", 10, "Maximum number of alerts required to trigger alert throttling")
+	installCmd.Flags().Int32Var(&installOptions.ThrottleSec, "throttleSec", 30, "Time window(in sec) for which there will be no alerts genrated after alert throttling is triggered")
 	markDeprecated(installCmd, "env", "Only relevant when using legacy")
 	markDeprecated(installCmd, "legacy", "KubeArmor now utilizes operator-based installation. This command may not set up KubeArmor in the intended way.")
 }

cmd/log.go

@@ -33,6 +33,7 @@ func init() {
 	logCmd.Flags().StringVar(&logOptions.LogPath, "logPath", "stdout", "Output location for alerts and logs, {path|stdout|none}")
 	logCmd.Flags().StringVar(&logOptions.LogFilter, "logFilter", "policy", "Filter for what kinds of alerts and logs to receive, {policy|system|all}")
 	logCmd.Flags().BoolVar(&logOptions.JSON, "json", false, "Flag to print alerts and logs in the JSON format")
+	logCmd.Flags().StringVarP(&logOptions.Output, "output", "o", "text", "Output format: text, json, or pretty-json")
 	logCmd.Flags().StringVarP(&logOptions.Namespace, "namespace", "n", "", "k8s namespace filter")
 	logCmd.Flags().StringVar(&logOptions.Operation, "operation", "", "Give the type of the operation (Eg:Process/File/Network)")
 	logCmd.Flags().StringVar(&logOptions.LogType, "logType", "", "Log type you want (Eg:ContainerLog/HostLog) ")

cmd/policy.go

@@ -1,11 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2021 Authors of KubeArmor
+//go:build darwin || (linux && !windows)
 
 package cmd
 
 import (
 	"errors"
-	"net"
 
 	"github.com/kubearmor/kubearmor-client/vm"
 	"github.com/spf13/cobra"
@@ -16,26 +16,23 @@ var policyOptions vm.PolicyOptions
 // vmPolicyCmd represents the vm command for policy enforcement
 var vmPolicyCmd = &cobra.Command{
 	Use:   "policy",
-	Short: "policy handling for bare-metal vm/kvms control plane vm",
-	Long:  `policy handling for bare-metal vm/kvms control plane vm`,
+	Short: "policy handling for non kubernetes/bare metal KubeArmor",
+	Long:  `policy handling for non kubernetes/bare metal KubeArmor`,
 }
 
 // vmPolicyAddCmd represents the vm add policy command for policy enforcement
 var vmPolicyAddCmd = &cobra.Command{
 	Use:   "add",
-	Short: "add policy for bare-metal vm/kvms control plane vm",
-	Long:  `add policy for bare-metal vm/kvms control plane vm`,
+	Short: "add policy for non kubernetes/bare metal KubeArmor",
+	Long:  `add policy for non kubernetes/bare metal KubeArmor`,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) < 1 {
 			return errors.New("requires a path to valid policy YAML as argument")
 		}
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
-		// Create http address
-		httpAddress := "http://" + net.JoinHostPort(HTTPIP, HTTPPort)
-
-		if err := vm.PolicyHandling("ADDED", args[0], policyOptions, httpAddress, IsKvmsEnv); err != nil {
+		if err := vm.PolicyHandling("ADDED", args[0], policyOptions); err != nil {
 			return err
 		}
 		return nil
@@ -45,18 +42,16 @@ var vmPolicyAddCmd = &cobra.Command{
 // vmPolicyDeleteCmd represents the vm delete policy command for policy enforcement
 var vmPolicyDeleteCmd = &cobra.Command{
 	Use:   "delete",
-	Short: "delete policy for bare-metal vm/kvms control plane vm",
-	Long:  `delete policy for bare-metal vm/kvms control plane vm`,
+	Short: "delete policy for non kubernetes/bare metal KubeArmor",
+	Long:  `delete policy for non kubernetes/bare metal KubeArmor`,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) < 1 {
 			return errors.New("requires a path to valid policy YAML as argument")
 		}
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
-		httpAddress := "http://" + net.JoinHostPort(HTTPIP, HTTPPort)
-
-		if err := vm.PolicyHandling("DELETED", args[0], policyOptions, httpAddress, IsKvmsEnv); err != nil {
+		if err := vm.PolicyHandling("DELETED", args[0], policyOptions); err != nil {
 			return err
 		}
 		return nil

cmd/probe.go

@@ -22,8 +22,7 @@ and what KubeArmor features will be supported e.g: observability, enforcement, e
 If KubeArmor is running, It probes which environment KubeArmor is running on (e.g: systemd mode, kubernetes etc.), 
 the supported KubeArmor features in the environment, the pods being handled by KubeArmor and the policies running on each of these pods`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-
-		err := probe.PrintProbeResult(client, probeInstallOptions)
+		err := probe.PrintProbeResultCmd(client, probeInstallOptions)
 		return err
 
 	},
@@ -34,6 +33,6 @@ func init() {
 	probeCmd.Flags().StringVarP(&probeInstallOptions.Namespace, "namespace", "n", "kubearmor", "Namespace for resources")
 	probeCmd.Flags().BoolVar(&probeInstallOptions.Full, "full", false, `If KubeArmor is not running, it deploys a daemonset to have access to more
 information on KubeArmor support in the environment and deletes daemonset after probing`)
-	probeCmd.Flags().StringVarP(&probeInstallOptions.Output, "format", "f", "text", " Format: json or text ")
+	probeCmd.Flags().StringVarP(&probeInstallOptions.Output, "format", "f", "text", "Format: json or text or no-color")
 	probeCmd.Flags().StringVar(&probeInstallOptions.GRPC, "gRPC", "", "GRPC port ")
 }

cmd/vm.go

@@ -4,42 +4,14 @@
 package cmd
 
 import (
-	"fmt"
-
-	"github.com/kubearmor/kubearmor-client/vm"
 	"github.com/spf13/cobra"
 )
 
-var (
-	scriptOptions vm.ScriptOptions
-	// HTTPIP : IP of the http request
-	HTTPIP string
-	// HTTPPort : Port of the http request
-	HTTPPort string
-	//IsKvmsEnv : Is kubearmor virtual machine env?
-	IsKvmsEnv bool
-)
-
 // vmCmd represents the vm command
 var vmCmd = &cobra.Command{
 	Use:   "vm",
-	Short: "VM commands for kvmservice",
-	Long:  `VM commands for kvmservice`,
-}
-
-// vmScriptCmd represents the vm command for script download
-var vmScriptCmd = &cobra.Command{
-	Use:   "getscript",
-	Short: "download vm installation script for kvms control plane",
-	Long:  `download vm installation script for kvms control plane`,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		ip := HTTPIP
-
-		if err := vm.GetScript(client, scriptOptions, ip, IsKvmsEnv); err != nil {
-			return err
-		}
-		return nil
-	},
+	Short: "VM commands for non kubernetes/bare metal KubeArmor",
+	Long:  `VM commands for non kubernetes/bare metal KubeArmor`,
 }
 
 // ========== //
@@ -48,23 +20,6 @@ var vmScriptCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(vmCmd)
-
-	// Options for vm script download
-	vmScriptCmd.Flags().StringVarP(&scriptOptions.Port, "port", "p", "32770", "Port of kvmservice")
-	vmScriptCmd.Flags().StringVarP(&scriptOptions.VMName, "kvm", "v", "", "Name of configured vm")
-	vmScriptCmd.Flags().StringVarP(&scriptOptions.File, "file", "f", "none", "Filename with path to store the configured vm installation script")
-
-	// Marking this flag as markedFlag and mandatory
-	err := vmScriptCmd.MarkFlagRequired("kvm")
-	if err != nil {
-		_ = fmt.Errorf("kvm option not supplied")
-	}
-
-	// options for vm generic commands related to HTTP Request
-	vmCmd.PersistentFlags().StringVar(&HTTPIP, "http-ip", "127.0.0.1", "IP of kvm-service")
-	vmCmd.PersistentFlags().StringVar(&HTTPPort, "http-port", "8000", "Port of kvm-service")
-	vmCmd.PersistentFlags().BoolVar(&IsKvmsEnv, "kvms", false, "Enable if kvms environment/control-plane")
-
 	// All subcommands
-	vmCmd.AddCommand(vmScriptCmd)
+	rootCmd.AddCommand(vmPolicyCmd)
 }