feat:Adding support for KubeArmorClusterPolicy

Signed-off-by: Prateek Nandle <[email protected]>
kubearmor · Jul 2, 2024 · b29405f · b29405f
1 parent 1fc5a38
commit b29405f
Show file tree

Hide file tree

Showing 57 changed files with 7,067 additions and 128 deletions.
diff --git a/KubeArmor/Makefile b/KubeArmor/Makefile
@@ -46,6 +46,7 @@ build-test: testall
 .PHONY: run
 run: build
 	cd $(CRDDIR); kubectl apply -f KubeArmorPolicy.yaml
+	cd $(CRDDIR); kubectl apply -f KubeArmorClusterPolicy.yaml
 	cd $(CRDDIR); kubectl apply -f KubeArmorHostPolicy.yaml
 	cd $(CURDIR); sudo rm -f /tmp/kubearmor.log
 	cd $(CURDIR)/BPF; make clean

diff --git a/KubeArmor/core/kubeArmor.go b/KubeArmor/core/kubeArmor.go
@@ -725,6 +725,16 @@ func KubeArmor() {
 		}
 		dm.Logger.Print("Started to monitor security policies")
 
+		// watch cluster security policies
+		clusterSecurityPoliciesSynced := dm.WatchClusterSecurityPolicies()
+		if clusterSecurityPoliciesSynced == nil {
+			// destroy the daemon
+			dm.DestroyKubeArmorDaemon()
+
+			return
+		}
+		dm.Logger.Print("Started to monitor cluster security policies")
+
 		// watch default posture
 		defaultPostureSynced := dm.WatchDefaultPosture()
 		if defaultPostureSynced == nil {