From 060b05fc61d41d5e2dfa800bd0b1dccba829fa20 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Thu, 25 Jul 2024 17:57:07 -0400 Subject: [PATCH 01/16] Create kubearmor-install.sh Issue #4115 - Workload Runtime Security - installation wrapper script Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 1 + 1 file changed, 1 insertion(+) create mode 100644 agent-install/kubearmor-install.sh diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/agent-install/kubearmor-install.sh @@ -0,0 +1 @@ + From c80d53e79acfd683cdef948ff7f64f63638b77f1 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Fri, 26 Jul 2024 00:24:05 -0400 Subject: [PATCH 02/16] Update kubearmor-install.sh Issue #4115- added steps 1 and 2 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 8b1378917..96a731449 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -1 +1,19 @@ +#!/bin/bash +# Installs the kube armor operator on the Open Horizon cluster agent + +set -e #future: remove? + +echo "Starting KubeArmor installation..." + +# Step 1: Install Helm (if not already installed) +if ! command -v helm &> /dev/null; then + echo "Helm not found, installing Helm..." + curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash +else + echo "Helm is already installed" +fi + +# Step 2: Create a new working directory for a new horizon project +echo "Create a new working directory for a new horizon project" +hzn dev service new -V 1.0.0 -s kubearmor-operator -c cluster From 57249f5b1627f1f8f6df629e37a984164527aea3 Mon Sep 17 00:00:00 2001 From: Sze Yan <89469273+szeyan543@users.noreply.github.com> Date: Fri, 26 Jul 2024 22:20:38 +0800 Subject: [PATCH 03/16] add step 7 - end Signed-off-by: Sze Yan <89469273+szeyan543@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 43 ++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 96a731449..61b35249c 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -17,3 +17,46 @@ fi # Step 2: Create a new working directory for a new horizon project echo "Create a new working directory for a new horizon project" hzn dev service new -V 1.0.0 -s kubearmor-operator -c cluster + +# Step 7: Publish your deployment policy +echo "Publishing your deployment policy" +hzn exchange deployment addpolicy -f horizon/deployment.policy.json kubearmor-operator + +# Step 8: Create a node.policy.json file +echo "Creating node policy file" +cat << 'EOF' > node.policy.json +{ + "properties": [ + { "name": "example", "value": "kubearmor-operator" } + ] +} +EOF + +# Step 9: Register your edge cluster with your new node policy +echo "Registering edge cluster with new node policy" +hznpod register -u $HZN_EXCHANGE_USER_AUTH +cat node.policy.json | hznpod policy update -f- +hznpod policy list + +# Step 10: Check to see the agreement has been created (this can take approximately 15 seconds) +echo "Checking for agreement creation" +sleep 15 +hznpod agreement list + +# Step 11: Check if the operator is up in the cluster +echo "Checking if the operator is up in the cluster" +kubectl get pods -n openhorizon-agent + +# Step 12: Download the sample configuration file +echo "Downloading sample configuration file" +wget https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml -O sample-config.yml + +# Step 13: Modify the sample configuration file to set the namespace to openhorizon-agent +echo "Modifying sample configuration file to set the namespace to openhorizon-agent" +sed -i 's/namespace: .*/namespace: openhorizon-agent/' sample-config.yml + +# Step 14: Apply the modified configuration file +echo "Applying modified configuration file" +kubectl apply -f sample-config.yml + +echo "KubeArmor installation and configuration completed successfully!" \ No newline at end of file From 3f115ebb9d3fba23b6352fe615f62be0662c1555 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Sat, 27 Jul 2024 00:33:17 -0400 Subject: [PATCH 04/16] Update kubearmor-install.sh Issue #4115- added steps 3-6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 56 +++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 61b35249c..1387d0754 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -18,6 +18,60 @@ fi echo "Create a new working directory for a new horizon project" hzn dev service new -V 1.0.0 -s kubearmor-operator -c cluster +# Step 3: Making the Operator file +echo "Making the operator file" +helm repo add kubearmor https://kubearmor.github.io/charts +helm repo update kubearmor +helm template kubearmor/kubearmor-operator -n openhorizon-agent >> kubearmor-operator.yaml + +curl https://raw.githubusercontent.com/kubearmor/KubeArmor/main/deployments/helm/KubeArmorOperator/crds/operator.kubearmor.com_kubearmorconfigs.yaml > kubearmor-crd.yaml + +# Step 4: Compress the .yaml file +echo "Compressing the .yaml helm file" +tar -czvf operator.tar.gz kubearmor-operator.yaml + +# Step 5: Configure the KubeArmor operator +echo "KubeArmor operator config" +kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/deployments/helm/KubeArmorOperator/crds/operator.kubearmor.com_kubearmorconfigs.yaml + +# Step 6: Edit the horizon/service.definition.json file to point to the operator's yaml archive created in the previous step +echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive +# Defining the JSON file +SERVICE_DEF_JSON= "horizon/service.definition.json" +jq '.operatorYamlArchive = "../operator.tar.gz"' $SERVICE_DEF_JSON > temp.json && mv temp.json $SERVICE_DEF_JSON + +# Step 5: Publish operator service +echo "Publishing operator service" +hzn exchange service publish -f horizon/service.definition.json + +# Step 6: Create a deployment policy file: +echo "Creating a deployment.policy.json file" +cat << 'EOF' > horizon/deployment.policy.json +{ + "label": "$SERVICE_NAME Deployment Policy", + "description": "A super-simple sample Horizon Deployment Policy", + "service": { + "name": "$SERVICE_NAME", + "org": "$HZN_ORG_ID", + "arch": "*", + "serviceVersions": [ + { + "version": "$SERVICE_VERSION", + "priority":{} + } + ] + }, + "properties": [ + ], + "constraints": [ + "example == kubearmor-operator" + ], + "userInput": [ + ] +} +EOF + + # Step 7: Publish your deployment policy echo "Publishing your deployment policy" hzn exchange deployment addpolicy -f horizon/deployment.policy.json kubearmor-operator @@ -59,4 +113,4 @@ sed -i 's/namespace: .*/namespace: openhorizon-agent/' sample-config.yml echo "Applying modified configuration file" kubectl apply -f sample-config.yml -echo "KubeArmor installation and configuration completed successfully!" \ No newline at end of file +echo "KubeArmor installation and configuration completed successfully!" From 75f31b93eda7a910053ad48d0881dbfee34fd53c Mon Sep 17 00:00:00 2001 From: Sze Yan <89469273+szeyan543@users.noreply.github.com> Date: Sat, 27 Jul 2024 14:40:46 +0800 Subject: [PATCH 05/16] modify step 10 & 11 Signed-off-by: Sze Yan <89469273+szeyan543@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 1387d0754..7caf42382 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -97,10 +97,31 @@ echo "Checking for agreement creation" sleep 15 hznpod agreement list +# Check if the agreements list is not empty +if [[ -n "$agreements" ]]; then + echo "Agreement created successfully" +else + echo "Failed to create agreement" >&2 + exit 1 +fi + # Step 11: Check if the operator is up in the cluster echo "Checking if the operator is up in the cluster" kubectl get pods -n openhorizon-agent +pod_status=$(kubectl get pods -n openhorizon-agent) +if echo "$pod_status" | grep -q "kubearmor-operator"; then + if echo "$pod_status" | grep "kubearmor-operator" | grep -q "Running"; then + echo "Kubearmor-operator is running" + else + echo "Kubearmor-operator is not in Running state" >&2 + exit 1 + fi +else + echo "Kubearmor-operator pod not found" >&2 + exit 1 +fi + # Step 12: Download the sample configuration file echo "Downloading sample configuration file" wget https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml -O sample-config.yml From 0be04c7404b3830ee005e05bcbc00a39c5ffe57e Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Sat, 27 Jul 2024 10:24:15 -0400 Subject: [PATCH 06/16] Renumbered the steps Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 7caf42382..a508230bc 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -40,11 +40,11 @@ echo "Editing the horizon/service.definition.json file to point to the operator' SERVICE_DEF_JSON= "horizon/service.definition.json" jq '.operatorYamlArchive = "../operator.tar.gz"' $SERVICE_DEF_JSON > temp.json && mv temp.json $SERVICE_DEF_JSON -# Step 5: Publish operator service +# Step 7: Publish operator service echo "Publishing operator service" hzn exchange service publish -f horizon/service.definition.json -# Step 6: Create a deployment policy file: +# Step 8: Create a deployment policy file: echo "Creating a deployment.policy.json file" cat << 'EOF' > horizon/deployment.policy.json { @@ -72,11 +72,11 @@ cat << 'EOF' > horizon/deployment.policy.json EOF -# Step 7: Publish your deployment policy +# Step 9: Publish your deployment policy echo "Publishing your deployment policy" hzn exchange deployment addpolicy -f horizon/deployment.policy.json kubearmor-operator -# Step 8: Create a node.policy.json file +# Step 10: Create a node.policy.json file echo "Creating node policy file" cat << 'EOF' > node.policy.json { @@ -86,13 +86,13 @@ cat << 'EOF' > node.policy.json } EOF -# Step 9: Register your edge cluster with your new node policy +# Step 11: Register your edge cluster with your new node policy echo "Registering edge cluster with new node policy" hznpod register -u $HZN_EXCHANGE_USER_AUTH cat node.policy.json | hznpod policy update -f- hznpod policy list -# Step 10: Check to see the agreement has been created (this can take approximately 15 seconds) +# Step 12: Check to see the agreement has been created (this can take approximately 15 seconds) echo "Checking for agreement creation" sleep 15 hznpod agreement list @@ -105,7 +105,7 @@ else exit 1 fi -# Step 11: Check if the operator is up in the cluster +# Step 13: Check if the operator is up in the cluster echo "Checking if the operator is up in the cluster" kubectl get pods -n openhorizon-agent @@ -122,15 +122,15 @@ else exit 1 fi -# Step 12: Download the sample configuration file +# Step 14: Download the sample configuration file echo "Downloading sample configuration file" wget https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml -O sample-config.yml -# Step 13: Modify the sample configuration file to set the namespace to openhorizon-agent +# Step 15: Modify the sample configuration file to set the namespace to openhorizon-agent echo "Modifying sample configuration file to set the namespace to openhorizon-agent" sed -i 's/namespace: .*/namespace: openhorizon-agent/' sample-config.yml -# Step 14: Apply the modified configuration file +# Step 16: Apply the modified configuration file echo "Applying modified configuration file" kubectl apply -f sample-config.yml From ad9cedb8a367ff4f92136fb3f210c13db0cffe19 Mon Sep 17 00:00:00 2001 From: adhishreekadam Date: Sat, 27 Jul 2024 10:32:26 -0400 Subject: [PATCH 07/16] fixed formatting issue Signed-off-by: adhishreekadam --- agent-install/kubearmor-install.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index a508230bc..7a82bb118 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -35,10 +35,12 @@ echo "KubeArmor operator config" kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/deployments/helm/KubeArmorOperator/crds/operator.kubearmor.com_kubearmorconfigs.yaml # Step 6: Edit the horizon/service.definition.json file to point to the operator's yaml archive created in the previous step -echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive +echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive" # Defining the JSON file -SERVICE_DEF_JSON= "horizon/service.definition.json" -jq '.operatorYamlArchive = "../operator.tar.gz"' $SERVICE_DEF_JSON > temp.json && mv temp.json $SERVICE_DEF_JSON +SERVICE_DEF_JSON="horizon/service.definition.json" +jq '.operatorYamlArchiv = "../operator.tar.gz"' $SERVICE_DEF_JSON > temp.json && mv temp.json $SERVICE_DEF_JSON + + # Step 7: Publish operator service echo "Publishing operator service" From 4ec0bf30cc188aa9b184aaaa6fe929923b5cf5ca Mon Sep 17 00:00:00 2001 From: Sze Yan <89469273+szeyan543@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:11:35 +0800 Subject: [PATCH 08/16] Update step 13 Signed-off-by: Sze Yan <89469273+szeyan543@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 7a82bb118..d00caa6d6 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -96,14 +96,27 @@ hznpod policy list # Step 12: Check to see the agreement has been created (this can take approximately 15 seconds) echo "Checking for agreement creation" -sleep 15 -hznpod agreement list -# Check if the agreements list is not empty -if [[ -n "$agreements" ]]; then - echo "Agreement created successfully" -else - echo "Failed to create agreement" >&2 +max_attempts=5 +attempt=1 +agreements="" + +while [ $attempt -le $max_attempts ]; do + echo "Attempt $attempt of $max_attempts..." + agreements=$(hznpod agreement list) + if [[ -n "$agreements" ]]; then + echo "Agreement created successfully" + echo "$agreements" > agreements_output.txt + break + else + echo "No agreements found. Waiting for 15 seconds before retrying..." + sleep 15 + fi + attempt=$((attempt + 1)) +done + +if [[ -z "$agreements" ]]; then + echo "Failed to create agreement after $max_attempts attempts" >&2 exit 1 fi From 267467c15e175d49ead14013243446ce57b0e37c Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:28:43 -0400 Subject: [PATCH 09/16] Updating step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index d00caa6d6..de039bcb6 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -38,9 +38,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/depl echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive" # Defining the JSON file SERVICE_DEF_JSON="horizon/service.definition.json" -jq '.operatorYamlArchiv = "../operator.tar.gz"' $SERVICE_DEF_JSON > temp.json && mv temp.json $SERVICE_DEF_JSON - - +jq --arg newValue "../operator.tar.gz" '.clusterDeployment.operatorYamlArchive = $../operator.tar.gz' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" # Step 7: Publish operator service echo "Publishing operator service" From 9e46d9a767c5331519fc3b4ac37b19af20da39f3 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:47:57 -0400 Subject: [PATCH 10/16] updating syntax error in step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index de039bcb6..5882bf378 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -38,7 +38,7 @@ kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/depl echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive" # Defining the JSON file SERVICE_DEF_JSON="horizon/service.definition.json" -jq --arg newValue "../operator.tar.gz" '.clusterDeployment.operatorYamlArchive = $../operator.tar.gz' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" +jq --arg newValue "../operator.tar.gz" '.clusterDeployment.operatorYamlArchive = "../operator.tar.gz" "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" # Step 7: Publish operator service echo "Publishing operator service" From 606d26c5e0280c8069392d27c8ee486be899a3d4 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:50:38 -0400 Subject: [PATCH 11/16] Replacing value with a variable in step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 5882bf378..7122038ed 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -38,7 +38,8 @@ kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/depl echo "Editing the horizon/service.definition.json file to point to the operator's yaml archive" # Defining the JSON file SERVICE_DEF_JSON="horizon/service.definition.json" -jq --arg newValue "../operator.tar.gz" '.clusterDeployment.operatorYamlArchive = "../operator.tar.gz" "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" +UPDATED_VAL="../operator.tar.gz" +jq --arg newValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = "$UPDATED_VAL" "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" # Step 7: Publish operator service echo "Publishing operator service" From ec7d3bcdef9d458f11e270b96fe2f4bd685af027 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:51:42 -0400 Subject: [PATCH 12/16] Adding confirmation message to step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 7122038ed..41e86bb0a 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -40,6 +40,7 @@ echo "Editing the horizon/service.definition.json file to point to the operator' SERVICE_DEF_JSON="horizon/service.definition.json" UPDATED_VAL="../operator.tar.gz" jq --arg newValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = "$UPDATED_VAL" "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" +echo "Updated operatorYamlArchive to point to: $NEW_VALUE" # Step 7: Publish operator service echo "Publishing operator service" From 00a57eb713cc80e22249c942b03479cd563619c2 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:54:50 -0400 Subject: [PATCH 13/16] Fixing syntax error in step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 41e86bb0a..777c66e09 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -39,7 +39,7 @@ echo "Editing the horizon/service.definition.json file to point to the operator' # Defining the JSON file SERVICE_DEF_JSON="horizon/service.definition.json" UPDATED_VAL="../operator.tar.gz" -jq --arg newValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = "$UPDATED_VAL" "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" +jq --arg newValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = $UPDATED_VAL' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" echo "Updated operatorYamlArchive to point to: $NEW_VALUE" # Step 7: Publish operator service From a3dd1d1afa85ee60e89a8ba93c3a8d9f1bf3c8a7 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 15:51:25 -0400 Subject: [PATCH 14/16] Update step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 777c66e09..9bd32628c 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -39,7 +39,7 @@ echo "Editing the horizon/service.definition.json file to point to the operator' # Defining the JSON file SERVICE_DEF_JSON="horizon/service.definition.json" UPDATED_VAL="../operator.tar.gz" -jq --arg newValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = $UPDATED_VAL' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" +jq --arg updatedValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = $updatedValue' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" echo "Updated operatorYamlArchive to point to: $NEW_VALUE" # Step 7: Publish operator service From 84694569a2d895f04c7160302b3ab3fd9453f4f0 Mon Sep 17 00:00:00 2001 From: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> Date: Mon, 29 Jul 2024 15:53:34 -0400 Subject: [PATCH 15/16] Update step 6 Signed-off-by: Adhishree Kadam <118783118+adhishreekadam@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index 9bd32628c..c33d61d0b 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -40,7 +40,7 @@ echo "Editing the horizon/service.definition.json file to point to the operator' SERVICE_DEF_JSON="horizon/service.definition.json" UPDATED_VAL="../operator.tar.gz" jq --arg updatedValue "$UPDATED_VAL" '.clusterDeployment.operatorYamlArchive = $updatedValue' "$SERVICE_DEF_JSON" > tmp.json && mv tmp.json "$SERVICE_DEF_JSON" -echo "Updated operatorYamlArchive to point to: $NEW_VALUE" +echo "Updated operatorYamlArchive to point to: $UPDATED_VAL" # Step 7: Publish operator service echo "Publishing operator service" From df5cac25f30a3e2e41d64a2dbc7fd2c208e53842 Mon Sep 17 00:00:00 2001 From: Sze Yan <89469273+szeyan543@users.noreply.github.com> Date: Tue, 30 Jul 2024 23:05:05 +0800 Subject: [PATCH 16/16] Modify step 12 onwards Signed-off-by: Sze Yan <89469273+szeyan543@users.noreply.github.com> --- agent-install/kubearmor-install.sh | 82 ++++++++++++++---------------- 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/agent-install/kubearmor-install.sh b/agent-install/kubearmor-install.sh index c33d61d0b..956ff5192 100644 --- a/agent-install/kubearmor-install.sh +++ b/agent-install/kubearmor-install.sh @@ -97,56 +97,52 @@ hznpod policy list # Step 12: Check to see the agreement has been created (this can take approximately 15 seconds) echo "Checking for agreement creation" -max_attempts=5 -attempt=1 -agreements="" - -while [ $attempt -le $max_attempts ]; do - echo "Attempt $attempt of $max_attempts..." - agreements=$(hznpod agreement list) - if [[ -n "$agreements" ]]; then - echo "Agreement created successfully" - echo "$agreements" > agreements_output.txt - break - else - echo "No agreements found. Waiting for 15 seconds before retrying..." - sleep 15 - fi - attempt=$((attempt + 1)) -done - -if [[ -z "$agreements" ]]; then - echo "Failed to create agreement after $max_attempts attempts" >&2 - exit 1 -fi +#max_attempts=5 +#attempt=1 +#agreements="" + +#while [ $attempt -le $max_attempts ]; do + # echo "Attempt $attempt of $max_attempts..." + #agreements=$(hznpod agreement list) + #if [[ -n "$agreements" ]]; then + # echo "Agreement created successfully" + #echo "$agreements" > agreements_output.txt + #break + #else + #echo "No agreements found. Waiting for 15 seconds before retrying..." + #sleep 15 + #fi + #attempt=$((attempt + 1)) +#done + +#if [[ -z "$agreements" ]]; then + #echo "Failed to create agreement after $max_attempts attempts" >&2 + #exit 1 +#fi + +sleep 15 +hznpod agreement list # Step 13: Check if the operator is up in the cluster echo "Checking if the operator is up in the cluster" kubectl get pods -n openhorizon-agent -pod_status=$(kubectl get pods -n openhorizon-agent) -if echo "$pod_status" | grep -q "kubearmor-operator"; then - if echo "$pod_status" | grep "kubearmor-operator" | grep -q "Running"; then - echo "Kubearmor-operator is running" - else - echo "Kubearmor-operator is not in Running state" >&2 - exit 1 - fi -else - echo "Kubearmor-operator pod not found" >&2 - exit 1 -fi +#pod_status=$(kubectl get pods -n openhorizon-agent) +#if echo "$pod_status" | grep -q "kubearmor-operator"; then + #if echo "$pod_status" | grep "kubearmor-operator" | grep -q "Running"; then + #echo "Kubearmor-operator is running" + #else + #echo "Kubearmor-operator is not in Running state" >&2 + #exit 1 + #fi +#else + #echo "Kubearmor-operator pod not found" >&2 + #exit 1 +#fi # Step 14: Download the sample configuration file echo "Downloading sample configuration file" wget https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml -O sample-config.yml -# Step 15: Modify the sample configuration file to set the namespace to openhorizon-agent -echo "Modifying sample configuration file to set the namespace to openhorizon-agent" -sed -i 's/namespace: .*/namespace: openhorizon-agent/' sample-config.yml - -# Step 16: Apply the modified configuration file -echo "Applying modified configuration file" -kubectl apply -f sample-config.yml - -echo "KubeArmor installation and configuration completed successfully!" +echo "KubeArmor has been deployed!" +echo "Next: Modify the sample configuration file to change the namespace to openhorizon-agent, then apply this policy to deploy all the components of KubeArmor as done by the operator, this sample config can be modified according to the config you want." \ No newline at end of file