Giters

kubearmor / KubeArmor

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

Home Page:https://kubearmor.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Installing the KubeArmorOperator throws an error when the "kubarmor" namespace is not created in the cluster

roopeshsn opened this issue · comments

commented

Bug Report

When I ran commands make, then make manifests, then make docker-build deploy from pkg/KubeArmorOperator the make docker-build deploy command throws an error,

GOBIN=/home/roopesh/go/bin go install sigs.k8s.io/kustomize/kustomize/v5@v5.2.1
/home/roopesh/go/bin/kustomize build config/default | kubectl apply -f -
customresourcedefinition.apiextensions.k8s.io/kubearmorconfigs.operator.kubearmor.com unchanged
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-clusterrole unchanged
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-manage-controller-clusterrole unchanged
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-manage-kubearmor-clusterrole unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-clusterrole-binding unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-manage-controller-clusterrole-binding unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-manage-kubearmor-clusterrole-binding unchanged
Error from server (NotFound): error when creating "STDIN": namespaces "kubearmor" not found
Error from server (NotFound): error when creating "STDIN": namespaces "kubearmor" not found
make: *** [Makefile:120: deploy] Error 1

When I ran the same command after creating the namespace "kubearmor" in the cluster, the command works fine by creating the resources in that namespace.

GOBIN=/home/roopesh/go/bin go install sigs.k8s.io/kustomize/kustomize/v5@v5.2.1
/home/roopesh/go/bin/kustomize build config/default | kubectl apply -f -
customresourcedefinition.apiextensions.k8s.io/kubearmorconfigs.operator.kubearmor.com unchanged
serviceaccount/kubearmor-operator created
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-clusterrole unchanged
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-manage-controller-clusterrole unchanged
clusterrole.rbac.authorization.k8s.io/kubearmor-operator-manage-kubearmor-clusterrole unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-clusterrole-binding unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-manage-controller-clusterrole-binding unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubearmor-operator-manage-kubearmor-clusterrole-binding unchanged
deployment.apps/kubearmor-operator created

I would like to work on this issue if the maintainers want to proceed with it.

commented

Hey @roopeshsn, thanks for opening this.

I think you can add a namespace.yaml in config/operator and include the same under resources block of kustomization.yaml

Please also proceed if you think there's a better way to tackle this.

Ping me if you've any questions.