Add `karmor probe` as a part of `karmor sysdump`
Ankurk99 opened this issue · comments
Description
Currently karmor sysdump
generated output doesn't contains information about the node's support for KubeArmor (available LSMs, the mode of enforcement, etc.) which are already a part of karmor probe
.
The aim is to get that output as a part of karmor sysdump
Hi @Ankurk99 , the probing for KubeArmor support happens only when KubeArmor is not running isn't it ?
$ karmor probe
Didn't find KubeArmor in systemd or Kubernetes, probing for support for KubeArmor
Host:
Observability/Audit: Supported (Kernel Version 5.15.0)
Enforcement: Full (Supported LSMs: lockdown,capability,landlock,yama,apparmor)
So, when the KubeArmor is not running the new requirement is that the karmor sysdump
creates a new file with the node support information. Or, is there an existing file which we can use like node-info.yaml
?
Hi @Ankurk99, to my understanding this function has to be included into the sysdump file. Is this correct?
As I see, the node information in the give image obtained by running "karmor probe" is to be included into the output dump of "karmor sysdump". Am I correct @Ankurk99 ?
@rootxrishabh Ideally we would love to see everything from the karmor probe
in sysdump
including if the KubeArmor is running fine and the image versions.
Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?
Hey @sheharyaar, not working on this as of now, go ahead : )
Hi @rootxrishabh , are you still working on it ? I would like to take this up. @Ankurk99 are you talking about the output to stdout or to the zip created ?
@sheharyaar Ideally, both.
Thanks for assigning this, will follow up if I have a query or a PR is ready.
I checked that karmor probe
accepts namespace , format string, grpc and other flags. So how do I tackle those in karmor sysdump
do I default the namespace to kubearmor and --full
flag to true, or do I add these flags to sysdump ? @Ankurk99
Also, the probe dump would be in yaml format or just a raw stdout dump (karmor-probe.dump) ?