operator command crd (#506)

* operator command crd Signed-off-by: Amir Malka <[email protected]>
kubescape · Sep 25, 2024 · 00036e6 · 00036e6
1 parent 59f3f8a
commit 00036e6
Show file tree

Hide file tree

Showing 8 changed files with 284 additions and 8 deletions.
diff --git a/charts/dependency_chart/operatorcommand-crds/Chart.yaml b/charts/dependency_chart/operatorcommand-crds/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: kubescape-operator-command-crd
+description: A Helm chart CRDs for Kubescape Operator commands
+
+type: application
+
+version: 0.0.1
+
+appVersion: "0.0.1"
diff --git a/charts/dependency_chart/operatorcommand-crds/crds/operator-command.crd.yaml b/charts/dependency_chart/operatorcommand-crds/crds/operator-command.crd.yaml
@@ -0,0 +1,87 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: operatorcommands.kubescape.io
+spec:
+  group: kubescape.io
+  names:
+    plural: operatorcommands
+    singular: operatorcommand
+    kind: OperatorCommand
+    shortNames:
+      - opcmd
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                guid:
+                  type: string
+                commandType:
+                  type: string
+                commandVersion:
+                  type: string
+                  nullable: true
+                designators:
+                  type: array
+                  items:
+                    type: object
+                    additionalProperties: true
+                body:
+                  type: string
+                  format: byte
+                  nullable: true
+                ttl:
+                  type: string
+                  format: duration
+                  nullable: true
+                args:
+                  type: object
+                  additionalProperties: true
+                  nullable: true
+                commandIndex:
+                  type: integer
+                  nullable: true
+                commandCount:
+                  type: integer
+                  nullable: true
+            status:
+              type: object
+              properties:
+                started:
+                  type: boolean
+                startedAt:
+                  type: string
+                  format: date-time
+                  nullable: true
+                completed:
+                  type: boolean
+                completedAt:
+                  type: string
+                  format: date-time
+                  nullable: true
+                executer:
+                  type: string
+                  nullable: true
+                error:
+                  type: object
+                  nullable: true
+                  properties:
+                    reason:
+                      type: string
+                      nullable: true
+                    message:
+                      type: string
+                      nullable: true
+                    errorCode:
+                      type: integer
+                      nullable: true
+      subresources:
+        status: {}
diff --git a/charts/dependency_chart/operatorcommand-crds/values.yaml b/charts/dependency_chart/operatorcommand-crds/values.yaml
diff --git a/charts/kubescape-operator/Chart.yaml b/charts/kubescape-operator/Chart.yaml
@@ -50,3 +50,7 @@ dependencies:
     version: 0.0.1
     repository: "file://../dependency_chart/servicescanresult-crds"
     condition: serviceScanConfig.enabled
+  - name: kubescape-operator-command-crd
+    version: 0.0.1
+    repository: "file://../dependency_chart/operatorcommand-crds"
+
diff --git a/charts/kubescape-operator/templates/node-agent/clusterrole.yaml b/charts/kubescape-operator/templates/node-agent/clusterrole.yaml
@@ -8,8 +8,11 @@ metadata:
     {{- include "kubescape-operator.labels" (dict "Chart" .Chart "Release" .Release "Values" .Values "app" .Values.nodeAgent.name "tier" .Values.global.namespaceTier) | nindent 4 }}
 rules:
 - apiGroups: [""]
-  resources: ["pods", "nodes", "services", "endpoints", "namespaces"]
+  resources: ["nodes", "services", "endpoints", "namespaces"]
   verbs: ["get", "watch", "list"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "delete"]
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["get", "watch", "list"]
@@ -28,4 +31,10 @@ rules:
 - apiGroups: ["kubescape.io"]
   resources: ["runtimerulealertbindings"]
   verbs: ["list", "watch"]
+- apiGroups: ["kubescape.io"]
+  resources: ["operatorcommands"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["kubescape.io"]
+  resources: ["operatorcommands/status"]
+  verbs: ["get", "watch", "list", "update", "patch"]
 {{- end }}
diff --git a/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml b/charts/kubescape-operator/templates/synchronizer/clusterrole.yaml
@@ -46,4 +46,7 @@ rules:
   - apiGroups: ["kubescape.io"]
     resources: ["servicesscanresults"]
     verbs: ["get", "watch", "list"]
+  - apiGroups: ["kubescape.io"]
+    resources: ["operatorcommands"]
+    verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 {{- end }}
diff --git a/charts/kubescape-operator/templates/synchronizer/configmap.yaml b/charts/kubescape-operator/templates/synchronizer/configmap.yaml
@@ -192,6 +192,12 @@ data:
             "version": "v1",
             "resource": "servicesscanresults",
             "strategy": "patch"
+          },
+          {
+            "group": "kubescape.io",
+            "version": "v1alpha1",
+            "resource": "operatorcommands",
+            "strategy": "copy"
           }
         ]
       },