Skip to content

Commit

Permalink
Added configurable endpoint detection (#495)
Browse files Browse the repository at this point in the history 
* Added configurable endpoint detection

* Modified http helm chart value

* Fixed tests

* Generated unitests with http detection on
  • Loading branch information
@afek854
afek854 authored Sep 16, 2024
1 parent f8f9d99 commit 1699fd5
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 12 deletions.
1 change: 1 addition & 0 deletions charts/kubescape-operator/templates/node-agent/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ data:
"relevantCVEServiceEnabled": {{ eq .Values.capabilities.relevancy "enable" }},
"prometheusExporterEnabled": {{ eq .Values.nodeAgent.config.prometheusExporter "enable" }},
"runtimeDetectionEnabled": {{ eq .Values.capabilities.runtimeDetection "enable" }},
"httpDetectionEnabled": {{ eq .Values.capabilities.httpDetection "enable" }},
"networkServiceEnabled": {{ eq .Values.capabilities.networkPolicyService "enable" }},
"malwareDetectionEnabled": {{ eq .Values.capabilities.malwareDetection "enable" }},
"nodeProfileServiceEnabled": {{ eq .Values.capabilities.nodeProfileService "enable" }},
Expand Down
28 changes: 16 additions & 12 deletions charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ all capabilities:
data:
capabilities: |
{
"capabilities":{"admissionController":"enable","autoUpgrading":"enable","configurationScan":"enable","malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"enable","vulnerabilityScan":"enable"},
"capabilities":{"admissionController":"enable","autoUpgrading":"enable","configurationScan":"enable","httpDetection":"enable","malwareDetection":"enable","networkPolicyService":"enable","nodeProfileService":"enable","nodeScan":"enable","prometheusExporter":"enable","relevancy":"enable","runtimeDetection":"enable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"enable","vulnerabilityScan":"enable"},
"components":{"autoUpdater":{"enabled":true},"clamAV":{"enabled":true},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":true},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}},
"configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
"serviceScanConfig" :{"enabled":false,"interval":"1h"}
Expand Down Expand Up @@ -2699,6 +2699,7 @@ all capabilities:
"relevantCVEServiceEnabled": true,
"prometheusExporterEnabled": false,
"runtimeDetectionEnabled": true,
"httpDetectionEnabled": true,
"networkServiceEnabled": true,
"malwareDetectionEnabled": true,
"nodeProfileServiceEnabled": true,
Expand Down Expand Up @@ -2794,7 +2795,7 @@ all capabilities:
annotations:
checksum/cloud-config: 6b20bdf91cc21bcf1df27f84a619ee215e3ec83f630a09ec9fc657a0282559e1
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/node-agent-config: c6360c008d5f254820750f181c8051bd3530c6cfeacd03d9d990231a93df408f
checksum/node-agent-config: ccadc931c5eae2b874a3fc4169acaaf9dbbe78aa77dfc63e6684708a4977483d
checksum/proxy-config: 887824947998455ea63ac5b04a831b07701da0c0509ea54fc442e3e3f3dfc9ff
container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
labels:
Expand Down Expand Up @@ -3442,7 +3443,7 @@ all capabilities:
template:
metadata:
annotations:
checksum/capabilities-config: 94db06c13e17400bd103d487beddb1b06b34f4c052a01508ea4b4955fe23edbd
checksum/capabilities-config: 2cf4362bfd6d5916bc4119b44cbf888c513620d219fde69716e376027094e4c3
checksum/cloud-config: 6b20bdf91cc21bcf1df27f84a619ee215e3ec83f630a09ec9fc657a0282559e1
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/operator-config: 9288d49e367aa5910aa99826f8be769883ca1968d70e4d462ba88450de6b1773
Expand Down Expand Up @@ -6004,7 +6005,7 @@ default capabilities:
data:
capabilities: |
{
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","httpDetection":"disable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}},
"configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
"serviceScanConfig" :{"enabled":false,"interval":"1h"}
Expand Down Expand Up @@ -8205,6 +8206,7 @@ default capabilities:
"relevantCVEServiceEnabled": true,
"prometheusExporterEnabled": false,
"runtimeDetectionEnabled": false,
"httpDetectionEnabled": false,
"networkServiceEnabled": true,
"malwareDetectionEnabled": false,
"nodeProfileServiceEnabled": false,
Expand Down Expand Up @@ -8264,7 +8266,7 @@ default capabilities:
annotations:
checksum/cloud-config: 83d2370bd782db4cf4cb8c0ca23b398bc11280708b95649f975cb79b78163d66
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/node-agent-config: e2969b3d307566d41e27dc4e7f1bd0583bd371ee32906ce64fcc3fb96d8723ea
checksum/node-agent-config: f3f968b1b246b729fa9f1c2841b6053b859d56084f7886bd212b635162297466
checksum/proxy-config: 887824947998455ea63ac5b04a831b07701da0c0509ea54fc442e3e3f3dfc9ff
container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
labels:
Expand Down Expand Up @@ -8756,7 +8758,7 @@ default capabilities:
template:
metadata:
annotations:
checksum/capabilities-config: 99f0e950da91d93bce67fe60474b1e63080eb013965e5271d26dee5a3e7faae3
checksum/capabilities-config: 06a9d3ec7dee7d822c8edc8c5c37362ca3a2b2b658ee44c8ba03ecc967afe481
checksum/cloud-config: 83d2370bd782db4cf4cb8c0ca23b398bc11280708b95649f975cb79b78163d66
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/operator-config: 410d76528f07a46b94a946c7881be8b883bfcbebb8962528f9b739e4303f377b
Expand Down Expand Up @@ -10893,7 +10895,7 @@ disable otel:
data:
capabilities: |
{
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","httpDetection":"disable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":true},"hostScanner":{"enabled":true},"kollector":{"enabled":true},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":true},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":true},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":true},"storage":{"enabled":true},"synchronizer":{"enabled":true}},
"configurations":{"persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
"serviceScanConfig" :{"enabled":false,"interval":"1h"}
Expand Down Expand Up @@ -12597,6 +12599,7 @@ disable otel:
"relevantCVEServiceEnabled": true,
"prometheusExporterEnabled": false,
"runtimeDetectionEnabled": false,
"httpDetectionEnabled": false,
"networkServiceEnabled": true,
"malwareDetectionEnabled": false,
"nodeProfileServiceEnabled": false,
Expand Down Expand Up @@ -12656,7 +12659,7 @@ disable otel:
annotations:
checksum/cloud-config: 3c10e386a1a4e156594e46fe045faae1823146dbe3b951acc8b93f9c5ac9cf42
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/node-agent-config: e2969b3d307566d41e27dc4e7f1bd0583bd371ee32906ce64fcc3fb96d8723ea
checksum/node-agent-config: f3f968b1b246b729fa9f1c2841b6053b859d56084f7886bd212b635162297466
container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
labels:
app: node-agent
Expand Down Expand Up @@ -13039,7 +13042,7 @@ disable otel:
template:
metadata:
annotations:
checksum/capabilities-config: 39870b411925f7f4c1bab60ade8d0b6b8af47e72bf6ec63bc007e36c13a8f940
checksum/capabilities-config: 8d6e3211c0df5393144f246f4b709622cf72d957aa2c9bd89a027c184bd22863
checksum/cloud-config: 3c10e386a1a4e156594e46fe045faae1823146dbe3b951acc8b93f9c5ac9cf42
checksum/cloud-secret: 5f1867afe94653b7e1f514737c0f5bb8d459d9431307900fb149c1a1e67cc929
checksum/operator-config: 410d76528f07a46b94a946c7881be8b883bfcbebb8962528f9b739e4303f377b
Expand Down Expand Up @@ -14919,7 +14922,7 @@ minimal capabilities:
data:
capabilities: |
{
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"capabilities":{"admissionController":"disable","autoUpgrading":"disable","configurationScan":"enable","httpDetection":"disable","malwareDetection":"disable","networkPolicyService":"enable","nodeProfileService":"disable","nodeScan":"enable","prometheusExporter":"disable","relevancy":"enable","runtimeDetection":"disable","runtimeObservability":"enable","seccompProfileService":"enable","testing":{"nodeAgentMultiplication":{"enabled":false,"replicas":5}},"vexGeneration":"disable","vulnerabilityScan":"enable"},
"components":{"autoUpdater":{"enabled":false},"clamAV":{"enabled":false},"cloudSecret":{"create":true,"name":"cloud-secret"},"customCaCertificates":{"name":"custom-ca-certificates"},"gateway":{"enabled":false},"hostScanner":{"enabled":true},"kollector":{"enabled":false},"kubescape":{"enabled":true},"kubescapeScheduler":{"enabled":false},"kubevuln":{"enabled":true},"kubevulnScheduler":{"enabled":false},"nodeAgent":{"enabled":true},"operator":{"enabled":true},"otelCollector":{"enabled":true},"prometheusExporter":{"enabled":false},"serviceDiscovery":{"enabled":false},"storage":{"enabled":true},"synchronizer":{"enabled":false}},
"configurations":{"otelUrl":"otelCollector:4317","persistence":"enable","priorityClass":{"daemonset":100000100,"enabled":true},"prometheusAnnotations":"disable"} ,
"serviceScanConfig" :{"enabled":false,"interval":"1h"}
Expand Down Expand Up @@ -16020,6 +16023,7 @@ minimal capabilities:
"relevantCVEServiceEnabled": true,
"prometheusExporterEnabled": false,
"runtimeDetectionEnabled": false,
"httpDetectionEnabled": false,
"networkServiceEnabled": true,
"malwareDetectionEnabled": false,
"nodeProfileServiceEnabled": false,
Expand Down Expand Up @@ -16078,7 +16082,7 @@ minimal capabilities:
annotations:
checksum/cloud-config: 16a220fa279006c4f231ac84d1890e2bcf0de0622baee075f21f6cd750ffd9a2
checksum/cloud-secret: 94cd3ee2960bf10c595de9f586bbc88f1703a86f94e32926cd2d6f35e48e9e65
checksum/node-agent-config: 4976d0b1f868514524d083caa3aa50996f7e1d184551b699dc1982b16f1cb19b
checksum/node-agent-config: 44b9c3d227c95a2397bce38ba0b195bf4ae25be1febef313018e724e9bcb72b7
container.apparmor.security.beta.kubernetes.io/node-agent: unconfined
labels:
app: node-agent
Expand Down Expand Up @@ -16458,7 +16462,7 @@ minimal capabilities:
template:
metadata:
annotations:
checksum/capabilities-config: dbde915f8f721c8e191dbf09c76373688a62828694f24d90d1df541b958ea4c7
checksum/capabilities-config: ef44ce762bcd519c0af68f0adef484336dc9249d447b7f0e158d42143a3e07f0
checksum/cloud-config: 16a220fa279006c4f231ac84d1890e2bcf0de0622baee075f21f6cd750ffd9a2
checksum/cloud-secret: 94cd3ee2960bf10c595de9f586bbc88f1703a86f94e32926cd2d6f35e48e9e65
checksum/operator-config: 46db259f2d187223885b1f3aed13170bcbc9c0cc0e9667b104c03e942d1714ad
Expand Down
1 change: 1 addition & 0 deletions charts/kubescape-operator/tests/snapshot_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ tests:
runtimeObservability: enable
networkPolicyService: enable
runtimeDetection: enable
httpDetection: enable
malwareDetection: enable
nodeProfileService: enable
seccompProfileService: enable
Expand Down
1 change: 1 addition & 0 deletions charts/kubescape-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ capabilities:
malwareDetection: disable
nodeProfileService: disable
admissionController: disable
httpDetection: disable
seccompProfileService: enable

# ====== Other capabilities ======
Expand Down

0 comments on commit 1699fd5

Please sign in to comment.