Merge branch 'dev' into discover

Author: Ankurk99

knox-auto-policy-chart/.helmignore deployments/helm/.helmignore

@@ -0,0 +1,19 @@
+{{- if .Values.configmapAutoPolicyDiscovery.enabled -}}
+apiVersion: v1 
+kind: ConfigMap 
+metadata: 
+  name: {{ .Values.labels.app }}-config
+data:
+  conf.yaml: {{ tpl (.Files.Get  .Values.configmapAutoPolicyDiscovery.conf) . | quote }}
+{{- end }}
+
+---
+{{- if not .Values.configmapAutoPolicyDiscovery.enabled -}}
+apiVersion: v1 
+kind: ConfigMap 
+metadata: 
+  name: {{ .Values.labels.app }}-config
+data:
+  conf.yaml: |-
+{{ toYaml .Values.config | indent 4 }}
+{{- end }}

knox-auto-policy-chart/Chart.yaml deployments/helm/Chart.yaml

@@ -2,7 +2,7 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
-replicaCount: 2
+replicaCount: 1
 
 image:
   repository: gcr.io/mimetic-kit-294408/production/knoxautopolicy

knox-auto-policy-chart/configmapfiles/conf.yaml deployments/helm/configmapfiles/conf.yaml

@@ -1,5 +1,34 @@
 #!/bin/bash
 
-DATA='{"policytype": "system"}'
+## Run script command in below format"
+## ./scripts/convery_sys_policy.sh --clustername default --namespace wordpress-mysql --labels app=mysql
+
+usage() 
+{
+	cat << EOF
+Usage: $0 <options>
+
+Options could be:
+--clustername <clustername>
+--namespace <namespace>
+--labels <set-of-labels> ... for e.g. --labels "xyz=123,abc=456"
+EOF
+	exit 1
+}
+
+OPTS=`getopt -o s: --long clustername: --long namespace: --long labels: -n 'parse-options' -- "$@"`
+eval set -- "$OPTS"
+while true; do
+    case "$1" in
+        --clustername ) CLUSTER_NAME="$2"; shift 2;;
+        --namespace ) NAMESPACE="$2"; shift 2;;
+        --labels ) LABELS="$2"; shift 2;;
+        -- ) shift; break ;;
+        * ) break ;;
+    esac
+done
+##[[ "$REQUEST" == "" ]] && echo "request type [observe|dbclear] not found." && usage
+
+DATA='{"policytype": "system", "clustername": "'$CLUSTER_NAME'", "namespace":"'$NAMESPACE'", "labels":"'$LABELS'"}'
 
 grpcurl -plaintext -d "$DATA" localhost:9089 v1.worker.Worker.Convert

knox-auto-policy-chart/templates/_helpers.tpl deployments/helm/templates/_helpers.tpl

@@ -1,6 +1,6 @@
 ### Builder
 
-FROM artifactory.accuknox.com/accuknox/golang:1.15.3-buster as builder
+FROM artifactory.accuknox.com/accuknox/golang:1.18.0-bullseye as builder
 
 WORKDIR /usr/src/knox
 

knox-auto-policy-chart/templates/deployment.yaml deployments/helm/templates/deployment.yaml

@@ -1,6 +1,6 @@
 ### Builder
 
-FROM golang:1.15.3-buster as builder
+FROM golang:1.18.0-bullseye as builder
 
 WORKDIR /usr/src/knox
 

deployments/helm/templates/dev-config.yaml

@@ -294,6 +294,10 @@ func GetServicesFromK8sClient() []types.Service {
 			k8sService.Labels = append(k8sService.Labels, k+"="+v)
 		}
 
+		for _, ip := range svc.Spec.ExternalIPs {
+			k8sService.ExternalIPs = append(k8sService.ExternalIPs, ip)
+		}
+
 		for _, port := range svc.Spec.Ports {
 			k8sService.ClusterIP = string(svc.Spec.ClusterIP)
 			k8sService.Protocol = string(port.Protocol)

knox-auto-policy-chart/templates/hpa.yaml deployments/helm/templates/hpa.yaml

@@ -130,7 +130,7 @@ func LoadConfigFromFile() {
 		NetworkPolicyDir: viper.GetString("application.network.network-policy-dir"),
 
 		NetPolicyTypes:     3,
-		NetPolicyRuleTypes: 511,
+		NetPolicyRuleTypes: 1023,
 		NetPolicyCIDRBits:  32,
 
 		NetLogFilters: []types.NetworkLogFilter{},

knox-auto-policy-chart/templates/kafka-secret.yaml deployments/helm/templates/kafka-secret.yaml

@@ -32,6 +32,30 @@ var GitBranch string
 var BuildDate string
 var Version string
 
+const (
+	IPProtoUnknown   = -1
+	IPProtocolICMP   = 1
+	IPProtocolTCP    = 6
+	IPProtocolUDP    = 17
+	IPProtocolICMPv6 = 58
+	IPProtocolSCTP   = 132
+)
+
+var protocolMap = map[int]string{
+	IPProtoUnknown:   "Unknown",
+	IPProtocolICMP:   "ICMP",
+	IPProtocolTCP:    "TCP",
+	IPProtocolUDP:    "UDP",
+	IPProtocolICMPv6: "ICMPv6",
+	IPProtocolSCTP:   "SCTP",
+}
+
+// Array for ICMP type which can be considered as ICMP reply packets.
+// TODO: Identity all the ICMP reply types
+var ICMPReplyType = []int{
+	0, // EchoReply
+}
+
 func printBuildDetails() {
 	if GitCommit == "" {
 		return
@@ -210,14 +234,21 @@ func GetExternalIPAddr() string {
 }
 
 func GetProtocol(protocol int) string {
-	protocolMap := map[int]string{
-		1:   "ICMP",
-		6:   "TCP",
-		17:  "UDP",
-		132: "STCP",
+	return protocolMap[protocol]
+}
+
+func IsICMP(protocol int) bool {
+	if protocol == IPProtocolICMP || protocol == IPProtocolICMPv6 {
+		return true
 	}
+	return false
+}
 
-	return protocolMap[protocol]
+func IsReplyICMP(icmpType int) bool {
+	if ContainsElement(ICMPReplyType, icmpType) {
+		return true
+	}
+	return false
 }
 
 // ============ //