github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-07-16 09:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed location of pre tap permission files (#852)

Browse Source
This commit is contained in:
RoyUP9 2022-02-24 16:46:51 +02:00 committed by GitHub
parent c5a36a494a
commit d8c0132a98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 10 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cli/cmd/checkRunner.go
View File

@ -2,8 +2,8 @@ package cmd
import ( import (
"context" "context"
"embed"
"fmt" "fmt"
"github.com/up9inc/mizu/shared"
rbac "k8s.io/api/rbac/v1" rbac "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/kubernetes/scheme"
@ -17,6 +17,11 @@ import (
"github.com/up9inc/mizu/shared/semver" "github.com/up9inc/mizu/shared/semver"
) )
var (
//go:embed permissionFiles
embedFS embed.FS
)
func runMizuCheck() { func runMizuCheck() {
logger.Log.Infof("Mizu checks\n===================") logger.Log.Infof("Mizu checks\n===================")
@ -248,12 +253,12 @@ func checkK8sTapPermissions(ctx context.Context, kubernetesProvider *kubernetes.
var filePath string var filePath string
if config.Config.IsNsRestrictedMode() { if config.Config.IsNsRestrictedMode() {
filePath = "./examples/roles/permissions-ns-tap.yaml" filePath = "permissionFiles/permissions-ns-tap.yaml"
} else { } else {
filePath = "./examples/roles/permissions-all-namespaces-tap.yaml" filePath = "permissionFiles/permissions-all-namespaces-tap.yaml"
} }
data, err := shared.ReadFromFile(filePath) data, err := embedFS.ReadFile(filePath)
if err != nil { if err != nil {
logger.Log.Errorf("%v error while checking kubernetes permissions, err: %v", fmt.Sprintf(uiUtils.Red, "✗"), err) logger.Log.Errorf("%v error while checking kubernetes permissions, err: %v", fmt.Sprintf(uiUtils.Red, "✗"), err)
return false return false

0
examples/roles/permissions-all-namespaces-debug-optional.yaml → cli/cmd/permissionFiles/permissions-all-namespaces-debug-optional.yaml
View File

0
examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml → cli/cmd/permissionFiles/permissions-all-namespaces-ip-resolution-optional.yaml
View File

0
examples/roles/permissions-all-namespaces-tap.yaml → cli/cmd/permissionFiles/permissions-all-namespaces-tap.yaml
View File

0
examples/roles/permissions-ns-debug-optional.yaml → cli/cmd/permissionFiles/permissions-ns-debug-optional.yaml
View File

0
examples/roles/permissions-ns-ip-resolution-optional.yaml → cli/cmd/permissionFiles/permissions-ns-ip-resolution-optional.yaml
View File

0
examples/roles/permissions-ns-tap.yaml → cli/cmd/permissionFiles/permissions-ns-tap.yaml
View File

2
docs/PERMISSIONS.md
View File

@ -85,4 +85,4 @@ By default Mizu requires cluster-wide permissions.
If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements. If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements.
This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions. This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions.
The different requirements are listed in [the example roles dir](../examples/roles) The different requirements are listed in [the permission templates dir](../cli/cmd/permissionFiles)

20
shared/fileUtils.go
View File

@ -1,20 +0,0 @@
package shared
import (
"io/ioutil"
"os"
)
func ReadFromFile(path string) ([]byte, error) {
reader, err := os.Open(path)
if err != nil {
return nil, err
}
data, err := ioutil.ReadAll(reader)
if err != nil {
return nil, err
}
return data, nil
}