Resolved conflicts

ScienceSoft-Inc · Aug 11, 2022 · 304686a · 304686a
2 parents bbe2077 + 9d37b9c
commit 304686a
Show file tree

Hide file tree

Showing 8 changed files with 92 additions and 63 deletions.
diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
-![GitHub contributors](https://img.shields.io/github/contributors/ScienceSoft-Inc/k8s-container-integrity-monitor)
-![GitHub last commit](https://img.shields.io/github/last-commit/ScienceSoft-Inc/k8s-container-integrity-monitor)
-![GitHub](https://img.shields.io/github/license/ScienceSoft-Inc/k8s-container-integrity-monitor)
-![GitHub issues](https://img.shields.io/github/issues/ScienceSoft-Inc/k8s-container-integrity-monitor)
-![GitHub forks](https://img.shields.io/github/forks/ScienceSoft-Inc/k8s-container-integrity-monitor)
+[![GitHub contributors](https://img.shields.io/github/contributors/ScienceSoft-Inc/k8s-container-integrity-monitor)](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor)
+[![GitHub last commit](https://img.shields.io/github/last-commit/ScienceSoft-Inc/k8s-container-integrity-monitor)](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor)
+[![GitHub](https://img.shields.io/github/license/ScienceSoft-Inc/k8s-container-integrity-monitor)](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor/blob/main/LICENSE)
+[![GitHub issues](https://img.shields.io/github/issues/ScienceSoft-Inc/k8s-container-integrity-monitor)](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor/issues)
+[![GitHub forks](https://img.shields.io/github/forks/ScienceSoft-Inc/k8s-container-integrity-monitor)](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor/network/members)
 
 ![Go](https://img.shields.io/badge/go-%2300ADD8.svg?style=for-the-badge&logo=go&logoColor=white)
 ![Kubernetes](https://img.shields.io/badge/kubernetes-%23326ce5.svg?style=for-the-badge&logo=kubernetes&logoColor=white)
@@ -12,7 +12,7 @@
 # k8s-container-integrity-monitor
 
 This program provides integrity monitoring that checks file or   directory of container to determine whether or not they have been tampered with or corrupted.  
-k8s-container-integrity-monitor, which is a type of change auditing, verifies and validates these files by comparing them to the stored data in the database.  
+k8s-container-integrity-monitor, which is a type of change auditing, verifies and validates these files by comparing them to the stored data in the database.
 
 If program detects that files have been altered, updated, added or compromised, it rolls back deployments to a previous version.
 
@@ -29,83 +29,107 @@ k8s-container-integrity-monitor injects a `hasher-webhook-injector-sidecar` to y
 ### Component diagram
 ![File location: docs/diagrams/projectStructure.png](/docs/diagrams/projectStructure.png?raw=true "Component diagram")
 ### Activity diagram
-![File location: docs/diagrams/deployDiagram.png](/docs/diagrams/deployDiagram.png?raw=true "Activity diagram") 
+![File location: docs/diagrams/deployDiagram.png](/docs/diagrams/deployDiagram.png?raw=true "Activity diagram")
 ### Statechart diagram
 ![File location: docs/diagrams/appStatechartDiagram.png](/docs/diagrams/appStatechartDiagram.png?raw=true "Statechart diagram")
 ### Sequence diagram
-![File location: docs/diagrams/appSequenceDiagram.png](/docs/diagrams/appSequenceDiagram.png?raw=true "Sequence diagram") 
+![File location: docs/diagrams/appSequenceDiagram.png](/docs/diagrams/appSequenceDiagram.png?raw=true "Sequence diagram")
 ## Getting Started
 
 ### Clone repository and install dependencies
 ```
 $ git clone https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor.git
 $ cd path/to/install
 ```
+Download the named modules into the module cache
+```
+go mod download
+```
+
+## :hammer: Installing components
 ### Running locally
-The code only works running inside a pod in Kubernetes
+The code only works running inside a pod in Kubernetes.
 You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster.
 If you do not already have a cluster, you can create one by using `minikube`.  
 Example https://minikube.sigs.k8s.io/docs/start/
 
+### Install Helm
+Before using helm charts you need to install helm on your local machine.  
+You can find the necessary installation information at this link https://helm.sh/docs/intro/install/
+
 ### Configuration
+To work properly, you first need to set the configuration files:
++ values in the file `helm-charts/database-to-integrity-sum/values.yaml`
++ values in the file `helm-charts/demo-apps-to-monitor/values.yaml`
++ values in the file `helm-charts/mutator/values.yaml`
 
-## :hammer: Installing components
+## Manual start
++ Minikube start
 ```
-docker build -t mutator ./k8s-container-integrity-mutator
-helm intall mutator
-
-make integrity sum
-
-helm install demo-apps-to-monitor
+minikube start
 ```
-### Install Helm
-Before using helm charts you need to install helm on your local machine.  
-You can find the necessary installation information at this link https://helm.sh/docs/intro/install/
+1) You should go to the `README.md` in the `./k8s-container-integrity-mutator` project and set all the settings and certificates.
 
-Then update the on-disk dependencies to mirror Chart.yaml.
+Build docker images mutator:
+```
+eval $(minikube docker-env)
+cd k8s-container-integrity-mutator
+docker build -t mutator
+```
+or
+```
+eval $(minikube docker-env)
+docker build -t mutator -f k8s-container-integrity-mutator/Dockerfile .
+```
+Install helm chart:
+for example
+```
+helm install mutator helm-charts/mutator
+```
+2) You need to install the database using helm charts.  
+   Update the on-disk dependencies to mirror Chart.yaml.
 ```
 helm dependency update helm-charts/database-to-integrity-sum
 ```
-Then install the database helm-chart on your cluster.
+Install helm chart:
+for example
 ```
 helm install db helm-charts/database-to-integrity-sum
 ```
-And also install the mutating injector app.
+
+3) You should go to the `README.md` in the `./integrity-sum` project and set all the settings.
+   Build docker images mutator:
 ```
-helm install mutator helm-charts/mutator
+eval $(minikube docker-env)
+cd integrity-sum
+docker build -t hasher
 ```
-For a demonstration of work, use demo-app.
+or
+```
+eval $(minikube docker-env)
+docker build -t hasher -f integrity-sum/Dockerfile .
+```
+Install helm chart:
+for example
 ```
 helm install app helm-charts/demo-apps-to-monitor
 ```
 
 ## Quick start
+### Using Makefile
 
 ## Troubleshooting
-___________________________
-### :notebook_with_decorative_cover: Godoc extracts and generates documentation for Go programs
-#### Presents the documentation as a web page.
-```go
-godoc -http=:6060/sha256sum
-go doc packge.function_name
-```
-for example
-```go
-go doc pkg/api.Result
-```
+Sometimes you may find that pod is injected with sidecar container as expected, check the following items:
 
+1) The pod is in running state with `hasher-sidecar` sidecar container injected and no error logs.
+2) Check if the application demo-pod has he correct labels `hasher-certificates-injector-sidecar: "true"` and installed `main-process-name`.
+___________________________
 ### :mag: Running tests
 
 You need to go to the folder where the file is located *_test.go and run the following command:
 ```go
-go test -v
-```
-
-for example
-```go
-cd ../pkg/api
-go test -v
+go test -v ./..
 ```
 
-##License
+## License
 This project uses the MIT software license. See [full license file](https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor/blob/main/LICENSE)
diff --git a/helm-charts/database-to-integrity-sum/templates/secrets.yaml b/helm-charts/database-to-integrity-sum/templates/secrets.yaml
@@ -4,14 +4,14 @@ metadata:
   name: {{ .Values.secretName}}
   namespace: {{ .Release.Namespace }}
 type: Opaque
-stringData:  # We dont need to worry about converting to base64
+stringData:  # We don't need to worry about converting to base64
   POSTGRES_USER: {{ .Values.postgresql.auth.username }}
   POSTGRES_PASSWORD: "{{ .Values.postgresql.auth.password }}"
   POSTGRES_DB: {{ .Values.postgresql.auth.database }}
 
   DB_HOST: {{.Release.Name}}-postgresql
-  DB_DRIVER: postgres
+  DB_DRIVER: {{ .Values.databaseDriver }}
   DB_USER: {{ .Values.postgresql.auth.username }}
   DB_PASSWORD: "{{ .Values.postgresql.auth.postgresPassword }}"
   DB_NAME: {{ .Values.postgresql.auth.database }}
-  DB_PORT: "5432"
+  DB_PORT: "{{ .Values.postgresql.primary.service.port}}"
diff --git a/helm-charts/database-to-integrity-sum/values.yaml b/helm-charts/database-to-integrity-sum/values.yaml
@@ -1,5 +1,7 @@
 # Dependency to database "postgresql"
-secretName: hasher-database-secret # Set the unique name for secret for database
+# Set the unique name for secret for database
+secretName: secret-database-to-integrity-sum
+databaseDriver: postgres
 
 postgresql:
   auth:
@@ -28,8 +30,7 @@ postgresql:
           name_deployment   TEXT,
           name_pod          TEXT,
           time_of_creation  VARCHAR (50),
-          image_tag         TEXT,
-          CONSTRAINT files_unique UNIQUE (full_file_path, algorithm)
+          image_tag         TEXT
           );"
 
     # Enable security context

diff --git a/helm-charts/demo-apps-to-monitor/Chart.yaml b/helm-charts/demo-apps-to-monitor/Chart.yaml
@@ -3,5 +3,4 @@ name       : NginxDemo-HelmChart
 description: Helm Chart for demonstration Container Monitor App work
 type       : application
 version    : 0.1.0
-appVersion: "1.0.0"
-
+appVersion : "1.0.0"
diff --git a/helm-charts/demo-apps-to-monitor/templates/configMap.yaml b/helm-charts/demo-apps-to-monitor/templates/configMap.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-integrity-sum-config
-data:
-  {{ .Values.container.name }}: |
+  kind: ConfigMap
+  metadata:
+    name: {{.Release.Name}}-{{ .Values.configMap.name }}
+  data:
+    {{ .Values.container.name }}: |
       PID_NAME={{ .Values.configMap.processName }}
       MOUNT_PATH={{ .Values.configMap.mountPath }}
diff --git a/helm-charts/demo-apps-to-monitor/templates/deployment.yaml b/helm-charts/demo-apps-to-monitor/templates/deployment.yaml
@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ .Values.metadata.deploymentName }}
+  name: {{ .Release.Name}}-{{ .Values.metadata.deploymentName }}
   labels:
     app: {{ .Values.metadata.appName }}
 spec:
@@ -21,7 +21,7 @@ spec:
         main-process-name: "{{ .Values.configMap.processName }}"
         hasher-certificates-injector-sidecar: "true"
     spec:
-      serviceAccountName: {{ .Values.serviceAccount }}
+      serviceAccountName: {{ .Release.Name}}-{{ .Values.serviceAccount }}
       shareProcessNamespace: true
       containers:
         - name: {{ .Values.container.name }}

diff --git a/helm-charts/demo-apps-to-monitor/templates/serviceAccount.yaml b/helm-charts/demo-apps-to-monitor/templates/serviceAccount.yaml
@@ -1,13 +1,13 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.serviceAccount }}
+  name: {{.Release.Name}}-{{ .Values.serviceAccount }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: {{ .Values.serviceAccount }}
+  name: {{.Release.Name}}-{{ .Values.serviceAccount }}
 rules:
   - apiGroups: ["apps"]
     verbs: ["patch", "get", "list"]
@@ -23,11 +23,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ .Values.serviceAccount }}
+  name: {{.Release.Name}}-{{ .Values.serviceAccount }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: {{ .Values.serviceAccount }}
+  name: {{.Release.Name}}-{{ .Values.serviceAccount }}
 subjects:
   - kind: ServiceAccount
-    name: {{ .Values.serviceAccount }}
+    name: {{.Release.Name}}-{{ .Values.serviceAccount }}
diff --git a/helm-charts/demo-apps-to-monitor/values.yaml b/helm-charts/demo-apps-to-monitor/values.yaml
@@ -21,5 +21,10 @@ replicaCount: 1
 
 # Configuration file variables
 configMap:
+  name: integrity-sum-config
   processName: nginx # Container process name
   mountPath: etc/nginx # Tracked folder path
+
+# Data secrets in the database
+secretNameDB: secret-database-to-integrity-sum
+releaseNameDB: db