From 24df00a90e80aaef54ecfe8a07d0e22536533da3 Mon Sep 17 00:00:00 2001 From: Carlos Rodriguez-Fernandez Date: Wed, 14 Aug 2024 09:54:43 -0700 Subject: [PATCH 1/2] refactor(operator): remove config empty check The config elements, though optional, are not ptr, so they are initialized with the respective type default values. As result, strconv.Format... will never return an empty string, so the check is unnecessary. Signed-off-by: Carlos Rodriguez-Fernandez --- .../internal/controller/cluster.go | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/pkg/KubeArmorOperator/internal/controller/cluster.go b/pkg/KubeArmorOperator/internal/controller/cluster.go index 9019c3f598..5dc0e6a901 100644 --- a/pkg/KubeArmorOperator/internal/controller/cluster.go +++ b/pkg/KubeArmorOperator/internal/controller/cluster.go @@ -806,25 +806,19 @@ func UpdateConfigMapData(config *opv1.KubeArmorConfigSpec) bool { } } AlertThrottlingEnabled := strconv.FormatBool(config.AlertThrottling) - if AlertThrottlingEnabled != "" { - if common.ConfigMapData[common.ConfigAlertThrottling] != AlertThrottlingEnabled { - common.ConfigMapData[common.ConfigAlertThrottling] = AlertThrottlingEnabled - updated = true - } + if common.ConfigMapData[common.ConfigAlertThrottling] != AlertThrottlingEnabled { + common.ConfigMapData[common.ConfigAlertThrottling] = AlertThrottlingEnabled + updated = true } MaxAlertPerSec := strconv.FormatInt(int64(config.MaxAlertPerSec), 10) - if MaxAlertPerSec != "" { - if common.ConfigMapData[common.ConfigMaxAlertPerSec] != MaxAlertPerSec { - common.ConfigMapData[common.ConfigMaxAlertPerSec] = MaxAlertPerSec - updated = true - } + if common.ConfigMapData[common.ConfigMaxAlertPerSec] != MaxAlertPerSec { + common.ConfigMapData[common.ConfigMaxAlertPerSec] = MaxAlertPerSec + updated = true } ThrottleSec := strconv.FormatInt(int64(config.ThrottleSec), 10) - if MaxAlertPerSec != "" { - if common.ConfigMapData[common.ConfigThrottleSec] != ThrottleSec { - common.ConfigMapData[common.ConfigThrottleSec] = ThrottleSec - updated = true - } + if common.ConfigMapData[common.ConfigThrottleSec] != ThrottleSec { + common.ConfigMapData[common.ConfigThrottleSec] = ThrottleSec + updated = true } return updated From 34ea89a269a02353cd547ebae3a550f4873cea36 Mon Sep 17 00:00:00 2001 From: Prateek Date: Wed, 11 Sep 2024 13:11:42 +0530 Subject: [PATCH 2/2] fix(operator): set default value in configmap when throttling configuration are empty Signed-off-by: Prateek --- KubeArmor/core/kubeUpdate.go | 16 ++++++++++------ pkg/KubeArmorOperator/common/defaults.go | 5 +++++ .../internal/controller/cluster.go | 8 +++++++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/KubeArmor/core/kubeUpdate.go b/KubeArmor/core/kubeUpdate.go index fa0b77a94f..f5298713b0 100644 --- a/KubeArmor/core/kubeUpdate.go +++ b/KubeArmor/core/kubeUpdate.go @@ -2739,13 +2739,17 @@ func (dm *KubeArmorDaemon) WatchConfigMap() cache.InformerSynced { if _, ok := cm.Data[cfg.ConfigAlertThrottling]; ok { cfg.GlobalCfg.AlertThrottling = (cm.Data[cfg.ConfigAlertThrottling] == "true") } - cfg.GlobalCfg.MaxAlertPerSec, err = strconv.Atoi(cm.Data[cfg.ConfigMaxAlertPerSec]) - if err != nil { - dm.Logger.Warnf("Error: %s", err) + if _, ok := cm.Data[cfg.ConfigMaxAlertPerSec]; ok { + cfg.GlobalCfg.MaxAlertPerSec, err = strconv.Atoi(cm.Data[cfg.ConfigMaxAlertPerSec]) + if err != nil { + dm.Logger.Warnf("Error: %s", err) + } } - cfg.GlobalCfg.ThrottleSec, err = strconv.Atoi(cm.Data[cfg.ConfigThrottleSec]) - if err != nil { - dm.Logger.Warnf("Error: %s", err) + if _, ok := cm.Data[cfg.ConfigMaxAlertPerSec]; ok { + cfg.GlobalCfg.ThrottleSec, err = strconv.Atoi(cm.Data[cfg.ConfigThrottleSec]) + if err != nil { + dm.Logger.Warnf("Error: %s", err) + } } dm.SystemMonitor.UpdateThrottlingConfig() diff --git a/pkg/KubeArmorOperator/common/defaults.go b/pkg/KubeArmorOperator/common/defaults.go index bcf157747c..0d315afa9f 100644 --- a/pkg/KubeArmorOperator/common/defaults.go +++ b/pkg/KubeArmorOperator/common/defaults.go @@ -119,6 +119,11 @@ var ( KubeArmorRelayServerSecretName string = "kubearmor-relay-server-certs" DefaultTlsCertPath string = "/var/lib/kubearmor/tls" DefaultMode int32 = 420 // deciaml representation of octal value 644 + + // throttling + AlertThrottling bool = true + DefaultMaxAlertPerSec string = "10" + DefaultThrottleSec string = "30" ) var ConfigMapData = map[string]string{ diff --git a/pkg/KubeArmorOperator/internal/controller/cluster.go b/pkg/KubeArmorOperator/internal/controller/cluster.go index 5dc0e6a901..fd1e5af0af 100644 --- a/pkg/KubeArmorOperator/internal/controller/cluster.go +++ b/pkg/KubeArmorOperator/internal/controller/cluster.go @@ -811,16 +811,22 @@ func UpdateConfigMapData(config *opv1.KubeArmorConfigSpec) bool { updated = true } MaxAlertPerSec := strconv.FormatInt(int64(config.MaxAlertPerSec), 10) + if config.MaxAlertPerSec == 0 { + MaxAlertPerSec = common.DefaultMaxAlertPerSec + } if common.ConfigMapData[common.ConfigMaxAlertPerSec] != MaxAlertPerSec { common.ConfigMapData[common.ConfigMaxAlertPerSec] = MaxAlertPerSec updated = true } + ThrottleSec := strconv.FormatInt(int64(config.ThrottleSec), 10) + if config.ThrottleSec == 0 { + ThrottleSec = common.DefaultThrottleSec + } if common.ConfigMapData[common.ConfigThrottleSec] != ThrottleSec { common.ConfigMapData[common.ConfigThrottleSec] = ThrottleSec updated = true } - return updated }