Merge pull request #338 from daemon1024/improve-install-probe

feat(install): wait for KubeArmor to create probe file before probing
kubearmor · Jun 23, 2023 · b48c6a1 · b48c6a1
2 parents a1cc343 + 7acb4d1
commit b48c6a1
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 21 deletions.
diff --git a/install/install.go b/install/install.go
@@ -105,7 +105,7 @@ func printAnimation(msg string, flag bool) int {
 	if flag {
 		progress++
 	}
-	printBar("    KubeArmor Installing ", 16)
+	printBar("    KubeArmor Installing ", 17)
 	return 0
 }
 
@@ -141,23 +141,41 @@ func checkPods(c *k8s.Client, o Options) {
 			break
 		}
 	}
-	probeData, err := probe.ProbeRunningKubeArmorNodes(c, probe.Options{
-		Namespace: o.Namespace,
-	})
-	if err != nil || len(probeData) == 0 {
-		return
-	}
-	enforcing := true
-	for _, k := range probeData {
-		if k.ActiveLSM == "" || !k.ContainerSecurity {
-			enforcing = false
-			break
+	fmt.Print("\n🔧  Verifying KubeArmor functionality (this may take upto a minute) ...")
+	ctx, cancel := context.WithTimeout(context.Background(), 40*time.Second)
+	defer cancel()
+
+	for {
+		select {
+		case <-time.After(1 * time.Second):
+		case <-ctx.Done():
+			fmt.Print("⚠️  Failed verifying KubeArmor functionality ...")
+			return
 		}
-	}
-	if enforcing {
-		fmt.Print(color.New(color.FgWhite, color.Bold).Sprint("\n\t🛡️  Your Cluster is Armored Up Now! \n"))
-	} else {
-		color.Yellow("\n\t⚠️  KubeArmor is running in Audit mode, only Observability will be available and Policy Enforcement won't work. \n")
+		probeData, err := probe.ProbeRunningKubeArmorNodes(c, probe.Options{
+			Namespace: o.Namespace,
+		})
+		if err != nil || len(probeData) == 0 {
+			fmt.Printf("\r🔧  Verifying KubeArmor functionality (this may take upto a minute) ... %s", cursor[cursorcount])
+			cursorcount++
+			if cursorcount == 4 {
+				cursorcount = 0
+			}
+			continue
+		}
+		enforcing := true
+		for _, k := range probeData {
+			if k.ActiveLSM == "" || !k.ContainerSecurity {
+				enforcing = false
+				break
+			}
+		}
+		if enforcing {
+			fmt.Print(color.New(color.FgWhite, color.Bold).Sprint("\n\n\t🛡️  Your Cluster is Armored Up! \n"))
+		} else {
+			color.Yellow("\n\n\t⚠️  KubeArmor is running in Audit mode, only Observability will be available and Policy Enforcement won't work. \n")
+		}
+		break
 	}
 
 }

diff --git a/probe/probe.go b/probe/probe.go
@@ -489,9 +489,9 @@ func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) (KubeArmor
 		VersionedParams(&corev1.PodExecOptions{
 			Container: pods.Items[0].Spec.Containers[0].Name,
 			Command:   cmdArr,
-			Stdin:     true,
+			Stdin:     false,
 			Stdout:    true,
-			Stderr:    true,
+			Stderr:    false,
 			TTY:       false,
 		}, scheme.ParameterCodec)
 	exec, err := remotecommand.NewSPDYExecutor(c.Config, "POST", req.URL())
@@ -501,9 +501,7 @@ func readDataFromKubeArmor(c *k8s.Client, o Options, nodeName string) (KubeArmor
 	go func() {
 		defer outStream.Close()
 		err = exec.StreamWithContext(context.TODO(), remotecommand.StreamOptions{
-			Stdin:  os.Stdin,
 			Stdout: outStream,
-			Stderr: os.Stderr,
 			Tty:    false,
 		})
 	}()