diff --git a/api/v1/tetragon/capabilities.pb.go b/api/v1/tetragon/capabilities.pb.go index eed0c3b59aa..03a816c555c 100644 --- a/api/v1/tetragon/capabilities.pb.go +++ b/api/v1/tetragon/capabilities.pb.go @@ -21,10 +21,11 @@ package tetragon import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go index a89ac33d5a7..3391745fb71 100644 --- a/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go +++ b/api/v1/tetragon/codegen/eventchecker/eventchecker.pb.go @@ -9,6 +9,8 @@ import ( list "container/list" json "encoding/json" fmt "fmt" + strings "strings" + tetragon "github.com/cilium/tetragon/api/v1/tetragon" bytesmatcher "github.com/cilium/tetragon/pkg/matchers/bytesmatcher" listmatcher "github.com/cilium/tetragon/pkg/matchers/listmatcher" @@ -16,7 +18,6 @@ import ( timestampmatcher "github.com/cilium/tetragon/pkg/matchers/timestampmatcher" logrus "github.com/sirupsen/logrus" yaml "sigs.k8s.io/yaml" - strings "strings" ) // MultiEventChecker is an interface for checking multiple Tetragon events @@ -434,7 +435,7 @@ func (checker *ProcessExecChecker) WithAncestors(check *ProcessListMatcher) *Pro return checker } -//FromProcessExec populates the ProcessExecChecker using data from a ProcessExec event +// FromProcessExec populates the ProcessExecChecker using data from a ProcessExec event func (checker *ProcessExecChecker) FromProcessExec(event *tetragon.ProcessExec) *ProcessExecChecker { if event == nil { return checker @@ -673,7 +674,7 @@ func (checker *ProcessExitChecker) WithTime(check *timestampmatcher.TimestampMat return checker } -//FromProcessExit populates the ProcessExitChecker using data from a ProcessExit event +// FromProcessExit populates the ProcessExitChecker using data from a ProcessExit event func (checker *ProcessExitChecker) FromProcessExit(event *tetragon.ProcessExit) *ProcessExitChecker { if event == nil { return checker @@ -819,7 +820,7 @@ func (checker *ProcessKprobeChecker) WithAction(check tetragon.KprobeAction) *Pr return checker } -//FromProcessKprobe populates the ProcessKprobeChecker using data from a ProcessKprobe event +// FromProcessKprobe populates the ProcessKprobeChecker using data from a ProcessKprobe event func (checker *ProcessKprobeChecker) FromProcessKprobe(event *tetragon.ProcessKprobe) *ProcessKprobeChecker { if event == nil { return checker @@ -1063,7 +1064,7 @@ func (checker *ProcessTracepointChecker) WithArgs(check *KprobeArgumentListMatch return checker } -//FromProcessTracepoint populates the ProcessTracepointChecker using data from a ProcessTracepoint event +// FromProcessTracepoint populates the ProcessTracepointChecker using data from a ProcessTracepoint event func (checker *ProcessTracepointChecker) FromProcessTracepoint(event *tetragon.ProcessTracepoint) *ProcessTracepointChecker { if event == nil { return checker @@ -1192,7 +1193,7 @@ func (checker *ProcessUprobeChecker) WithSymbol(check *stringmatcher.StringMatch return checker } -//FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event +// FromProcessUprobe populates the ProcessUprobeChecker using data from a ProcessUprobe event func (checker *ProcessUprobeChecker) FromProcessUprobe(event *tetragon.ProcessUprobe) *ProcessUprobeChecker { if event == nil { return checker @@ -1308,7 +1309,7 @@ func (checker *TestChecker) WithArg3(check uint64) *TestChecker { return checker } -//FromTest populates the TestChecker using data from a Test event +// FromTest populates the TestChecker using data from a Test event func (checker *TestChecker) FromTest(event *tetragon.Test) *TestChecker { if event == nil { return checker @@ -1420,7 +1421,7 @@ func (checker *ProcessLoaderChecker) WithBuildid(check *bytesmatcher.BytesMatche return checker } -//FromProcessLoader populates the ProcessLoaderChecker using data from a ProcessLoader event +// FromProcessLoader populates the ProcessLoaderChecker using data from a ProcessLoader event func (checker *ProcessLoaderChecker) FromProcessLoader(event *tetragon.ProcessLoader) *ProcessLoaderChecker { if event == nil { return checker @@ -1497,7 +1498,7 @@ func (checker *RateLimitInfoChecker) WithNumberOfDroppedProcessEvents(check uint return checker } -//FromRateLimitInfo populates the RateLimitInfoChecker using data from a RateLimitInfo event +// FromRateLimitInfo populates the RateLimitInfoChecker using data from a RateLimitInfo event func (checker *RateLimitInfoChecker) FromRateLimitInfo(event *tetragon.RateLimitInfo) *RateLimitInfoChecker { if event == nil { return checker @@ -1562,7 +1563,7 @@ func (checker *ImageChecker) WithName(check *stringmatcher.StringMatcher) *Image return checker } -//FromImage populates the ImageChecker using data from a Image field +// FromImage populates the ImageChecker using data from a Image field func (checker *ImageChecker) FromImage(event *tetragon.Image) *ImageChecker { if event == nil { return checker @@ -1676,7 +1677,7 @@ func (checker *ContainerChecker) WithMaybeExecProbe(check bool) *ContainerChecke return checker } -//FromContainer populates the ContainerChecker using data from a Container field +// FromContainer populates the ContainerChecker using data from a Container field func (checker *ContainerChecker) FromContainer(event *tetragon.Container) *ContainerChecker { if event == nil { return checker @@ -1841,7 +1842,7 @@ func (checker *PodChecker) WithPodLabels(check map[string]stringmatcher.StringMa return checker } -//FromPod populates the PodChecker using data from a Pod field +// FromPod populates the PodChecker using data from a Pod field func (checker *PodChecker) FromPod(event *tetragon.Pod) *PodChecker { if event == nil { return checker @@ -1921,7 +1922,7 @@ func (checker *CapabilitiesChecker) WithInheritable(check *CapabilitiesTypeListM return checker } -//FromCapabilities populates the CapabilitiesChecker using data from a Capabilities field +// FromCapabilities populates the CapabilitiesChecker using data from a Capabilities field func (checker *CapabilitiesChecker) FromCapabilities(event *tetragon.Capabilities) *CapabilitiesChecker { if event == nil { return checker @@ -2115,7 +2116,7 @@ func (checker *NamespaceChecker) WithIsHost(check bool) *NamespaceChecker { return checker } -//FromNamespace populates the NamespaceChecker using data from a Namespace field +// FromNamespace populates the NamespaceChecker using data from a Namespace field func (checker *NamespaceChecker) FromNamespace(event *tetragon.Namespace) *NamespaceChecker { if event == nil { return checker @@ -2280,7 +2281,7 @@ func (checker *NamespacesChecker) WithUser(check *NamespaceChecker) *NamespacesC return checker } -//FromNamespaces populates the NamespacesChecker using data from a Namespaces field +// FromNamespaces populates the NamespacesChecker using data from a Namespaces field func (checker *NamespacesChecker) FromNamespaces(event *tetragon.Namespaces) *NamespacesChecker { if event == nil { return checker @@ -2551,7 +2552,7 @@ func (checker *ProcessChecker) WithTid(check uint32) *ProcessChecker { return checker } -//FromProcess populates the ProcessChecker using data from a Process field +// FromProcess populates the ProcessChecker using data from a Process field func (checker *ProcessChecker) FromProcess(event *tetragon.Process) *ProcessChecker { if event == nil { return checker @@ -2746,7 +2747,7 @@ func (checker *KprobeSockChecker) WithCookie(check uint64) *KprobeSockChecker { return checker } -//FromKprobeSock populates the KprobeSockChecker using data from a KprobeSock field +// FromKprobeSock populates the KprobeSockChecker using data from a KprobeSock field func (checker *KprobeSockChecker) FromKprobeSock(event *tetragon.KprobeSock) *KprobeSockChecker { if event == nil { return checker @@ -2952,7 +2953,7 @@ func (checker *KprobeSkbChecker) WithProtocol(check *stringmatcher.StringMatcher return checker } -//FromKprobeSkb populates the KprobeSkbChecker using data from a KprobeSkb field +// FromKprobeSkb populates the KprobeSkbChecker using data from a KprobeSkb field func (checker *KprobeSkbChecker) FromKprobeSkb(event *tetragon.KprobeSkb) *KprobeSkbChecker { if event == nil { return checker @@ -3064,7 +3065,7 @@ func (checker *KprobePathChecker) WithFlags(check *stringmatcher.StringMatcher) return checker } -//FromKprobePath populates the KprobePathChecker using data from a KprobePath field +// FromKprobePath populates the KprobePathChecker using data from a KprobePath field func (checker *KprobePathChecker) FromKprobePath(event *tetragon.KprobePath) *KprobePathChecker { if event == nil { return checker @@ -3140,7 +3141,7 @@ func (checker *KprobeFileChecker) WithFlags(check *stringmatcher.StringMatcher) return checker } -//FromKprobeFile populates the KprobeFileChecker using data from a KprobeFile field +// FromKprobeFile populates the KprobeFileChecker using data from a KprobeFile field func (checker *KprobeFileChecker) FromKprobeFile(event *tetragon.KprobeFile) *KprobeFileChecker { if event == nil { return checker @@ -3204,7 +3205,7 @@ func (checker *KprobeTruncatedBytesChecker) WithOrigSize(check uint64) *KprobeTr return checker } -//FromKprobeTruncatedBytes populates the KprobeTruncatedBytesChecker using data from a KprobeTruncatedBytes field +// FromKprobeTruncatedBytes populates the KprobeTruncatedBytesChecker using data from a KprobeTruncatedBytes field func (checker *KprobeTruncatedBytesChecker) FromKprobeTruncatedBytes(event *tetragon.KprobeTruncatedBytes) *KprobeTruncatedBytesChecker { if event == nil { return checker @@ -3282,7 +3283,7 @@ func (checker *KprobeCredChecker) WithInheritable(check *CapabilitiesTypeListMat return checker } -//FromKprobeCred populates the KprobeCredChecker using data from a KprobeCred field +// FromKprobeCred populates the KprobeCredChecker using data from a KprobeCred field func (checker *KprobeCredChecker) FromKprobeCred(event *tetragon.KprobeCred) *KprobeCredChecker { if event == nil { return checker @@ -3379,7 +3380,7 @@ func (checker *KprobeCapabilityChecker) WithName(check *stringmatcher.StringMatc return checker } -//FromKprobeCapability populates the KprobeCapabilityChecker using data from a KprobeCapability field +// FromKprobeCapability populates the KprobeCapabilityChecker using data from a KprobeCapability field func (checker *KprobeCapabilityChecker) FromKprobeCapability(event *tetragon.KprobeCapability) *KprobeCapabilityChecker { if event == nil { return checker @@ -3478,7 +3479,7 @@ func (checker *KprobeUserNamespaceChecker) WithNs(check *NamespaceChecker) *Kpro return checker } -//FromKprobeUserNamespace populates the KprobeUserNamespaceChecker using data from a KprobeUserNamespace field +// FromKprobeUserNamespace populates the KprobeUserNamespaceChecker using data from a KprobeUserNamespace field func (checker *KprobeUserNamespaceChecker) FromKprobeUserNamespace(event *tetragon.KprobeUserNamespace) *KprobeUserNamespaceChecker { if event == nil { return checker @@ -3566,7 +3567,7 @@ func (checker *KprobeBpfAttrChecker) WithProgName(check *stringmatcher.StringMat return checker } -//FromKprobeBpfAttr populates the KprobeBpfAttrChecker using data from a KprobeBpfAttr field +// FromKprobeBpfAttr populates the KprobeBpfAttrChecker using data from a KprobeBpfAttr field func (checker *KprobeBpfAttrChecker) FromKprobeBpfAttr(event *tetragon.KprobeBpfAttr) *KprobeBpfAttrChecker { if event == nil { return checker @@ -3657,7 +3658,7 @@ func (checker *KprobePerfEventChecker) WithProbeOffset(check uint64) *KprobePerf return checker } -//FromKprobePerfEvent populates the KprobePerfEventChecker using data from a KprobePerfEvent field +// FromKprobePerfEvent populates the KprobePerfEventChecker using data from a KprobePerfEvent field func (checker *KprobePerfEventChecker) FromKprobePerfEvent(event *tetragon.KprobePerfEvent) *KprobePerfEventChecker { if event == nil { return checker @@ -3764,7 +3765,7 @@ func (checker *KprobeBpfMapChecker) WithMapName(check *stringmatcher.StringMatch return checker } -//FromKprobeBpfMap populates the KprobeBpfMapChecker using data from a KprobeBpfMap field +// FromKprobeBpfMap populates the KprobeBpfMapChecker using data from a KprobeBpfMap field func (checker *KprobeBpfMapChecker) FromKprobeBpfMap(event *tetragon.KprobeBpfMap) *KprobeBpfMapChecker { if event == nil { return checker @@ -4116,7 +4117,7 @@ func (checker *KprobeArgumentChecker) WithLabel(check *stringmatcher.StringMatch return checker } -//FromKprobeArgument populates the KprobeArgumentChecker using data from a KprobeArgument field +// FromKprobeArgument populates the KprobeArgumentChecker using data from a KprobeArgument field func (checker *KprobeArgumentChecker) FromKprobeArgument(event *tetragon.KprobeArgument) *KprobeArgumentChecker { if event == nil { return checker diff --git a/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go b/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go index 81f7e977b93..945793850cd 100644 --- a/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go +++ b/api/v1/tetragon/codegen/eventchecker/yaml/yaml.pb.go @@ -9,10 +9,11 @@ import ( bytes "bytes" json "encoding/json" fmt "fmt" - eventchecker "github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker" os "os" - yaml "sigs.k8s.io/yaml" template "text/template" + + eventchecker "github.com/cilium/tetragon/api/v1/tetragon/codegen/eventchecker" + yaml "sigs.k8s.io/yaml" ) // Metadata contains metadata for the eventchecker definition diff --git a/api/v1/tetragon/codegen/helpers/helpers.pb.go b/api/v1/tetragon/codegen/helpers/helpers.pb.go index 277c3e99b87..3ec0e3b5fe3 100644 --- a/api/v1/tetragon/codegen/helpers/helpers.pb.go +++ b/api/v1/tetragon/codegen/helpers/helpers.pb.go @@ -7,6 +7,7 @@ package helpers import ( fmt "fmt" + tetragon "github.com/cilium/tetragon/api/v1/tetragon" ) diff --git a/api/v1/tetragon/events.pb.go b/api/v1/tetragon/events.pb.go index c561671447b..3bd341247d4 100644 --- a/api/v1/tetragon/events.pb.go +++ b/api/v1/tetragon/events.pb.go @@ -21,14 +21,15 @@ package tetragon import ( + reflect "reflect" + sync "sync" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" durationpb "google.golang.org/protobuf/types/known/durationpb" fieldmaskpb "google.golang.org/protobuf/types/known/fieldmaskpb" timestamppb "google.golang.org/protobuf/types/known/timestamppb" wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" - reflect "reflect" - sync "sync" ) const ( diff --git a/api/v1/tetragon/sensors.pb.go b/api/v1/tetragon/sensors.pb.go index 073f6dbc51a..77657647793 100644 --- a/api/v1/tetragon/sensors.pb.go +++ b/api/v1/tetragon/sensors.pb.go @@ -21,10 +21,11 @@ package tetragon import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/api/v1/tetragon/sensors_grpc.pb.go b/api/v1/tetragon/sensors_grpc.pb.go index 6bd30c32003..2f2b1d031ff 100644 --- a/api/v1/tetragon/sensors_grpc.pb.go +++ b/api/v1/tetragon/sensors_grpc.pb.go @@ -22,6 +22,7 @@ package tetragon import ( context "context" + grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" diff --git a/api/v1/tetragon/stack.pb.go b/api/v1/tetragon/stack.pb.go index a269525c712..fbc060c68e4 100644 --- a/api/v1/tetragon/stack.pb.go +++ b/api/v1/tetragon/stack.pb.go @@ -21,10 +21,11 @@ package tetragon import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) const ( diff --git a/api/v1/tetragon/tetragon.pb.go b/api/v1/tetragon/tetragon.pb.go index 8821d664e9b..3e6293c768c 100644 --- a/api/v1/tetragon/tetragon.pb.go +++ b/api/v1/tetragon/tetragon.pb.go @@ -21,12 +21,13 @@ package tetragon import ( + reflect "reflect" + sync "sync" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" - reflect "reflect" - sync "sync" ) const ( diff --git a/install/kubernetes/templates/clusterrole.yaml b/install/kubernetes/templates/clusterrole.yaml index bb0035064ae..90b3314ff3e 100644 --- a/install/kubernetes/templates/clusterrole.yaml +++ b/install/kubernetes/templates/clusterrole.yaml @@ -44,6 +44,7 @@ rules: resourceNames: - tracingpolicies.cilium.io - tracingpoliciesnamespaced.cilium.io + - tetragonpods.cilium.io verbs: - update - get diff --git a/install/kubernetes/templates/tpclusterrole.yaml b/install/kubernetes/templates/tpclusterrole.yaml index cebbbae9318..4235942121f 100644 --- a/install/kubernetes/templates/tpclusterrole.yaml +++ b/install/kubernetes/templates/tpclusterrole.yaml @@ -17,7 +17,7 @@ rules: - apiGroups: - cilium.io resources: - - TetragonPods + - tetragonpods verbs: - create - delete @@ -29,13 +29,13 @@ rules: - apiGroups: - cilium.io resources: - - TetragonPods/finalizers + - tetragonpods/finalizers verbs: - update - apiGroups: - cilium.io resources: - - TetragonPods/status + - tetragonpods/status verbs: - get - patch diff --git a/my-values.yaml b/my-values.yaml index 3aabce2e6e8..48caa3db9ea 100644 --- a/my-values.yaml +++ b/my-values.yaml @@ -2,6 +2,15 @@ tetragonPod: enabled: true image: override: quay.io/cilium/tetragon-operator-ci:812a91f2f8d8f0b71ea81ba5a55890046cc9cd77-podinfo +<<<<<<< Updated upstream tetragonOperator: image: override: quay.io/cilium/tetragon-operator-ci:812a91f2f8d8f0b71ea81ba5a55890046cc9cd77 +======= + +tetragonOperator: + enabled: true + image: + override: quay.io/cilium/tetragon-operator-ci:812a91f2f8d8f0b71ea81ba5a55890046cc9cd77 + skipTetragonPodCRD: false +>>>>>>> Stashed changes diff --git a/tetragonpod/api/v1alpha1/client/register_crd.go b/tetragonpod/api/v1alpha1/client/register_crd.go index 22ba6ae6395..75920064bd3 100644 --- a/tetragonpod/api/v1alpha1/client/register_crd.go +++ b/tetragonpod/api/v1alpha1/client/register_crd.go @@ -3,6 +3,7 @@ package client import ( "context" "fmt" + "github.com/cilium/tetragon/pkg/logger" "github.com/cilium/tetragon/tetragonpod" "github.com/sirupsen/logrus" diff --git a/tetragonpod/internal/controller/tetragonpod_controller.go b/tetragonpod/internal/controller/tetragonpod_controller.go index ef9df6f2cbc..733571a49b1 100644 --- a/tetragonpod/internal/controller/tetragonpod_controller.go +++ b/tetragonpod/internal/controller/tetragonpod_controller.go @@ -18,6 +18,7 @@ package controller import ( "context" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime"