Merge pull request #433 from redhatrises/kac_reg

feat: support admission controller registry
CrowdStrike · Oct 10, 2023 · 2a13dbe · 2a13dbe
2 parents 66bcdc9 + ba471bb
commit 2a13dbe
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 20 deletions.
diff --git a/controllers/falcon_container/image_push.go b/controllers/falcon_container/image_push.go
@@ -11,6 +11,7 @@ import (
 	falconv1alpha1 "github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1"
 	"github.com/crowdstrike/falcon-operator/internal/controller/image"
 	"github.com/crowdstrike/falcon-operator/pkg/aws"
+	"github.com/crowdstrike/falcon-operator/pkg/common"
 	"github.com/crowdstrike/falcon-operator/pkg/gcp"
 	"github.com/crowdstrike/falcon-operator/pkg/k8s_utils"
 	"github.com/crowdstrike/falcon-operator/pkg/registry/auth"
@@ -43,7 +44,7 @@ func (r *FalconContainerReconciler) PushImage(ctx context.Context, log logr.Logg
 		return nil
 	}
 
-	tag, err := image.Refresh(registryUri, version)
+	tag, err := image.Refresh(registryUri, common.SensorTypeSidecar, version)
 	if err != nil {
 		return fmt.Errorf("Cannot push Falcon Container Image: %v", err)
 	}
@@ -133,7 +134,7 @@ func (r *FalconContainerReconciler) registryUri(ctx context.Context, falconConta
 			return "", err
 		}
 
-		return falcon_registry.ImageURIContainer(cloud), nil
+		return falcon_registry.SensorImageURI(cloud, common.SensorTypeSidecar), nil
 	default:
 		return "", fmt.Errorf("Unrecognized registry type: %s", falconContainer.Spec.Registry.Type)
 	}
@@ -198,7 +199,7 @@ func (r *FalconContainerReconciler) setImageTag(ctx context.Context, falconConta
 		return "", err
 	}
 
-	tag, err := registry.LastContainerTag(ctx, falconContainer.Spec.Version)
+	tag, err := registry.LastContainerTag(ctx, common.SensorTypeSidecar, falconContainer.Spec.Version)
 	if err == nil {
 		falconContainer.Status.Sensor = &tag
 	}

diff --git a/internal/controller/image/image_refresher.go b/internal/controller/image/image_refresher.go
@@ -13,6 +13,7 @@ import (
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
 
+	"github.com/crowdstrike/falcon-operator/pkg/common"
 	"github.com/crowdstrike/falcon-operator/pkg/registry/auth"
 	"github.com/crowdstrike/falcon-operator/pkg/registry/falcon_registry"
 	"github.com/crowdstrike/gofalcon/falcon"
@@ -36,8 +37,8 @@ func NewImageRefresher(ctx context.Context, log logr.Logger, falconConfig *falco
 	}
 }
 
-func (r *ImageRefresher) Refresh(imageDestination string, versionRequested *string) (string, error) {
-	falconTag, srcRef, sourceCtx, err := r.source(versionRequested)
+func (r *ImageRefresher) Refresh(imageDestination string, sensorType common.SensorType, versionRequested *string) (string, error) {
+	falconTag, srcRef, sourceCtx, err := r.source(sensorType, versionRequested)
 	if err != nil {
 		return "", err
 	}
@@ -95,13 +96,13 @@ func (r *ImageRefresher) Refresh(imageDestination string, versionRequested *stri
 	return falconTag, wrapWithHint(err)
 }
 
-func (r *ImageRefresher) source(versionRequested *string) (falconTag string, falconImage types.ImageReference, systemContext *types.SystemContext, err error) {
+func (r *ImageRefresher) source(sensorType common.SensorType, versionRequested *string) (falconTag string, falconImage types.ImageReference, systemContext *types.SystemContext, err error) {
 	registry, err := falcon_registry.NewFalconRegistry(r.ctx, r.falconConfig)
 	if err != nil {
 		return
 	}
 
-	return registry.PullInfo(r.ctx, versionRequested)
+	return registry.PullInfo(r.ctx, sensorType, versionRequested)
 }
 
 func (r *ImageRefresher) destinationContext(insecureSkipTLSVerify bool) (*types.SystemContext, error) {

diff --git a/pkg/common/constants.go b/pkg/common/constants.go
@@ -1,5 +1,13 @@
 package common
 
+type SensorType string
+
+const (
+	SensorTypeSidecar SensorType = "falcon-container"
+	SensorTypeKac     SensorType = "falcon-kac"
+	SensorTypeNode    SensorType = "falcon-sensor"
+)
+
 const (
 	FalconContainerInjection               = "sensor.falcon-system.crowdstrike.com/injection"
 	FalconContainerInjectorTLSName         = "injector-tls"

diff --git a/pkg/registry/falcon_registry/container.go b/pkg/registry/falcon_registry/container.go
@@ -2,29 +2,24 @@ package falcon_registry
 
 import (
 	"context"
-	"fmt"
 	"strings"
 
-	"github.com/crowdstrike/gofalcon/falcon"
+	"github.com/crowdstrike/falcon-operator/pkg/common"
 )
 
-func (reg *FalconRegistry) LastContainerTag(ctx context.Context, versionRequested *string) (string, error) {
+func (reg *FalconRegistry) LastContainerTag(ctx context.Context, sensorType common.SensorType, versionRequested *string) (string, error) {
 	systemContext, err := reg.systemContext()
 	if err != nil {
 		return "", err
 	}
 
-	return lastTag(ctx, systemContext, reg.imageUriContainer(), func(tag string) bool {
+	return lastTag(ctx, systemContext, reg.imageUriContainer(sensorType), func(tag string) bool {
 		return (tag[0] >= '0' && tag[0] <= '9' &&
 			strings.Contains(tag, ".container.x86_64") &&
 			(versionRequested == nil || strings.HasPrefix(tag, *versionRequested)))
 	})
 }
 
-func ImageURIContainer(falconCloud falcon.CloudType) string {
-	return fmt.Sprintf("%s/falcon-container/%s/release/falcon-sensor", registryFQDN(falconCloud), registryCloud(falconCloud))
-}
-
-func (fr *FalconRegistry) imageUriContainer() string {
-	return ImageURIContainer(fr.falconCloud)
+func (fr *FalconRegistry) imageUriContainer(sensorType common.SensorType) string {
+	return SensorImageURI(fr.falconCloud, sensorType)
 }
diff --git a/pkg/registry/falcon_registry/registry.go b/pkg/registry/falcon_registry/registry.go
@@ -10,6 +10,7 @@ import (
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/types"
 
+	"github.com/crowdstrike/falcon-operator/pkg/common"
 	"github.com/crowdstrike/falcon-operator/pkg/falcon_api"
 	"github.com/crowdstrike/falcon-operator/pkg/registry/auth"
 	"github.com/crowdstrike/gofalcon/falcon"
@@ -21,6 +22,17 @@ type FalconRegistry struct {
 	falconCID   string
 }
 
+func SensorImageURI(falconCloud falcon.CloudType, sensorType common.SensorType) string {
+	switch sensorType {
+	case "falcon-container":
+		return fmt.Sprintf("%s/falcon-container/%s/release/falcon-sensor", registryFQDN(falconCloud), registryCloud(falconCloud))
+	case "falcon-kac":
+		return fmt.Sprintf("%s/falcon-kac/%s/release/falcon-kac", registryFQDN(falconCloud), registryCloud(falconCloud))
+	default:
+		return fmt.Sprintf("%s/falcon-sensor/%s/release/falcon-sensor", registryFQDN(falconCloud), registryCloud(falconCloud))
+	}
+}
+
 func NewFalconRegistry(ctx context.Context, apiCfg *falcon.ApiConfig) (*FalconRegistry, error) {
 	apiCfg.Context = ctx
 	client, err := falcon.NewClient(apiCfg)
@@ -63,16 +75,16 @@ func (reg *FalconRegistry) Pulltoken() ([]byte, error) {
 	return dockerfile, nil
 }
 
-func (reg *FalconRegistry) PullInfo(ctx context.Context, versionRequested *string) (falconTag string, falconImage types.ImageReference, systemContext *types.SystemContext, err error) {
+func (reg *FalconRegistry) PullInfo(ctx context.Context, sensorType common.SensorType, versionRequested *string) (falconTag string, falconImage types.ImageReference, systemContext *types.SystemContext, err error) {
 	systemContext, err = reg.systemContext()
 	if err != nil {
 		return
 	}
-	falconTag, err = reg.LastContainerTag(ctx, versionRequested)
+	falconTag, err = reg.LastContainerTag(ctx, sensorType, versionRequested)
 	if err != nil {
 		return
 	}
-	falconImage, err = imageReference(reg.imageUriContainer(), falconTag)
+	falconImage, err = imageReference(reg.imageUriContainer(sensorType), falconTag)
 	if err != nil {
 		return
 	}