Skip to content

Commit

Permalink
cleanup(nodesensor): remove legacy initContainer code
Browse files Browse the repository at this point in the history
  • Loading branch information
@redhatrises
redhatrises committed Mar 14, 2024
1 parent 55c87a4 commit c57513e
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 157 deletions.
90 changes: 9 additions & 81 deletions internal/controller/assets/daemonset.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,40 +163,9 @@ func dsResources(node *falconv1alpha1.FalconNodeSensor) corev1.ResourceRequireme
return corev1.ResourceRequirements{}
}

// initArgs - remove this function when 6.53 is no longer supported. 6.53+ will use InitContainerArgs()
func initArgs(node *falconv1alpha1.FalconNodeSensor) []string {
if node.Spec.Node.GKE.Enabled != nil && *node.Spec.Node.GKE.Enabled {
return common.InitContainerArgs()
}
return common.LegacyInitContainerArgs()
}

// cleanupArgs - remove this function when 6.53 is no longer supported. 6.53+ will use InitCleanupArgs()
func cleanupArgs(node *falconv1alpha1.FalconNodeSensor) []string {
if node.Spec.Node.GKE.Enabled != nil && *node.Spec.Node.GKE.Enabled {
return common.InitCleanupArgs()
}
return common.LegacyInitCleanupArgs()
}

// volumes - remove this function when 6.53 is no longer supported. 6.53+ will only use falconstore
func volumes(node *falconv1alpha1.FalconNodeSensor) []corev1.Volume {
// volumes returns the volumes for the daemonset
func volumes() []corev1.Volume {
pathTypeUnset := corev1.HostPathUnset
pathDirCreate := corev1.HostPathDirectoryOrCreate

if node.Spec.Node.GKE.Enabled != nil && *node.Spec.Node.GKE.Enabled {
return []corev1.Volume{
{
Name: "falconstore",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: common.FalconStoreFile,
Type: &pathTypeUnset,
},
},
},
}
}

return []corev1.Volume{
{
Expand All @@ -208,44 +177,6 @@ func volumes(node *falconv1alpha1.FalconNodeSensor) []corev1.Volume {
},
},
},
{
Name: "falconstore-hostdir",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: common.FalconHostInstallDir,
Type: &pathDirCreate,
},
},
},
}
}

func volumeMounts(node *falconv1alpha1.FalconNodeSensor, name string) []corev1.VolumeMount {
if node.Spec.Node.GKE.Enabled != nil && *node.Spec.Node.GKE.Enabled {
return []corev1.VolumeMount{}
}

return []corev1.VolumeMount{
{
Name: name,
MountPath: common.FalconInitHostInstallDir,
},
}
}

func volumesCleanup(node *falconv1alpha1.FalconNodeSensor) []corev1.Volume {
if node.Spec.Node.GKE.Enabled != nil && *node.Spec.Node.GKE.Enabled {
return []corev1.Volume{}
}
return []corev1.Volume{
{
Name: "opt-crowdstrike",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: common.FalconHostInstallDir,
},
},
},
}

}
Expand Down Expand Up @@ -290,12 +221,11 @@ func Daemonset(dsName, image, serviceAccount string, node *falconv1alpha1.Falcon
ImagePullSecrets: pullSecrets(node),
InitContainers: []corev1.Container{
{
Name: "init-falconstore",
Image: image,
Command: common.FalconShellCommand,
Args: initArgs(node),
VolumeMounts: volumeMounts(node, "falconstore-hostdir"),
Resources: initContainerResources(node),
Name: "init-falconstore",
Image: image,
Command: common.FalconShellCommand,
Args: common.InitContainerArgs(),
Resources: initContainerResources(node),
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
Expand Down Expand Up @@ -336,7 +266,7 @@ func Daemonset(dsName, image, serviceAccount string, node *falconv1alpha1.Falcon
Resources: dsResources(node),
},
},
Volumes: volumes(node),
Volumes: volumes(),
PriorityClassName: node.Spec.Node.PriorityClass.Name,
},
},
Expand Down Expand Up @@ -383,7 +313,7 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1
Name: "cleanup-opt-crowdstrike",
Image: image,
Command: common.FalconShellCommand,
Args: cleanupArgs(node),
Args: common.InitCleanupArgs(),
Resources: initContainerResources(node),
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
Expand All @@ -392,7 +322,6 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1
AllowPrivilegeEscalation: &escalation,
Capabilities: sensorCapabilities(node, true),
},
VolumeMounts: volumeMounts(node, "opt-crowdstrike"),
},
},
ServiceAccountName: serviceAccount,
Expand All @@ -410,7 +339,6 @@ func RemoveNodeDirDaemonset(dsName, image, serviceAccount string, node *falconv1
},
},
},
Volumes: volumesCleanup(node),
},
},
},
Expand Down
36 changes: 2 additions & 34 deletions internal/controller/assets/daemonset_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,6 @@ func TestDaemonset(t *testing.T) {
hostipc := true
runAsRoot := int64(0)
pathTypeUnset := corev1.HostPathUnset
pathDirCreate := corev1.HostPathDirectoryOrCreate

want := &appsv1.DaemonSet{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -231,20 +230,14 @@ func TestDaemonset(t *testing.T) {
Name: "init-falconstore",
Image: image,
Command: common.FalconShellCommand,
Args: initArgs(&falconNode),
Args: common.InitContainerArgs(),
Resources: initContainerResources(&falconNode),
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
ReadOnlyRootFilesystem: &readOnlyFSEnabled,
AllowPrivilegeEscalation: &escalation,
},
VolumeMounts: []corev1.VolumeMount{
{
Name: "falconstore-hostdir",
MountPath: common.FalconInitHostInstallDir,
},
},
},
},
ServiceAccountName: common.NodeServiceAccountName,
Expand Down Expand Up @@ -287,15 +280,6 @@ func TestDaemonset(t *testing.T) {
},
},
},
{
Name: "falconstore-hostdir",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: common.FalconHostInstallDir,
Type: &pathDirCreate,
},
},
},
},
},
},
Expand Down Expand Up @@ -351,20 +335,14 @@ func TestRemoveNodeDirDaemonset(t *testing.T) {
Name: "cleanup-opt-crowdstrike",
Image: image,
Command: common.FalconShellCommand,
Args: cleanupArgs(&falconNode),
Args: common.InitCleanupArgs(),
Resources: initContainerResources(&falconNode),
SecurityContext: &corev1.SecurityContext{
Privileged: &privileged,
RunAsUser: &runAsRoot,
ReadOnlyRootFilesystem: &readOnlyFs,
AllowPrivilegeEscalation: &escalation,
},
VolumeMounts: []corev1.VolumeMount{
{
Name: "opt-crowdstrike",
MountPath: common.FalconInitHostInstallDir,
},
},
},
},
ServiceAccountName: common.NodeServiceAccountName,
Expand All @@ -382,16 +360,6 @@ func TestRemoveNodeDirDaemonset(t *testing.T) {
},
},
},
Volumes: []corev1.Volume{
{
Name: "opt-crowdstrike",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: common.FalconHostInstallDir,
},
},
},
},
},
},
},
Expand Down
14 changes: 0 additions & 14 deletions pkg/common/common_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,20 +31,6 @@ func TestInitCleanupArgs(t *testing.T) {
}
}

func TestLegacyInitContainerArgs(t *testing.T) {
want := []string{"-c", `if [ -x "/opt/CrowdStrike/falcon-daemonset-init -i" ]; then echo "Executing falcon-daemonset-init -i"; falcon-daemonset-init -i ; else if [ -d "/host_opt/CrowdStrike/falconstore" ]; then echo "Re-creating /opt/CrowdStrike/falconstore as it is a directory instead of a file"; rm -rf /host_opt/CrowdStrike/falconstore; fi; mkdir -p /host_opt/CrowdStrike/ && touch /host_opt/CrowdStrike/falconstore; fi`}
if got := LegacyInitContainerArgs(); !reflect.DeepEqual(got, want) {
t.Errorf("LegacyInitContainerArgs() = %v, want %v", got, want)
}
}

func TestLegacyInitCleanupArgs(t *testing.T) {
want := []string{"-c", `if [ -x "/opt/CrowdStrike/falcon-daemonset-init -u" ]; then echo "Running falcon-daemonset-init -u"; falcon-daemonset-init -u; else echo "Manually removing /host_opt/CrowdStrike/"; rm -rf /host_opt/CrowdStrike/; fi`}
if got := LegacyInitCleanupArgs(); !reflect.DeepEqual(got, want) {
t.Errorf("LegacyInitCleanupArgs() = %v, want %v", got, want)
}
}

func TestCleanupSleep(t *testing.T) {
want := []string{"-c", "sleep 10"}
if got := CleanupSleep(); !reflect.DeepEqual(got, want) {
Expand Down
2 changes: 0 additions & 2 deletions pkg/common/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ const (
FalconStoreFile = "/opt/CrowdStrike/falconstore"
FalconInitStoreFile = "/host_opt/CrowdStrike/falconstore"
FalconDaemonsetInitBinary = "/opt/CrowdStrike/falcon-daemonset-init -i"
FalconDaemonsetInitBinaryInvocation = "falcon-daemonset-init -i"
FalconDaemonsetCleanupBinaryInvocation = "falcon-daemonset-init -u"
FalconDaemonsetCleanupBinary = "/opt/CrowdStrike/falcon-daemonset-init -u"
FalconContainerProbePath = "/live"
FalconAdmissionClientStartupProbePath = "/startz"
Expand Down
26 changes: 0 additions & 26 deletions pkg/common/funcs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,32 +29,6 @@ func InitCleanupArgs() []string {
}
}

func LegacyInitContainerArgs() []string {
return []string{
"-c",
// Versions of falcon-sensor 6.53+ will contain an init binary that we invoke
`if [ -x "` + FalconDaemonsetInitBinary + `" ]; then ` +
`echo "Executing ` + FalconDaemonsetInitBinaryInvocation + `"; ` + FalconDaemonsetInitBinaryInvocation + ` ; else ` +
`if [ -d "` + FalconInitStoreFile + `" ]; then echo "Re-creating ` + FalconStoreFile + ` as it is a directory instead of a file"; rm -rf ` + FalconInitStoreFile + `; fi; ` +
`mkdir -p ` + FalconInitDataDir +
` && ` +
`touch ` + FalconInitStoreFile +
`; fi`,
}
}

func LegacyInitCleanupArgs() []string {
return []string{
"-c",
// Versions of falcon-sensor 6.53+ will contain an init binary that we invoke with a cleanup argument
`if [ -x "` + FalconDaemonsetCleanupBinary + `" ]; then ` +
`echo "Running ` + FalconDaemonsetCleanupBinaryInvocation + `"; ` + FalconDaemonsetCleanupBinaryInvocation + `; else ` +
`echo "Manually removing ` + FalconInitDataDir + `"; ` +
`rm -rf ` + FalconInitDataDir +
`; fi`,
}
}

func CleanupSleep() []string {
return []string{
"-c",
Expand Down

0 comments on commit c57513e

Please sign in to comment.