changing the logic

Signed-off-by: Prateek <[email protected]>
kubearmor · Jul 22, 2024 · 61a9d55 · 61a9d55
1 parent c003df0
commit 61a9d55
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 22 deletions.
diff --git a/cmd/uninstall.go b/cmd/uninstall.go
@@ -29,6 +29,6 @@ func init() {
 	rootCmd.AddCommand(uninstallCmd)
 
 	uninstallCmd.Flags().StringVarP(&uninstallOptions.Namespace, "namespace", "n", "", "If no namespace is specified, it defaults to all namespaces and deletes all KubeArmor objects across them.")
-	uninstallCmd.Flags().BoolVar(&uninstallOptions.PreservePolicies, "preserve-policies", false, "Store the applied security policies")
+	uninstallCmd.Flags().BoolVar(&uninstallOptions.Force, "force", false, "Force remove KubeArmor annotations from deployments. (Deployments might be restarted)")
 	uninstallCmd.Flags().BoolVar(&uninstallOptions.Verify, "verify", true, "Verify whether all KubeArmor resources are cleaned up or not")
 }
diff --git a/install/install.go b/install/install.go
@@ -57,7 +57,7 @@ type Options struct {
 	Audit                  string
 	Block                  string
 	Visibility             string
-	PreservePolicies       bool
+	Force                  bool
 	Local                  bool
 	Save                   bool
 	Verify                 bool
@@ -1244,6 +1244,29 @@ func removeAnnotations(c *k8s.Client) {
 			fmt.Printf("Error removing annotations from cronjob %s in namespace %s: %v\n", cronJob.Name, cronJob.Namespace, err)
 		}
 	}
+
+	// restaring pods whose owner's are not annotated
+	pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{})
+	if err != nil {
+		fmt.Printf("Error listing pods: %v\n", err)
+	}
+	for _, pod := range pods.Items {
+		pod := pod // this is added to handle "Implicit Memory Aliasing..."
+		if _, exists := pod.ObjectMeta.Labels["kubearmor-app"]; exists {
+			continue
+		}
+		for k, v := range pod.ObjectMeta.Annotations {
+			if strings.Contains(k, "kubearmor") || strings.Contains(v, "kubearmor") {
+				fmt.Printf("Removing kubearmor annotations from pod=%s namespace=%s\n", pod.Name, pod.Namespace)
+				err := c.K8sClientset.CoreV1().Pods(pod.Namespace).Delete(context.Background(), pod.Name, metav1.DeleteOptions{})
+				if err != nil {
+					fmt.Printf("Error deleting pod: %v\n", err)
+				}
+				break
+			}
+		}
+	}
+
 }
 
 func K8sLegacyUninstaller(c *k8s.Client, o Options) error {
@@ -1559,7 +1582,28 @@ func K8sLegacyUninstaller(c *k8s.Client, o Options) error {
 		}
 	}
 
-	if !o.PreservePolicies {
+	if !o.Force {
+		fmt.Println("ℹ️   Please use karmor uninstall --force in order to clean up kubearmor completely including it's annotations and CRDs")
+		fmt.Println("ℹ️   Following pods will get restarted with karmor uninstall --force (pod-name | namespace) : ")
+		pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{})
+		if err != nil {
+			fmt.Printf("Error listing pods: %v\n", err)
+		}
+		cnt := 0
+		for _, pod := range pods.Items {
+			pod := pod // this is added to handle "Implicit Memory Aliasing..."
+			if _, exists := pod.ObjectMeta.Labels["kubearmor-app"]; exists {
+				continue
+			}
+			for k, v := range pod.ObjectMeta.Annotations {
+				if strings.Contains(k, "kubearmor") || strings.Contains(v, "kubearmor") {
+					cnt++
+					fmt.Printf("      %v. %v | %v\n", cnt, pod.Name, pod.Namespace)
+					break
+				}
+			}
+		}
+	} else {
 		fmt.Printf("CRD %s\n", kspName)
 		if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kspName, metav1.DeleteOptions{}); err != nil {
 			if !strings.Contains(err.Error(), "not found") {
@@ -1575,9 +1619,9 @@ func K8sLegacyUninstaller(c *k8s.Client, o Options) error {
 			}
 			fmt.Printf("CRD %s not found\n", hspName)
 		}
-	}
 
-	removeAnnotations(c)
+		removeAnnotations(c)
+	}
 
 	if verify {
 		checkTerminatingPods(c, o.Namespace)
@@ -1613,40 +1657,62 @@ func K8sUninstaller(c *k8s.Client, o Options) error {
 		return err
 	}
 
-	operatorClientSet, err := operatorClient.NewForConfig(c.Config)
-	if err != nil {
-		return fmt.Errorf("failed to create operator clientset: %w", err)
-	}
+	if !o.Force {
+		fmt.Println("ℹ️   Resources not managed by helm/Global Resources are not cleaned up. Please use karmor uninstall --force if you want complete cleanup.")
 
-	fmt.Printf("❌  Removing CR kubearmorconfig-default\n")
-	if err := operatorClientSet.OperatorV1().KubeArmorConfigs(ns).Delete(context.Background(), "kubearmorconfig-default", metav1.DeleteOptions{}); apierrors.IsNotFound(err) {
-		fmt.Printf("CR %s not found\n", kocName)
-	}
+		fmt.Println("ℹ️   Following pods will get restarted with karmor uninstall --force (pod-name | namespace) : ")
+		pods, err := c.K8sClientset.CoreV1().Pods("").List(context.Background(), metav1.ListOptions{})
+		if err != nil {
+			fmt.Printf("Error listing pods: %v\n", err)
+		}
+		cnt := 0
+		for _, pod := range pods.Items {
+			pod := pod // this is added to handle "Implicit Memory Aliasing..."
+			if _, exists := pod.ObjectMeta.Labels["kubearmor-app"]; exists {
+				continue
+			}
+			for k, v := range pod.ObjectMeta.Annotations {
+				if strings.Contains(k, "kubearmor") || strings.Contains(v, "kubearmor") {
+					cnt++
+					fmt.Printf("      %v. %v | %v\n", cnt, pod.Name, pod.Namespace)
+					break
+				}
+			}
+		}
+	} else {
+		operatorClientSet, err := operatorClient.NewForConfig(c.Config)
+		if err != nil {
+			return fmt.Errorf("failed to create operator clientset: %w", err)
+		}
 
-	fmt.Printf("❌  Removing CRD %s\n", kocName)
-	if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kocName, metav1.DeleteOptions{}); apierrors.IsNotFound(err) {
-		fmt.Printf("CRD %s not found\n", kocName)
-	}
+		fmt.Printf("❌  Removing CR kubearmorconfig-default\n")
+		if err := operatorClientSet.OperatorV1().KubeArmorConfigs(ns).Delete(context.Background(), "kubearmorconfig-default", metav1.DeleteOptions{}); apierrors.IsNotFound(err) {
+			fmt.Printf("CR %s not found\n", kocName)
+		}
 
-	if !o.PreservePolicies {
-		fmt.Printf("CRD %s\n", kspName)
+		fmt.Printf("❌  Removing CRD %s\n", kocName)
+		if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kocName, metav1.DeleteOptions{}); apierrors.IsNotFound(err) {
+			fmt.Printf("CRD %s not found\n", kocName)
+		}
+
+		fmt.Printf("❌  Removing CRD %s\n", kspName)
 		if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), kspName, metav1.DeleteOptions{}); err != nil {
 			if !strings.Contains(err.Error(), "not found") {
 				return err
 			}
 			fmt.Printf("CRD %s not found\n", kspName)
 		}
 
-		fmt.Printf("CRD %s\n", hspName)
+		fmt.Printf("❌  Removing CRD %s\n", hspName)
 		if err := c.APIextClientset.ApiextensionsV1().CustomResourceDefinitions().Delete(context.Background(), hspName, metav1.DeleteOptions{}); err != nil {
 			if !strings.Contains(err.Error(), "not found") {
 				return err
 			}
 			fmt.Printf("CRD %s not found\n", hspName)
 		}
-	}
 
-	removeAnnotations(c)
+		removeAnnotations(c)
+	}
 
 	fmt.Println("❌  KubeArmor resources removed")