add KubeArmor as a Partner addon

[Ankurk99]

KubeArmor EKS-A add-on

Add KubeArmor helm chart to Amazon EKS Anywhere (EKS-A) Conformance and Validation Framework.

Repo: KubeArmor

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[elamaran11]

@Ankurk99 Though the installation was successful, the test job failed with YAML errors. Please check the error from Kustomization build below. Please fix the errors, test it and send us an updated PR.

    Message:               kustomize build failed: map[string]interface {}(nil): yaml: unmarshal errors:
  line 21: mapping key "backoffLimit" already defined at line 7

https://github.com/aws-samples/eks-anywhere-addons/blob/main/eks-anywhere-common/Testers/Hashicorp/Vault/kvJob.yaml Check this for a sample.

[Ankurk99]

Hey @elamaran11, thank you for testing the PR. Can you please tell how you tested is so that I can also reproduce this error?

[elamaran11]

@Ankurk99 Please check this readme steps for testing. We used Flux with GitRepository and Kustomization to test it. Also btw i ran you job manually to as i was just curious, it never worked.

[elamaran11]

@Ankurk99 Im getting same error even after your fix. Please fix the job issues and run it in your environment and submit an update for us to review :

  Warning  BuildFailed              111s (x4611 over 16d)  kustomize-controller  kustomize build failed: map[string]interface {}(nil): yaml: unmarshal errors:
  line 21: mapping key "backoffLimit" already defined at line 7

Also please provide the logs from your successful test job run next so we can proceed with our validation after your fixes.

[Ankurk99]

@elamaran11, I have locally tested the changes. Would like to request a review, thanks.

[elamaran11]

@Ankurk99 I was able run your test job in EKS-A Baremetal environment. Though this is not looking like a functional job. All we are doing here is testing if the service endpoint is working fine. Please check this Functional Job Requirements link for complete requirements. Though im good with the job now to proceed with validations with other environments. We recommend to invest to build a better functional job aligning to requirements.

❯ k logs kubearmor-tester-6rssq -n kubearmor                                                 ─╯
1. Checking readiness probe kubectl wait --for=condition=ready --timeout=5m -n kubearmor pod -l kubearmor-app echo 2. Checking audit port kubearmor_audit=...
Connecting
Success

[Ankurk99]

Hey @elamaran11, thanks for sharing the Functional Job requirements, I was not aware about it. The existing test job was based on other partner's example jobs. I will update the PR to include the job satisfying the functional requirements.

[elamaran11]

Thanks @Ankurk99 looking for an updated test job covering functional requirements from you. Though i can conclude for now your current test job works in Baremetal, Local Cluster and vSphere envs.

[Ankurk99]

@elamaran11 Thank you for the confirmation. I kindly ask to proceed with merging this PR, and I will subsequently create a new pull request specifically focused on verifying the Functional job requirements for the test job.

[elamaran11]

@Ankurk99 We can proceed with merge only after we complete the validation in snowball environment. Thanks and please create e PR once you have an updated functional test. We are going to send notifications to rework on function test job based on our latest requirements soon. So sooner the better.

[elamaran11]

Congratulations @Ankurk99 your Addon is approved and merged and also listed in Validated Partners for 4 deployment models.