diff --git a/controllers/k8s_scan/container_image/resources.go b/controllers/k8s_scan/container_image/resources.go index 53dd3d2cb..4751409a1 100644 --- a/controllers/k8s_scan/container_image/resources.go +++ b/controllers/k8s_scan/container_image/resources.go @@ -22,6 +22,7 @@ import ( "go.mondoo.com/mondoo-operator/api/v1alpha2" "go.mondoo.com/mondoo-operator/controllers/scanapi" + "go.mondoo.com/mondoo-operator/pkg/feature_flags" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -97,6 +98,7 @@ func CronJob(image, integrationMrn string, m v1alpha2.MondooAuditConfig) *batchv ReadOnly: true, }, }, + Env: feature_flags.AllFeatureFlagsAsEnv(), }, }, Volumes: []corev1.Volume{ diff --git a/controllers/k8s_scan/resources.go b/controllers/k8s_scan/resources.go index 5698a796a..6fd61d674 100644 --- a/controllers/k8s_scan/resources.go +++ b/controllers/k8s_scan/resources.go @@ -22,6 +22,7 @@ import ( "go.mondoo.com/mondoo-operator/api/v1alpha2" "go.mondoo.com/mondoo-operator/controllers/scanapi" + "go.mondoo.com/mondoo-operator/pkg/feature_flags" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -95,6 +96,7 @@ func CronJob(image, integrationMrn string, m v1alpha2.MondooAuditConfig) *batchv ReadOnly: true, }, }, + Env: feature_flags.AllFeatureFlagsAsEnv(), }, }, Volumes: []corev1.Volume{ diff --git a/pkg/feature_flags/feature_flags.go b/pkg/feature_flags/feature_flags.go new file mode 100644 index 000000000..589d90a2f --- /dev/null +++ b/pkg/feature_flags/feature_flags.go @@ -0,0 +1,50 @@ +package feature_flags + +import ( + "os" + "strings" + + corev1 "k8s.io/api/core/v1" +) + +const FeatureFlagPrefix = "FEATURE_" + +var ( + enablePodDiscovery bool + allFeatureFlags = make(map[string]string) +) + +func init() { + envs := os.Environ() + for _, e := range envs { + // If it has the feature flag prefix, then parse the env var. + if strings.HasPrefix(e, FeatureFlagPrefix) { + val := strings.Split(e, "=") + allFeatureFlags[val[0]] = val[1] + setGlobalFlags(val[0], val[1]) + } + } +} + +func AllFeatureFlags() map[string]string { + return allFeatureFlags +} + +func AllFeatureFlagsAsEnv() []corev1.EnvVar { + var env []corev1.EnvVar + for k, v := range allFeatureFlags { + env = append(env, corev1.EnvVar{Name: k, Value: v}) + } + return env +} + +func GetEnablePodDiscovery() bool { + return enablePodDiscovery +} + +func setGlobalFlags(k, v string) { + switch k { + case "FEATURE_DISCOVER_PODS": + enablePodDiscovery = true + } +} diff --git a/pkg/mondooclient/client.go b/pkg/mondooclient/client.go index c9e8806d0..23bf0b35e 100644 --- a/pkg/mondooclient/client.go +++ b/pkg/mondooclient/client.go @@ -27,6 +27,7 @@ import ( "time" "go.mondoo.com/mondoo-operator/pkg/constants" + "go.mondoo.com/mondoo-operator/pkg/feature_flags" "go.mondoo.com/mondoo-operator/pkg/inventory" ) @@ -270,10 +271,18 @@ func (s *mondooClient) ScanKubernetesResources(ctx context.Context, integrationM scanJob.Inventory.Spec.Assets[0].Labels[constants.MondooAssetsIntegrationLabel] = integrationMrn } - if scanContainerImages { - scanJob.Inventory.Spec.Assets[0].Connections[0].Discover.Targets = []string{"container-images"} + if scanContainerImages || feature_flags.GetEnablePodDiscovery() { scanJob.Inventory.Spec.Assets[0].Connections[0].Options = make(map[string]string) scanJob.Inventory.Spec.Assets[0].Connections[0].Options["all-namespaces"] = "true" + + } + + if scanContainerImages { + scanJob.Inventory.Spec.Assets[0].Connections[0].Discover.Targets = append(scanJob.Inventory.Spec.Assets[0].Connections[0].Discover.Targets, "container-images") + } + + if feature_flags.GetEnablePodDiscovery() { + scanJob.Inventory.Spec.Assets[0].Connections[0].Discover.Targets = append(scanJob.Inventory.Spec.Assets[0].Connections[0].Discover.Targets, "pods") } reqBodyBytes, err := json.Marshal(scanJob)