Merge pull request #625 from gpontejos/falcondeployment-crd

New: Add FalconDeployment CR

Makefile

@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.3.0
+VERSION ?= 1.4.0
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")

PROJECT

@@ -47,4 +47,13 @@ resources:
   kind: FalconImageAnalyzer
   path: github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: crowdstrike.com
+  group: falcon
+  kind: FalconDeployment
+  path: github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1
+  version: v1alpha1
 version: "3"

README.md

@@ -23,11 +23,12 @@ The CrowdStrike Falcon Operator deploys CrowdStrike Falcon to the cluster. The o
 | [FalconImageAnalyzer](https://github.com/CrowdStrike/falcon-operator/tree/main/docs/resources/imageanalyzer/README.md) | Manages installation of Falcon Image Assessment at Runtime on the cluster |
 | [FalconContainer](https://github.com/CrowdStrike/falcon-operator/tree/main/docs/resources/container/README.md) | Manages installation of Falcon Container Sensor on the cluster   |
 | [FalconNodeSensor](https://github.com/CrowdStrike/falcon-operator/tree/main/docs/resources/node/README.md)     | Manages installation of Falcon Linux Sensor on the cluster nodes |
+| [FalconDeployment](https://github.com/CrowdStrike/falcon-operator/tree/main/docs/resources/falcondeployment/README.md)       | Deploys FalconAdmission, FalconImageAnalyzer, FalconContainer, and FalconNodeSensor CRs from a single manifest |
 
 
 ## Installation and Deployment
 
-For installation and deployment of the CrowdStrike Falcon Operator and its Custom Resources, please read the [Installation and Deployment Guide](https://github.com/CrowdStrike/falcon-operator/blob/main/docs/install_guide.md) and choose the deployment method that is right for your target environment.
+For installation and deployment of the CrowdStrike Falcon Operator and its Custom Resources, please read the [Installation and Deployment Guide](docs/install_guide.md) and choose the deployment method that is right for your target environment.
 
 ## Getting Help
 If you encounter any issues while using the Falcon Operator, you can create an issue on our [Github repo](https://github.com/CrowdStrike/falcon-operator) for bugs, enhancements, or other requests.

api/falcon/v1alpha1/falcondeployment_types.go

@@ -0,0 +1,111 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// FalconDeploymentSpec defines the desired state of FalconDeployment
+// +k8s:openapi-gen=true
+type FalconDeploymentSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// FalconAPI configures connection from your local Falcon operator to CrowdStrike Falcon platform.
+	//
+	// When configured, it will pull the sensor from registry.crowdstrike.com and deploy the appropriate sensor to the cluster.
+	//
+	// If using the API is not desired, the sensor can be manually configured.
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Platform API Configuration",order=2
+	FalconAPI *FalconAPI `json:"falcon_api"`
+
+	// Registry configures container image registry to which registry image will be pushed.
+	// +kubebuilder:default:={"type": "crowdstrike"}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Registry Configuration for FalconAdmission, FalconImageanalyzer, and FalconContainer",order=3
+	Registry RegistrySpec `json:"registry,omitempty"`
+
+	// Determines if Falcon Admission Controller is deployed
+	// +kubebuilder:default:=true
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Falcon Admission Controller",order=4
+	DeployAdmissionController *bool `json:"deployAdmissionController,omitempty"`
+
+	// Determines if Falcon Node Sensor is deployed
+	// +kubebuilder:default:=true
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Falcon Node Sensor",order=5
+	DeployNodeSensor *bool `json:"deployNodeSensor,omitempty"`
+
+	// Determines if Falcon Node Sensor is deployed
+	// +kubebuilder:default:=true
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Falcon Image Analyzer",order=6
+	DeployImageAnalyzer *bool `json:"deployImageAnalyzer,omitempty"`
+
+	// Determines if Falcon Container Sensor is deployed
+	// +kubebuilder:default:=false
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Deploy Falcon Container Sensor",order=7
+	DeployContainerSensor *bool `json:"deployContainerSensor,omitempty"`
+
+	// Falcon Admission Controller Configuration
+	// +kubebuilder:default:={}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Admission Controller Configuration",order=8
+	FalconAdmission FalconAdmissionSpec `json:"falconAdmission,omitempty"`
+
+	// Falcon Admission Controller Configuration
+	// +kubebuilder:default:={}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Node Sensor Configuration",order=9
+	FalconNodeSensor FalconNodeSensorSpec `json:"falconNodeSensor,omitempty"`
+
+	// Falcon Image Analyzer Configuration
+	// +kubebuilder:default:={}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Image Analyzer Configuration",order=10
+	FalconImageAnalyzer FalconImageAnalyzerSpec `json:"falconImageAnalyzer,omitempty"`
+
+	// Falcon Container Sensor Configuration
+	// +kubebuilder:default:={}
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Falcon Container Sensor Configuration",order=11
+	FalconContainerSensor FalconContainerSpec `json:"falconContainerSensor,omitempty"`
+}
+
+// FalconDeploymentStatus defines the observed state of FalconDeployment
+type FalconDeploymentStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Version of the CrowdStrike Falcon Sensor
+	Sensor *string `json:"sensor,omitempty"`
+
+	// Version of the CrowdStrike Falcon Operator
+	Version string `json:"version,omitempty"`
+
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:scope=Cluster
+//+kubebuilder:printcolumn:name="Operator Version",type="string",JSONPath=".status.version",description="Version of the Operator"
+//+kubebuilder:printcolumn:name="Falcon Sensor",type="string",JSONPath=".status.sensor",description="Version of the Falcon Container"
+
+// FalconDeployment is the Schema for the falcondeployments API
+type FalconDeployment struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   FalconDeploymentSpec   `json:"spec,omitempty"`
+	Status FalconDeploymentStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// FalconDeploymentList contains a list of FalconDeployment
+type FalconDeploymentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []FalconDeployment `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&FalconDeployment{}, &FalconDeploymentList{})
+}

api/falcon/v1alpha1/zz_generated.deepcopy.go

@@ -829,6 +829,137 @@ func (in *FalconContainerStatus) DeepCopy() *FalconContainerStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconDeployment) DeepCopyInto(out *FalconDeployment) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconDeployment.
+func (in *FalconDeployment) DeepCopy() *FalconDeployment {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconDeployment)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FalconDeployment) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconDeploymentList) DeepCopyInto(out *FalconDeploymentList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]FalconDeployment, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconDeploymentList.
+func (in *FalconDeploymentList) DeepCopy() *FalconDeploymentList {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconDeploymentList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FalconDeploymentList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconDeploymentSpec) DeepCopyInto(out *FalconDeploymentSpec) {
+	*out = *in
+	if in.FalconAPI != nil {
+		in, out := &in.FalconAPI, &out.FalconAPI
+		*out = new(FalconAPI)
+		(*in).DeepCopyInto(*out)
+	}
+	in.Registry.DeepCopyInto(&out.Registry)
+	if in.DeployAdmissionController != nil {
+		in, out := &in.DeployAdmissionController, &out.DeployAdmissionController
+		*out = new(bool)
+		**out = **in
+	}
+	if in.DeployNodeSensor != nil {
+		in, out := &in.DeployNodeSensor, &out.DeployNodeSensor
+		*out = new(bool)
+		**out = **in
+	}
+	if in.DeployImageAnalyzer != nil {
+		in, out := &in.DeployImageAnalyzer, &out.DeployImageAnalyzer
+		*out = new(bool)
+		**out = **in
+	}
+	if in.DeployContainerSensor != nil {
+		in, out := &in.DeployContainerSensor, &out.DeployContainerSensor
+		*out = new(bool)
+		**out = **in
+	}
+	in.FalconAdmission.DeepCopyInto(&out.FalconAdmission)
+	in.FalconNodeSensor.DeepCopyInto(&out.FalconNodeSensor)
+	in.FalconImageAnalyzer.DeepCopyInto(&out.FalconImageAnalyzer)
+	in.FalconContainerSensor.DeepCopyInto(&out.FalconContainerSensor)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconDeploymentSpec.
+func (in *FalconDeploymentSpec) DeepCopy() *FalconDeploymentSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconDeploymentSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconDeploymentStatus) DeepCopyInto(out *FalconDeploymentStatus) {
+	*out = *in
+	if in.Sensor != nil {
+		in, out := &in.Sensor, &out.Sensor
+		*out = new(string)
+		**out = **in
+	}
+	if in.Conditions != nil {
+		in, out := &in.Conditions, &out.Conditions
+		*out = make([]v1.Condition, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconDeploymentStatus.
+func (in *FalconDeploymentStatus) DeepCopy() *FalconDeploymentStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconDeploymentStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FalconImageAnalyzer) DeepCopyInto(out *FalconImageAnalyzer) {
 	*out = *in

bundle/manifests/falcon-operator-falcon-FalconDeployment-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,27 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: falcon-operator
+  name: falcon-operator-falcon-FalconDeployment-editor-role
+rules:
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falcondeployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falcondeployments/status
+  verbs:
+  - get

bundle/manifests/falcon-operator-falcon-FalconDeployment-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: falcon-operator
+  name: falcon-operator-falcon-FalconDeployment-viewer-role
+rules:
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falcondeployments
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falcondeployments/status
+  verbs:
+  - get

bundle/manifests/falcon-operator-node-sensor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -20,3 +20,21 @@ rules:
   - securitycontextconstraints
   verbs:
   - use
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - cronjobs
+  - daemonsets
+  - deployments
+  - ingresses
+  - jobs
+  - nodes
+  - persistentvolumes
+  - pods
+  - replicasets
+  - services
+  verbs:
+  - get
+  - list
+  - watch