Release 0.2

.github/workflows/docker-build-push.yaml

@@ -10,7 +10,7 @@ env:
   TASK_VERSION: '3.38.0'
   REGISTRY: ghcr.io
   REPO: runtime-radar
-  GO_VERSION: '1.25'
+  GO_VERSION: '1.26'
 
 jobs:
   build-and-push:

.github/workflows/golangci-lint.yaml

@@ -16,7 +16,7 @@ on:
       - '.golangci.yml'
 
 env:
-  GO_VERSION: '1.25'
+  GO_VERSION: '1.26'
   TASK_VERSION: '3.38.0'
 
 jobs:

.github/workflows/test-lib.yaml

@@ -11,7 +11,7 @@ on:
       - main
 
 env:
-  GO_VERSION: '1.25'
+  GO_VERSION: '1.26'
   TASK_VERSION: '3.38.0'
 
 jobs:

.gitignore

@@ -1,9 +1,16 @@
+**/build
 **/bin
 **/charts/*.tgz
 **/charts/.*
 **/Chart.lock
+uv.lock
+**/.task/
 # macOS artifacts
 .DS_Store
 oss-values.yaml
 kubeconfig.yaml
 /values.yaml
+.task/
+.build
+.helmpreview
+.ignore

README.md

@@ -52,8 +52,8 @@ Join the Runtime Radar community channels:
 ### v0.2.0
 
 - [x] 🟢 Optimization of threat detection logic (PR #13).
-- [ ] 🟢 Support for an expert mode that enables the addition of custom sources (`TracingPolicy`) and the modification/deletion of existing ones.
-- [ ] 🟢 Metrics and dashboards enhancing observability.
+- [x] 🟢 Support for an expert mode that enables the addition of custom sources (`TracingPolicy`) and the modification/deletion of existing ones.
+- [x] 🟢 Metrics and dashboards enhancing observability.
 
 ### v0.3.0
 

Taskfile.yml

@@ -11,33 +11,43 @@ includes:
   radar-ui:
     taskfile: ./radar-ui/Taskfile.yml
     dir: ./radar-ui
+    optional: true
   reverse-proxy:
     taskfile: ./reverse-proxy/Taskfile.yml
     dir: ./reverse-proxy
+    optional: true
   cluster-manager:
     taskfile: ./cluster-manager/Taskfile.yml
     dir: ./cluster-manager
+    optional: true
   history-api:
     taskfile: ./history-api/Taskfile.yml
     dir: ./history-api
+    optional: true
   policy-enforcer:
     taskfile: ./policy-enforcer/Taskfile.yml
     dir: ./policy-enforcer
+    optional: true
   notifier:
     taskfile: ./notifier/Taskfile.yml
     dir: ./notifier
+    optional: true
   event-processor:
     taskfile: ./event-processor/Taskfile.yml
     dir: ./event-processor
+    optional: true
   runtime-monitor:
     taskfile: ./runtime-monitor/Taskfile.yml
     dir: ./runtime-monitor
+    optional: true
   auth-center:
     taskfile: ./auth-center/Taskfile.yml
     dir: ./auth-center
+    optional: true
   public-api:
     taskfile: ./public-api/Taskfile.yml
     dir: ./public-api
+    optional: true
   cs-manager:
     taskfile: ./cs-manager/Taskfile.yml
     dir: ./cs-manager

auth-center/.dockerignore

@@ -31,6 +31,7 @@ docker-compose*.yml
 .dockerignore
 /.helm
 /.task
+.build
 
 # Misc
 .env*

auth-center/.helm/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: auth-center
 description: A Helm chart for Kubernetes
 type: application
-version: v0.0.1
+version: 0.0.1
 dependencies:
   - name: common
     repository: file://../../install/helm/charts/common
-    version: 0.x.x
+    version: 0.x.x

auth-center/.helm/templates/app.yaml

@@ -2,5 +2,10 @@
 {{- if ne (include "common.cs.isChildCluster" .) "true" }}
 {{ include "common.cs.deployment" . }}
 ---
-{{ include "common.cs.service" . }}
-{{- end }}
+{{- end }}
+{{- $isChild := eq (include "common.cs.isChildCluster" .) "true" }}
+{{- $ctx := . }}
+{{- if $isChild }}
+{{- $ctx = dict "Chart" .Chart "Release" .Release "Values" (.Values | merge (dict "selectorLabels"  (dict "app.kubernetes.io/name" "reverse-proxy"))) }}
+{{- end }}
+{{ include "common.cs.service" $ctx }}

auth-center/.helm/values.yaml

@@ -13,32 +13,19 @@ service:
     http: 9000
     grpc: 8000
 administrator:
-  username: ""
-  password: ""
+  existingSecret: cs-account
 containerSecurityContext:
-  enabled: true
   seLinuxOptions: {}
   privileged: false
   allowPrivilegeEscalation: false
   readOnlyRootFilesystem: true
   seccompProfile:
     type: "RuntimeDefault"
 podSecurityContext:
-  enabled: true
   fsGroupChangePolicy: Always
   sysctls: []
   supplementalGroups: []
 env:
-  - name: ADMINISTRATOR_USERNAME
-    valueFrom:
-      secretKeyRef:
-        name: auth-center-account
-        key: username
-  - name: ADMINISTRATOR_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: auth-center-account
-        key: password
 postgresql:
   enabled: true
 serviceAccount:
@@ -58,7 +45,6 @@ resources:
     memory: 128Mi
     ephemeral-storage: 1Mi
 livenessProbe:
-  enabled: true
   httpGet:
     path: /live
     scheme: HTTP
@@ -67,7 +53,6 @@ livenessProbe:
   successThreshold: 1
   failureThreshold: 2
 readinessProbe:
-  enabled: true
   httpGet:
     path: /ready
     scheme: HTTP
@@ -76,7 +61,6 @@ readinessProbe:
   successThreshold: 1
   failureThreshold: 3
 startupProbe:
-  enabled: true
   httpGet:
     path: /ready
     scheme: HTTP

auth-center/Dockerfile

@@ -1,8 +1,10 @@
-FROM golang:1.25.0 AS tools
+ARG GO_VERSION=1.26.0
+
+FROM golang:${GO_VERSION} AS tools
 
 RUN CGO_ENABLED=0 GOBIN=/usr/bin go install github.com/go-task/task/v3/cmd/task@v3.38.0
 
-FROM golang:1.25.0 AS builder
+FROM golang:${GO_VERSION} AS builder
 
 ARG BUILD_RELEASE
 ARG BUILD_BRANCH
@@ -11,17 +13,17 @@ ARG BUILD_COMMIT
 WORKDIR /go/src/repo
 COPY go.mod go.sum ./
 COPY vendor/ vendor/
-COPY pkg/tools/tools.go pkg/tools/
-
 ENV GOCACHE=/root/.cache/go-build
+
 RUN --mount=type=cache,target="/root/.cache/go-build" \
     mkdir -p bin && \
     GOBIN=/go/src/repo/bin go install github.com/google/gops
 
 COPY --from=tools /usr/bin/task /usr/bin
-COPY . /go/src/repo
+COPY auth-center/ auth-center/
+COPY lib/ lib/
 
-RUN task build
+RUN --mount=type=cache,target="/root/.cache/go-build" task -d auth-center build
 
 FROM debian:12.0-slim AS runner
 
@@ -31,9 +33,9 @@ LABEL org.opencontainers.image.licenses="Apache-2.0"
 
 ARG APP_NAME=auth-center
 
-COPY --from=builder /go/src/repo/cmd/${APP_NAME}/${APP_NAME} /app
-COPY --from=builder /go/src/repo/cmd/${APP_NAME}/*.pem /
-COPY --from=builder /go/src/repo/*.txt /
+COPY --from=builder /go/src/repo/${APP_NAME}/cmd/${APP_NAME}/${APP_NAME} /app
+COPY --from=builder /go/src/repo/${APP_NAME}/cmd/${APP_NAME}/*.pem /
+COPY --from=builder /go/src/repo/${APP_NAME}/*.txt /
 COPY --from=builder /go/src/repo/bin/gops /usr/bin/gops
 
 EXPOSE 8000 9000

auth-center/Taskfile.yml

@@ -12,27 +12,25 @@ env:
 tasks:
   proto:
     deps: [protoc-plugins]
-    vars:
-      PROTO_DIR: api
     cmds:
       - |
         PATH="{{.TOOLS_BIN}}{{if eq OS "windows"}};{{else}}:{{end}}$PATH"
         protoc -I api \
         --go_opt=paths=source_relative \
-        --go_out={{.PROTO_DIR}} \
+        --go_out=api \
         --go-grpc_opt=paths=source_relative \
-        --go-grpc_out={{.PROTO_DIR}} \
+        --go-grpc_out=api \
         --grpc-gateway_opt=paths=source_relative \
         --grpc-gateway_opt=logtostderr=true \
-        --grpc-gateway_out={{.PROTO_DIR}} \
+        --grpc-gateway_out=api \
         --openapiv2_opt=logtostderr=true \
-        --openapiv2_out={{.PROTO_DIR}}/openapiv2 \
-        {{.PROTO_DIR}}/*.proto
+        --openapiv2_out=api/openapiv2 \
+        api/*.proto
     sources:
-      - "{{.PROTO_DIR}}/**/*.proto"
+      - "api/**/*.proto"
       - "go.mod"
     generates:
-      - "{{.PROTO_DIR}}/**/*pb*.go"
+      - "api/**/*pb*.go"
 
   build:
     vars:
@@ -44,9 +42,9 @@ tasks:
         sh: echo "${BUILD_COMMIT:-$(git rev-parse --short HEAD)}"
       BUILD_DATE: '{{now.Format "2006-01-02_15:04:05"}}'
       MODULE_NAME:
-        sh: go list -m
+        sh: 'echo "$(go list -m)/{{.APP_NAME}}"'
     cmds:
-     - |
+      - |
         CGO_ENABLED=0 go build -ldflags "-X {{.MODULE_NAME}}/pkg/build.Release={{.BUILD_RELEASE}} -X {{.MODULE_NAME}}/pkg/build.Branch={{.BUILD_BRANCH}} -X {{.MODULE_NAME}}/pkg/build.Commit={{.BUILD_COMMIT}} -X {{.MODULE_NAME}}/pkg/build.Date={{.BUILD_DATE}}" \
         -o cmd/{{.APP_NAME}}/ ./cmd/{{.APP_NAME}}
 
@@ -56,10 +54,14 @@ tasks:
       - go test -race -count=1 -vet=off ./cmd/{{.APP_NAME}}
       - go test -race -count=1 ./pkg/...
 
+  test-docker-cleanup:
+    cmds:
+      - docker compose -f docker-compose.test.yml down -v
+
   test-docker:
     cmds:
+      - defer: {task: test-docker-cleanup}
       - docker compose -f docker-compose.test.yml up --build --abort-on-container-exit test
-      - defer: docker compose -f docker-compose.test.yml down
 
   lint:
     deps: [tools]
@@ -82,11 +84,11 @@ tasks:
 
   tidy:
     cmds:
-      - go mod tidy
+      - cd .. && go mod tidy
 
   vendor:
       cmds:
-      - go mod vendor
+      - cd .. && go mod vendor
 
   generate:
     cmds:
@@ -99,15 +101,23 @@ tasks:
       - cp cmd/{{.APP_NAME}}/cert.pem cmd/{{.APP_NAME}}/ca.pem
 
   docker-build:
+    dir: ..
     vars:
       BUILD_RELEASE:
         sh: git describe --tags 2> /dev/null || echo "v0.0.0"
       BUILD_BRANCH:
         sh: git rev-parse --abbrev-ref HEAD
       BUILD_COMMIT:
         sh: git rev-parse --short HEAD
+    sources:
+      - go.mod
+      - go.sum
+      - lib/**
+      - "{{.APP_NAME}}/**"
+    generates:
+      - "{{.APP_NAME}}/.build"
     cmds:
-      - docker build --build-arg BUILD_RELEASE={{.BUILD_RELEASE}} --build-arg BUILD_BRANCH={{.BUILD_BRANCH}} --build-arg BUILD_COMMIT={{.BUILD_COMMIT}} --tag {{.DOCKER_IMAGE}} .
+      - docker build --iidfile {{.APP_NAME}}/.build -f {{.APP_NAME}}/Dockerfile --build-arg BUILD_RELEASE={{.BUILD_RELEASE}} --build-arg BUILD_BRANCH={{.BUILD_BRANCH}} --build-arg BUILD_COMMIT={{.BUILD_COMMIT}} --tag {{.DOCKER_IMAGE}} .
 
   docker-push:
     vars:
@@ -125,8 +135,8 @@ tasks:
       - test -e {{.TOOLS_BIN}}/golangci-lint{{exeExt}}
       - test -e {{.TOOLS_BIN}}/govulncheck{{exeExt}}
     cmds:
-        - GOBIN={{.TOOLS_BIN}} go install github.com/golangci/golangci-lint/cmd/golangci-lint
-        - GOBIN={{.TOOLS_BIN}} go install golang.org/x/vuln/cmd/govulncheck
+      - GOBIN={{.TOOLS_BIN}} go install github.com/golangci/golangci-lint/cmd/golangci-lint
+      - GOBIN={{.TOOLS_BIN}} go install golang.org/x/vuln/cmd/govulncheck
 
   protoc-plugins:
     generates:
@@ -145,9 +155,11 @@ tasks:
       - vendor/modules.txt
       - go.mod
       - go.sum
+      - "*.go"
       - cmd/**/*.go
       - pkg/**/*.go
       - internal/**/*.go
+      - api/**/*.go
       - Dockerfile
     vars:
       DEPLOY_TAG: |-