1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-14 01:30:54 +00:00

Add function to get pod specs for kubernetes components.

This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-10-15 11:43:35 +00:00
parent 8e758bb5e0
commit 6ce0c5bf60
3 changed files with 49 additions and 4 deletions

View File

@ -26,42 +26,54 @@ master:
- "hyperkube apiserver" - "hyperkube apiserver"
- "apiserver" - "apiserver"
confs: confs:
- /etc/kubernetes/manifests/kube-apiserver.yaml
- /etc/kubernetes/apiserver.conf - /etc/kubernetes/apiserver.conf
- /etc/kubernetes/apiserver - /etc/kubernetes/apiserver
defaultconf: /etc/kubernetes/apiserver defaultconf: /etc/kubernetes/apiserver
podspecs:
- /etc/kubernetes/manifests/kube-apiserver.yaml
defaultpodspec: /etc/kubernetes/manifests/kube-apiserver.yaml
scheduler: scheduler:
bins: bins:
- "kube-scheduler" - "kube-scheduler"
- "hyperkube scheduler" - "hyperkube scheduler"
- "scheduler" - "scheduler"
confs: confs:
- /etc/kubernetes/manifests/kube-scheduler.yaml
- /etc/kubernetes/scheduler.conf - /etc/kubernetes/scheduler.conf
- /etc/kubernetes/scheduler - /etc/kubernetes/scheduler
defaultconf: /etc/kubernetes/scheduler defaultconf: /etc/kubernetes/scheduler
podspecs:
- /etc/kubernetes/manifests/kube-scheduler.yaml
defaultpodspec: /etc/kubernetes/manifests/kube-scheduler.yaml
controllermanager: controllermanager:
bins: bins:
- "kube-controller-manager" - "kube-controller-manager"
- "hyperkube controller-manager" - "hyperkube controller-manager"
- "controller-manager" - "controller-manager"
confs: confs:
- /etc/kubernetes/manifests/kube-controller-manager.yaml
- /etc/kubernetes/controller-manager.conf - /etc/kubernetes/controller-manager.conf
- /etc/kubernetes/controller-manager - /etc/kubernetes/controller-manager
defaultconf: /etc/kubernetes/controller-manager defaultconf: /etc/kubernetes/controller-manager
podspecs:
- /etc/kubernetes/manifests/kube-controller-manager.yaml
defaultpodspec: /etc/kubernetes/manifests/kube-controller-manager.yaml
etcd: etcd:
optional: true optional: true
bins: bins:
- "etcd" - "etcd"
confs: confs:
- /etc/kubernetes/manifests/etcd.yaml
- /etc/etcd/etcd.conf - /etc/etcd/etcd.conf
defaultconf: /etc/etcd/etcd.conf defaultconf: /etc/etcd/etcd.conf
podspecs:
- /etc/kubernetes/manifests/etcd.yaml
defaultpodspec: /etc/kubernetes/manifests/etcd.yaml
flanneld: flanneld:
optional: true optional: true
bins: bins:

View File

@ -67,6 +67,7 @@ func runChecks(t check.NodeType) {
// checks that the executables we need for the node type are running. // checks that the executables we need for the node type are running.
binmap := getBinaries(typeConf) binmap := getBinaries(typeConf)
confmap := getConfigFiles(typeConf) confmap := getConfigFiles(typeConf)
podspecmap := getPodSpecFiles(typeConf)
switch t { switch t {
case check.MASTER: case check.MASTER:
@ -88,6 +89,7 @@ func runChecks(t check.NodeType) {
s := string(in) s := string(in)
s = makeSubstitutions(s, "bin", binmap) s = makeSubstitutions(s, "bin", binmap)
s = makeSubstitutions(s, "conf", confmap) s = makeSubstitutions(s, "conf", confmap)
s = makeSubstitutions(s, "podspec", podspecmap)
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed())) glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", path)) glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", path))

View File

@ -147,6 +147,37 @@ func getConfigFiles(v *viper.Viper) map[string]string {
return confmap return confmap
} }
// getPodSpecFiles finds which of the set of candidate podspec files exist
func getPodSpecFiles(v *viper.Viper) map[string]string {
podspecmap := make(map[string]string)
for _, component := range v.GetStringSlice("components") {
s := v.Sub(component)
if s == nil {
continue
}
// See if any of the candidate podspec files exist
podspec := findConfigFile(s.GetStringSlice("podspecs"))
if podspec == "" {
if s.IsSet("defaultpodspec") {
podspec = s.GetString("defaultpodspec")
glog.V(2).Info(fmt.Sprintf("Using default podspec file name '%s' for component %s", podspec, component))
} else {
// Default the config file name that we'll substitute to the name of the component
printlnWarn(fmt.Sprintf("Missing podspec file for %s", component))
podspec = component
}
} else {
glog.V(2).Info(fmt.Sprintf("Component %s uses podspec file '%s'", component, podspec))
}
podspecmap[component] = podspec
}
return podspecmap
}
// verifyBin checks that the binary specified is running // verifyBin checks that the binary specified is running
func verifyBin(bin string) bool { func verifyBin(bin string) bool {