mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2024-12-27 08:58:06 +00:00
Add function to get pod specs for kubernetes components.
This commit is contained in:
parent
8e758bb5e0
commit
6ce0c5bf60
@ -26,42 +26,54 @@ master:
|
|||||||
- "hyperkube apiserver"
|
- "hyperkube apiserver"
|
||||||
- "apiserver"
|
- "apiserver"
|
||||||
confs:
|
confs:
|
||||||
- /etc/kubernetes/manifests/kube-apiserver.yaml
|
|
||||||
- /etc/kubernetes/apiserver.conf
|
- /etc/kubernetes/apiserver.conf
|
||||||
- /etc/kubernetes/apiserver
|
- /etc/kubernetes/apiserver
|
||||||
defaultconf: /etc/kubernetes/apiserver
|
defaultconf: /etc/kubernetes/apiserver
|
||||||
|
|
||||||
|
podspecs:
|
||||||
|
- /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
defaultpodspec: /etc/kubernetes/manifests/kube-apiserver.yaml
|
||||||
|
|
||||||
scheduler:
|
scheduler:
|
||||||
bins:
|
bins:
|
||||||
- "kube-scheduler"
|
- "kube-scheduler"
|
||||||
- "hyperkube scheduler"
|
- "hyperkube scheduler"
|
||||||
- "scheduler"
|
- "scheduler"
|
||||||
confs:
|
confs:
|
||||||
- /etc/kubernetes/manifests/kube-scheduler.yaml
|
|
||||||
- /etc/kubernetes/scheduler.conf
|
- /etc/kubernetes/scheduler.conf
|
||||||
- /etc/kubernetes/scheduler
|
- /etc/kubernetes/scheduler
|
||||||
defaultconf: /etc/kubernetes/scheduler
|
defaultconf: /etc/kubernetes/scheduler
|
||||||
|
|
||||||
|
podspecs:
|
||||||
|
- /etc/kubernetes/manifests/kube-scheduler.yaml
|
||||||
|
defaultpodspec: /etc/kubernetes/manifests/kube-scheduler.yaml
|
||||||
|
|
||||||
controllermanager:
|
controllermanager:
|
||||||
bins:
|
bins:
|
||||||
- "kube-controller-manager"
|
- "kube-controller-manager"
|
||||||
- "hyperkube controller-manager"
|
- "hyperkube controller-manager"
|
||||||
- "controller-manager"
|
- "controller-manager"
|
||||||
confs:
|
confs:
|
||||||
- /etc/kubernetes/manifests/kube-controller-manager.yaml
|
|
||||||
- /etc/kubernetes/controller-manager.conf
|
- /etc/kubernetes/controller-manager.conf
|
||||||
- /etc/kubernetes/controller-manager
|
- /etc/kubernetes/controller-manager
|
||||||
defaultconf: /etc/kubernetes/controller-manager
|
defaultconf: /etc/kubernetes/controller-manager
|
||||||
|
|
||||||
|
podspecs:
|
||||||
|
- /etc/kubernetes/manifests/kube-controller-manager.yaml
|
||||||
|
defaultpodspec: /etc/kubernetes/manifests/kube-controller-manager.yaml
|
||||||
|
|
||||||
etcd:
|
etcd:
|
||||||
optional: true
|
optional: true
|
||||||
bins:
|
bins:
|
||||||
- "etcd"
|
- "etcd"
|
||||||
confs:
|
confs:
|
||||||
- /etc/kubernetes/manifests/etcd.yaml
|
|
||||||
- /etc/etcd/etcd.conf
|
- /etc/etcd/etcd.conf
|
||||||
defaultconf: /etc/etcd/etcd.conf
|
defaultconf: /etc/etcd/etcd.conf
|
||||||
|
|
||||||
|
podspecs:
|
||||||
|
- /etc/kubernetes/manifests/etcd.yaml
|
||||||
|
defaultpodspec: /etc/kubernetes/manifests/etcd.yaml
|
||||||
|
|
||||||
flanneld:
|
flanneld:
|
||||||
optional: true
|
optional: true
|
||||||
bins:
|
bins:
|
||||||
|
@ -67,6 +67,7 @@ func runChecks(t check.NodeType) {
|
|||||||
// checks that the executables we need for the node type are running.
|
// checks that the executables we need for the node type are running.
|
||||||
binmap := getBinaries(typeConf)
|
binmap := getBinaries(typeConf)
|
||||||
confmap := getConfigFiles(typeConf)
|
confmap := getConfigFiles(typeConf)
|
||||||
|
podspecmap := getPodSpecFiles(typeConf)
|
||||||
|
|
||||||
switch t {
|
switch t {
|
||||||
case check.MASTER:
|
case check.MASTER:
|
||||||
@ -88,6 +89,7 @@ func runChecks(t check.NodeType) {
|
|||||||
s := string(in)
|
s := string(in)
|
||||||
s = makeSubstitutions(s, "bin", binmap)
|
s = makeSubstitutions(s, "bin", binmap)
|
||||||
s = makeSubstitutions(s, "conf", confmap)
|
s = makeSubstitutions(s, "conf", confmap)
|
||||||
|
s = makeSubstitutions(s, "podspec", podspecmap)
|
||||||
|
|
||||||
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
|
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
|
||||||
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", path))
|
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", path))
|
||||||
|
31
cmd/util.go
31
cmd/util.go
@ -147,6 +147,37 @@ func getConfigFiles(v *viper.Viper) map[string]string {
|
|||||||
return confmap
|
return confmap
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getPodSpecFiles finds which of the set of candidate podspec files exist
|
||||||
|
func getPodSpecFiles(v *viper.Viper) map[string]string {
|
||||||
|
podspecmap := make(map[string]string)
|
||||||
|
|
||||||
|
for _, component := range v.GetStringSlice("components") {
|
||||||
|
s := v.Sub(component)
|
||||||
|
if s == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// See if any of the candidate podspec files exist
|
||||||
|
podspec := findConfigFile(s.GetStringSlice("podspecs"))
|
||||||
|
if podspec == "" {
|
||||||
|
if s.IsSet("defaultpodspec") {
|
||||||
|
podspec = s.GetString("defaultpodspec")
|
||||||
|
glog.V(2).Info(fmt.Sprintf("Using default podspec file name '%s' for component %s", podspec, component))
|
||||||
|
} else {
|
||||||
|
// Default the config file name that we'll substitute to the name of the component
|
||||||
|
printlnWarn(fmt.Sprintf("Missing podspec file for %s", component))
|
||||||
|
podspec = component
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
glog.V(2).Info(fmt.Sprintf("Component %s uses podspec file '%s'", component, podspec))
|
||||||
|
}
|
||||||
|
|
||||||
|
podspecmap[component] = podspec
|
||||||
|
}
|
||||||
|
|
||||||
|
return podspecmap
|
||||||
|
}
|
||||||
|
|
||||||
// verifyBin checks that the binary specified is running
|
// verifyBin checks that the binary specified is running
|
||||||
func verifyBin(bin string) bool {
|
func verifyBin(bin string) bool {
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user