mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-01-08 23:00:56 +00:00
commit
d846b221e5
@ -17,6 +17,7 @@ package cmd
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
"github.com/aquasecurity/kube-bench/check"
|
"github.com/aquasecurity/kube-bench/check"
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
@ -47,9 +48,10 @@ func runChecks(t check.NodeType) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
ver := getKubeVersion()
|
ver := getKubeVersion()
|
||||||
path := fmt.Sprintf("%s/%s", cfgDir, ver)
|
path := filepath.Join(cfgDir, ver)
|
||||||
|
|
||||||
|
def := filepath.Join(path, file)
|
||||||
|
|
||||||
def := fmt.Sprintf("%s/%s", path, file)
|
|
||||||
in, err := ioutil.ReadFile(def)
|
in, err := ioutil.ReadFile(def)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
|
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))
|
||||||
|
32
cmd/util.go
32
cmd/util.go
@ -215,10 +215,19 @@ func multiWordReplace(s string, subname string, sub string) string {
|
|||||||
func getKubeVersion() string {
|
func getKubeVersion() string {
|
||||||
// These executables might not be on the user's path.
|
// These executables might not be on the user's path.
|
||||||
_, err := exec.LookPath("kubectl")
|
_, err := exec.LookPath("kubectl")
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
exitWithError(fmt.Errorf("kubernetes version check failed: %v", err))
|
_, err = exec.LookPath("kubelet")
|
||||||
|
if err != nil {
|
||||||
|
exitWithError(fmt.Errorf("Version check failed: need kubectl or kubelet binaries to get kubernetes version"))
|
||||||
|
}
|
||||||
|
return getKubeVersionFromKubelet()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return getKubeVersionFromKubectl()
|
||||||
|
}
|
||||||
|
|
||||||
|
func getKubeVersionFromKubectl() string {
|
||||||
cmd := exec.Command("kubectl", "version", "--short")
|
cmd := exec.Command("kubectl", "version", "--short")
|
||||||
out, err := cmd.CombinedOutput()
|
out, err := cmd.CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -228,6 +237,17 @@ func getKubeVersion() string {
|
|||||||
return getVersionFromKubectlOutput(string(out))
|
return getVersionFromKubectlOutput(string(out))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getKubeVersionFromKubelet() string {
|
||||||
|
cmd := exec.Command("kubelet", "--version")
|
||||||
|
out, err := cmd.CombinedOutput()
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
continueWithError(fmt.Errorf("%s", out), "")
|
||||||
|
}
|
||||||
|
|
||||||
|
return getVersionFromKubeletOutput(string(out))
|
||||||
|
}
|
||||||
|
|
||||||
func getVersionFromKubectlOutput(s string) string {
|
func getVersionFromKubectlOutput(s string) string {
|
||||||
serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
|
serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
|
||||||
subs := serverVersionRe.FindStringSubmatch(s)
|
subs := serverVersionRe.FindStringSubmatch(s)
|
||||||
@ -238,6 +258,16 @@ func getVersionFromKubectlOutput(s string) string {
|
|||||||
return subs[1]
|
return subs[1]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getVersionFromKubeletOutput(s string) string {
|
||||||
|
serverVersionRe := regexp.MustCompile(`Kubernetes v(\d+.\d+)`)
|
||||||
|
subs := serverVersionRe.FindStringSubmatch(s)
|
||||||
|
if len(subs) < 2 {
|
||||||
|
printlnWarn(fmt.Sprintf("Unable to get kubelet version, using default version: %s", defaultKubeVersion))
|
||||||
|
return defaultKubeVersion
|
||||||
|
}
|
||||||
|
return subs[1]
|
||||||
|
}
|
||||||
|
|
||||||
func makeSubstitutions(s string, ext string, m map[string]string) string {
|
func makeSubstitutions(s string, ext string, m map[string]string) string {
|
||||||
for k, v := range m {
|
for k, v := range m {
|
||||||
subst := "$" + k + ext
|
subst := "$" + k + ext
|
||||||
|
Loading…
Reference in New Issue
Block a user