1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-08 23:00:56 +00:00

Merge pull request #100 from philalex/use_kubelet

Use kubelet
This commit is contained in:
Liz Rice 2018-04-04 08:58:56 +01:00 committed by GitHub
commit d846b221e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 3 deletions

View File

@ -17,6 +17,7 @@ package cmd
import ( import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"path/filepath"
"github.com/aquasecurity/kube-bench/check" "github.com/aquasecurity/kube-bench/check"
"github.com/golang/glog" "github.com/golang/glog"
@ -47,9 +48,10 @@ func runChecks(t check.NodeType) {
} }
ver := getKubeVersion() ver := getKubeVersion()
path := fmt.Sprintf("%s/%s", cfgDir, ver) path := filepath.Join(cfgDir, ver)
def := filepath.Join(path, file)
def := fmt.Sprintf("%s/%s", path, file)
in, err := ioutil.ReadFile(def) in, err := ioutil.ReadFile(def)
if err != nil { if err != nil {
exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err)) exitWithError(fmt.Errorf("error opening %s controls file: %v", t, err))

View File

@ -215,10 +215,19 @@ func multiWordReplace(s string, subname string, sub string) string {
func getKubeVersion() string { func getKubeVersion() string {
// These executables might not be on the user's path. // These executables might not be on the user's path.
_, err := exec.LookPath("kubectl") _, err := exec.LookPath("kubectl")
if err != nil { if err != nil {
exitWithError(fmt.Errorf("kubernetes version check failed: %v", err)) _, err = exec.LookPath("kubelet")
if err != nil {
exitWithError(fmt.Errorf("Version check failed: need kubectl or kubelet binaries to get kubernetes version"))
}
return getKubeVersionFromKubelet()
} }
return getKubeVersionFromKubectl()
}
func getKubeVersionFromKubectl() string {
cmd := exec.Command("kubectl", "version", "--short") cmd := exec.Command("kubectl", "version", "--short")
out, err := cmd.CombinedOutput() out, err := cmd.CombinedOutput()
if err != nil { if err != nil {
@ -228,6 +237,17 @@ func getKubeVersion() string {
return getVersionFromKubectlOutput(string(out)) return getVersionFromKubectlOutput(string(out))
} }
func getKubeVersionFromKubelet() string {
cmd := exec.Command("kubelet", "--version")
out, err := cmd.CombinedOutput()
if err != nil {
continueWithError(fmt.Errorf("%s", out), "")
}
return getVersionFromKubeletOutput(string(out))
}
func getVersionFromKubectlOutput(s string) string { func getVersionFromKubectlOutput(s string) string {
serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`) serverVersionRe := regexp.MustCompile(`Server Version: v(\d+.\d+)`)
subs := serverVersionRe.FindStringSubmatch(s) subs := serverVersionRe.FindStringSubmatch(s)
@ -238,6 +258,16 @@ func getVersionFromKubectlOutput(s string) string {
return subs[1] return subs[1]
} }
func getVersionFromKubeletOutput(s string) string {
serverVersionRe := regexp.MustCompile(`Kubernetes v(\d+.\d+)`)
subs := serverVersionRe.FindStringSubmatch(s)
if len(subs) < 2 {
printlnWarn(fmt.Sprintf("Unable to get kubelet version, using default version: %s", defaultKubeVersion))
return defaultKubeVersion
}
return subs[1]
}
func makeSubstitutions(s string, ext string, m map[string]string) string { func makeSubstitutions(s string, ext string, m map[string]string) string {
for k, v := range m { for k, v := range m {
subst := "$" + k + ext subst := "$" + k + ext