1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-22 16:18:07 +00:00

Add function to get unit files for kubernetes components.

This commit is contained in:
Abubakr-Sadik Nii Nai Davis 2017-10-15 12:39:29 +00:00
parent 6ce0c5bf60
commit e227934c88
3 changed files with 37 additions and 0 deletions

View File

@ -100,6 +100,10 @@ node:
- /etc/kubernetes/kubelet
defaultconf: "/etc/kubernetes/kubelet.conf"
unitfiles:
- /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
defaultunitfile: /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
proxy:
bins:
- "kube-proxy"

View File

@ -68,6 +68,7 @@ func runChecks(t check.NodeType) {
binmap := getBinaries(typeConf)
confmap := getConfigFiles(typeConf)
podspecmap := getPodSpecFiles(typeConf)
unitfilemap := getUnitFiles(typeConf)
switch t {
case check.MASTER:
@ -90,6 +91,7 @@ func runChecks(t check.NodeType) {
s = makeSubstitutions(s, "bin", binmap)
s = makeSubstitutions(s, "conf", confmap)
s = makeSubstitutions(s, "podspec", podspecmap)
s = makeSubstitutions(s, "unitfile", unitfilemap)
glog.V(1).Info(fmt.Sprintf("Using config file: %s\n", viper.ConfigFileUsed()))
glog.V(1).Info(fmt.Sprintf("Using benchmark file: %s\n", path))

View File

@ -178,6 +178,37 @@ func getPodSpecFiles(v *viper.Viper) map[string]string {
return podspecmap
}
// getUnitFiles finds which of the set of candidate unit files exist
func getUnitFiles(v *viper.Viper) map[string]string {
unitfilemap := make(map[string]string)
for _, component := range v.GetStringSlice("components") {
s := v.Sub(component)
if s == nil {
continue
}
// See if any of the candidate podspec files exist
unitfile := findConfigFile(s.GetStringSlice("unitfiles"))
if unitfile == "" {
if s.IsSet("defaultunitfile") {
unitfile = s.GetString("defaultunitfile")
glog.V(2).Info(fmt.Sprintf("Using default unit file name '%s' for component %s", unitfile, component))
} else {
// Default the config file name that we'll substitute to the name of the component
printlnWarn(fmt.Sprintf("Missing unit file for %s", component))
unitfile = component
}
} else {
glog.V(2).Info(fmt.Sprintf("Component %s uses unit file '%s'", component, unitfile))
}
unitfilemap[component] = unitfile
}
return unitfilemap
}
// verifyBin checks that the binary specified is running
func verifyBin(bin string) bool {