ed21839464
Add getServiceFiles function.
...
The CIS benchmark check for node checks 2 config files for kubelet:
- kubelet config file (kubelet.conf)
- kubelet systemd unitfile (10-kubeadm.conf)
The getServiceFiles function gets candidates for kubelet systemd
unitfile and returns valid untifiles.
6 years ago
ccc2b6c9ae
Shouldn't need kubelet or kubectl if version specified
6 years ago
9d0141871a
Use new utility function for finding correct config files.
...
Improve order of message output
Remove unnecessary local variable
6 years ago
223ac14642
Don't override version specified on command line
6 years ago
0b4872104d
Merge branch 'master' into feature/issue-107
6 years ago
9469b1c124
Allow kubernetes version and config directory to be specified ( resolves #107 )
6 years ago
ade064006e
Add extra output manipulation flags, --noremediations, --nosummary and
...
--noresults.
These flags disable printing sections of the final output of kube-bench.
6 years ago
728cb0765f
Use 1.8 tests for k8s 1.9 and 1.10
6 years ago
f091c8adea
Remove the old lines of fmt.Sprintf in cmd/common.go
6 years ago
c86d0ff81b
Replace fmt.Sprintf by filepath.Join
6 years ago
58b6358a02
Merge branch 'master' into u/jaxxstorm/golint
6 years ago
94a1f3c41f
Lint all code for golint tests
6 years ago
64aaef7997
Fixed expected return for getKubeVersion.
7 years ago
04f044e3b9
Add support for merging general and kubernetes version specific config files.
...
This change unifies all config files, podspecs and unitfiles under
a single component configuration key; `config`.
7 years ago
730871f330
Fix kubeVersion regex tests
7 years ago
f90dd925b8
Exit kube-bench if we can't get valid kubernetes server version and
...
improve error messages.
7 years ago
909e6cc874
created database.go file and moved DB function into it
7 years ago
1faeb55b67
Merge branch 'master' into master
7 years ago
d79a2a5478
added support for saving scan results to pgsql
7 years ago
592dc81974
Remove unused variables.
7 years ago
cec1d9d6b3
Combine config reading functions into single function.
7 years ago
e227934c88
Add function to get unit files for kubernetes components.
7 years ago
6ce0c5bf60
Add function to get pod specs for kubernetes components.
7 years ago
018ad12a64
Log benchmark definition file at verbosity level 1.
7 years ago
a95d083049
Remove call to verifyKubeVersion.
...
This functionality is fulfilled by getKubeVersion.
7 years ago
d9e1eee2cd
Merge remote-tracking branch 'origin/master' into support for multiple
...
Kubernetes versions.
7 years ago
56fa20103a
Add function to retrieve Kubernetes server version.
...
The server version is used to load the correct benchmark check
to run against the Kubernetes cluster.
7 years ago
e4a89123e0
Move message about which config file we’re using into a log at the start
7 years ago
a3197f8efe
Reorder YAML to make a bit more sense. Allow for optional components, and a config file that we don’t think exists.
7 years ago
f5550fd8bd
Node type is now verified by looking for running binaries from a set of options
7 years ago
6a5a62b278
Autodetect the binaries and config files from a set of options
7 years ago
7600dd9dd6
Make the ps / fakeps function global so we don’t have to pass it around so much
7 years ago
6b9f117f87
Allow for multiple words in executable names
7 years ago
34f8b8e980
Simplify verifying binaries and config files
7 years ago
96c469669c
Use kubectl to check the kubernetes version
7 years ago
2b4047a3c1
Merge pull request #28 from ttousai/errorhandling
...
Improve error handling.
7 years ago
f88de572f6
Improve error handling.
7 years ago
e08e069174
Update controls to CIS Kubernetes Benchmark v1.1.0
7 years ago
609c4ff01c
Move kubernetes binaries and config paths to kube-bench config.
7 years ago
2ee99eca64
Add support for various installation modes, hyperkube, kubeadm and kops.
...
Issue #17 .
7 years ago
bd53529387
Fix issue #16 about supporting verbosity.
7 years ago
06466d6573
Fix issue with kubernetes version check, where the master binary is
...
used for all modes including nodes and federated.
7 years ago
dbbafd54a5
Do not exit on command exit, print error message to stderr and continue.
7 years ago
6ee9bedfb8
Print verification warnings at only one point.
7 years ago
2119d119b0
Restore warning messages and dont quit on verification error.
7 years ago
d0d9900b29
Resolve issue #7 wait: error running audit command exit status 1.
...
This is caused by a command in the audit pipeline (for example
ps -ef | grep kube-apiserver) failing. The causes of this failure
in my testing is usually a missing config file.
Extensive refactor and correction in verification code to check for
config files and binaries.
Replace joncalhoun/pipes with implementation using exec.Cmds so errors
are visible and can be handled when audit pipeline commands fail.
Change some audit commands
from: ps -ef | grep <cmd> | grep -v
to: ps -C <something> -o comm,args --no-headers
which is simpler to work with.
7 years ago
b4237ccb73
Better error handling when reading YAML files
7 years ago
07750ea43a
Don't output message about config file if output format is JSON
7 years ago
6340ee44c5
Don’t output warnings as text if we’re generating JSON output. Add error handling in a few missing cases. Some comment tidying.
7 years ago
b36832e40c
Correct block-copy error in flanneld config directory
7 years ago
Abubakr-Sadik Nii Nai Davis