2020-12-07 14:24:15 +08:00
|
|
|
// Copyright 2020 KubeSphere Authors
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2020-11-08 02:43:58 +08:00
|
|
|
package validator
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"fmt"
|
2020-11-20 18:57:02 +08:00
|
|
|
"github.com/pkg/errors"
|
2020-11-08 02:43:58 +08:00
|
|
|
v1 "k8s.io/api/core/v1"
|
2021-01-06 16:15:06 +08:00
|
|
|
certutil "k8s.io/client-go/util/cert"
|
2020-11-08 02:43:58 +08:00
|
|
|
conf "kubeye/pkg/config"
|
|
|
|
"kubeye/pkg/kube"
|
2020-11-25 10:20:55 +08:00
|
|
|
"os"
|
2021-01-06 16:15:06 +08:00
|
|
|
"os/exec"
|
2020-11-25 20:45:05 +08:00
|
|
|
"path/filepath"
|
2021-01-06 16:15:06 +08:00
|
|
|
"strconv"
|
2020-11-20 18:57:02 +08:00
|
|
|
"strings"
|
|
|
|
"text/tabwriter"
|
2020-11-25 10:20:55 +08:00
|
|
|
"time"
|
2020-11-08 02:43:58 +08:00
|
|
|
)
|
|
|
|
|
2020-12-28 18:59:52 +08:00
|
|
|
func Cluster(configuration string, ctx context.Context, allInformation bool) error {
|
2020-11-08 02:43:58 +08:00
|
|
|
k, err := kube.CreateResourceProvider(ctx)
|
|
|
|
if err != nil {
|
2020-11-20 18:57:02 +08:00
|
|
|
return errors.Wrap(err, "Failed to get cluster information")
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
|
2020-12-09 17:11:18 +08:00
|
|
|
basicComponentStatus, err1 := ComponentStatusResult(k.ComponentStatus)
|
|
|
|
if err1 != nil {
|
|
|
|
return errors.Wrap(err1, "Failed to get BasicComponentStatus information")
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
|
2020-12-09 17:11:18 +08:00
|
|
|
clusterCheckResults, err2 := ProblemDetectorResult(k.ProblemDetector)
|
|
|
|
if err2 != nil {
|
|
|
|
return errors.Wrap(err2, "Failed to get clusterCheckResults information")
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
|
2020-12-09 17:11:18 +08:00
|
|
|
nodeStatus, err3 := NodeStatusResult(k.Nodes)
|
|
|
|
if err3 != nil {
|
|
|
|
return errors.Wrap(err3, "Failed to get nodeStatus information")
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
|
2021-01-06 16:15:06 +08:00
|
|
|
// Get kube-apiserver certificate expiration
|
|
|
|
var certExpires []Certificate
|
|
|
|
cmd := fmt.Sprintf("cat /etc/kubernetes/pki/%s", "apiserver.crt")
|
|
|
|
output, _ := exec.Command("/bin/sh", "-c", cmd).CombinedOutput()
|
|
|
|
if output != nil {
|
|
|
|
certs, _ := certutil.ParseCertsPEM([]byte(output))
|
2021-01-07 15:07:59 +08:00
|
|
|
if len(certs) != 0 {
|
|
|
|
certExpire := Certificate{
|
|
|
|
Name: "kube-apiserver",
|
|
|
|
Expires: certs[0].NotAfter.Format("Jan 02, 2006 15:04 MST"),
|
|
|
|
Residual: ResidualTime(certs[0].NotAfter),
|
|
|
|
}
|
|
|
|
if strings.Contains(certExpire.Residual, "d") {
|
|
|
|
tmpTime, _ := strconv.Atoi(strings.TrimRight(certExpire.Residual, "d"))
|
|
|
|
if tmpTime < 30 {
|
|
|
|
certExpires = append(certExpires, certExpire)
|
|
|
|
}
|
|
|
|
} else {
|
2021-01-06 16:15:06 +08:00
|
|
|
certExpires = append(certExpires, certExpire)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-08 02:43:58 +08:00
|
|
|
var config conf.Configuration
|
2020-11-25 20:45:05 +08:00
|
|
|
var goodPractice []PodResult
|
|
|
|
if len(configuration) != 0 {
|
|
|
|
fp, err := filepath.Abs(configuration)
|
|
|
|
if err != nil {
|
|
|
|
return errors.Wrap(err, "Failed to look up current directory")
|
|
|
|
}
|
|
|
|
config1, err := conf.ParseFile1(fp)
|
|
|
|
goodPractice1, err := ValidatePods(ctx, &config1, k)
|
|
|
|
goodPractice = append(goodPractice, goodPractice1...)
|
|
|
|
|
|
|
|
}
|
2020-11-08 02:43:58 +08:00
|
|
|
config, err = conf.ParseFile()
|
2020-11-25 20:45:05 +08:00
|
|
|
goodPractice2, err := ValidatePods(ctx, &config, k)
|
|
|
|
goodPractice = append(goodPractice, goodPractice2...)
|
2020-11-08 02:43:58 +08:00
|
|
|
if err != nil {
|
2020-11-25 10:20:55 +08:00
|
|
|
errors.Wrap(err, "Failed to get goodPractice information")
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
|
2020-11-20 18:57:02 +08:00
|
|
|
w := tabwriter.NewWriter(os.Stdout, 10, 4, 3, ' ', 0)
|
|
|
|
if len(nodeStatus) != 0 {
|
2020-11-27 17:20:00 +08:00
|
|
|
fmt.Fprintln(w, "NODENAME\tSEVERITY\tHEARTBEATTIME\tREASON\tMESSAGE")
|
2020-11-20 18:57:02 +08:00
|
|
|
for _, nodestatus := range nodeStatus {
|
|
|
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
|
|
|
nodestatus.Name,
|
2020-11-27 17:20:00 +08:00
|
|
|
nodestatus.Severity,
|
|
|
|
nodestatus.HeartbeatTime.Format(time.RFC3339),
|
2020-11-20 18:57:02 +08:00
|
|
|
nodestatus.Reason,
|
|
|
|
nodestatus.Message,
|
|
|
|
)
|
|
|
|
fmt.Fprintln(w, s)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2020-11-23 10:57:32 +08:00
|
|
|
|
2020-11-20 18:57:02 +08:00
|
|
|
if len(basicComponentStatus) != 0 {
|
2020-11-27 17:20:00 +08:00
|
|
|
fmt.Fprintln(w, "\nNAME\tSEVERITY\tTIME\tMESSAGE")
|
2020-11-20 18:57:02 +08:00
|
|
|
for _, basiccomponentStatus := range basicComponentStatus {
|
2020-11-25 10:20:55 +08:00
|
|
|
s := fmt.Sprintf("%s\t%s\t%s\t%-8v",
|
2020-11-20 18:57:02 +08:00
|
|
|
basiccomponentStatus.Name,
|
|
|
|
basiccomponentStatus.Severity,
|
2020-11-27 17:20:00 +08:00
|
|
|
basiccomponentStatus.Time,
|
2020-11-20 18:57:02 +08:00
|
|
|
basiccomponentStatus.Message,
|
|
|
|
)
|
|
|
|
fmt.Fprintln(w, s)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2020-11-23 10:57:32 +08:00
|
|
|
|
2020-11-20 18:57:02 +08:00
|
|
|
if len(clusterCheckResults) != 0 {
|
2020-12-29 15:24:05 +08:00
|
|
|
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tPODNAME\tEVENTTIME\tREASON\tMESSAGE")
|
2020-11-20 18:57:02 +08:00
|
|
|
for _, clusterCheckResult := range clusterCheckResults {
|
2020-12-09 17:11:18 +08:00
|
|
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
|
2020-11-20 18:57:02 +08:00
|
|
|
clusterCheckResult.Namespace,
|
2020-12-09 17:11:18 +08:00
|
|
|
clusterCheckResult.Severity,
|
2020-11-27 17:20:00 +08:00
|
|
|
clusterCheckResult.Name,
|
|
|
|
clusterCheckResult.EventTime.Format(time.RFC3339),
|
2020-11-20 18:57:02 +08:00
|
|
|
clusterCheckResult.Reason,
|
|
|
|
clusterCheckResult.Message,
|
|
|
|
)
|
|
|
|
fmt.Fprintln(w, s)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2020-11-23 10:57:32 +08:00
|
|
|
|
2020-11-20 18:57:02 +08:00
|
|
|
if len(goodPractice) != 0 {
|
2020-12-09 17:11:18 +08:00
|
|
|
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
|
2020-11-20 18:57:02 +08:00
|
|
|
for _, goodpractice := range goodPractice {
|
2020-12-28 18:59:52 +08:00
|
|
|
var message []string
|
|
|
|
if allInformation {
|
|
|
|
for _, tmpMessage := range goodpractice.ContainerResults[0].Results {
|
|
|
|
message = append(message, tmpMessage.Message, "")
|
|
|
|
}
|
|
|
|
if len(goodpractice.Results) != 0 {
|
|
|
|
for _, tmpResult := range goodpractice.Results {
|
|
|
|
if tmpResult.Success == false {
|
|
|
|
message = append(message, tmpResult.Message, "")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
message = message[:len(message)-1]
|
|
|
|
} else {
|
|
|
|
message = message[:len(message)-1]
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
message = goodpractice.Message
|
|
|
|
}
|
2020-12-09 17:11:18 +08:00
|
|
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
|
2020-11-20 18:57:02 +08:00
|
|
|
goodpractice.Namespace,
|
2020-12-09 17:11:18 +08:00
|
|
|
goodpractice.Severity,
|
2020-11-27 17:20:00 +08:00
|
|
|
goodpractice.Name,
|
2020-11-20 18:57:02 +08:00
|
|
|
goodpractice.Kind,
|
2020-11-27 17:20:00 +08:00
|
|
|
goodpractice.CreatedTime,
|
2020-12-28 18:59:52 +08:00
|
|
|
message,
|
2020-11-20 18:57:02 +08:00
|
|
|
)
|
|
|
|
fmt.Fprintln(w, s)
|
|
|
|
continue
|
|
|
|
}
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
2021-01-06 16:15:06 +08:00
|
|
|
if len(certExpires) != 0 {
|
|
|
|
fmt.Fprintln(w, "\nNAME\tEXPIRES\tRESIDUAL")
|
|
|
|
for _, certExpire := range certExpires {
|
|
|
|
s := fmt.Sprintf("%s\t%s\t%-8v",
|
|
|
|
certExpire.Name,
|
|
|
|
certExpire.Expires,
|
|
|
|
certExpire.Residual,
|
|
|
|
)
|
|
|
|
fmt.Fprintln(w, s)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
2020-11-20 18:57:02 +08:00
|
|
|
w.Flush()
|
|
|
|
|
|
|
|
//auditData := AuditData{
|
|
|
|
// AuditTime: k.CreationTime.Format(time.RFC3339),
|
|
|
|
// AuditAddress: k.AuditAddress,
|
|
|
|
//BasicComponentStatus: basicComponentStatus,
|
|
|
|
//BasicClusterInformation: BasicClusterInformation{
|
|
|
|
// K8sVersion: k.ServerVersion,
|
|
|
|
// PodNum: len(k.Pods),
|
|
|
|
// NodeNum: len(k.Nodes),
|
|
|
|
// NamespaceNum: len(k.Namespaces),
|
|
|
|
//},
|
2020-11-08 02:43:58 +08:00
|
|
|
|
2020-11-20 18:57:02 +08:00
|
|
|
//ClusterConfigurationResults: goodPractice,
|
|
|
|
//AllNodeStatusResults: nodeStatus,
|
|
|
|
//ClusterCheckResults: clusterCheckResults,
|
|
|
|
//}
|
|
|
|
|
|
|
|
//jsonBytes, err := json.Marshal(auditData)
|
|
|
|
//outputBytes, err := yaml.JSONToYAML(jsonBytes)
|
|
|
|
//os.Stdout.Write(outputBytes)
|
|
|
|
return nil
|
2020-11-08 02:43:58 +08:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2020-12-09 17:11:18 +08:00
|
|
|
//Get kubernetes core component status result
|
2020-11-20 18:57:02 +08:00
|
|
|
func ComponentStatusResult(cs []v1.ComponentStatus) ([]BasicComponentStatus, error) {
|
|
|
|
var crs []BasicComponentStatus
|
2020-11-08 02:43:58 +08:00
|
|
|
for i := 0; i < len(cs); i++ {
|
2020-11-20 18:57:02 +08:00
|
|
|
if strings.Contains(cs[i].Conditions[0].Message, "ok") == true || strings.Contains(cs[i].Conditions[0].Message, "true") == true {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
cr := BasicComponentStatus{
|
2020-11-25 10:20:55 +08:00
|
|
|
Time: time.Now().Format(time.RFC3339),
|
2020-11-20 18:57:02 +08:00
|
|
|
Name: cs[i].ObjectMeta.Name,
|
|
|
|
Message: cs[i].Conditions[0].Message,
|
2020-12-09 17:11:18 +08:00
|
|
|
Severity: "Fatal",
|
2020-11-20 18:57:02 +08:00
|
|
|
}
|
|
|
|
crs = append(crs, cr)
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
2020-11-20 18:57:02 +08:00
|
|
|
return crs, nil
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
2020-12-09 17:11:18 +08:00
|
|
|
|
|
|
|
//Get kubernetes pod result
|
2020-11-10 10:49:25 +08:00
|
|
|
func ProblemDetectorResult(event []v1.Event) ([]ClusterCheckResults, error) {
|
|
|
|
var pdrs []ClusterCheckResults
|
|
|
|
for j := 0; j < len(event); j++ {
|
|
|
|
if event[j].Type == "Warning" {
|
|
|
|
pdr := ClusterCheckResults{
|
2020-11-08 02:43:58 +08:00
|
|
|
Namespace: event[j].ObjectMeta.Namespace,
|
2020-11-10 10:49:25 +08:00
|
|
|
Name: event[j].ObjectMeta.Name,
|
2020-11-08 02:43:58 +08:00
|
|
|
EventTime: event[j].LastTimestamp.Time,
|
2020-11-10 10:49:25 +08:00
|
|
|
Reason: event[j].Reason,
|
|
|
|
Message: event[j].Message,
|
2020-12-09 17:11:18 +08:00
|
|
|
Severity: "Warning",
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
|
|
|
pdrs = append(pdrs, pdr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return pdrs, nil
|
|
|
|
}
|
2020-12-09 17:11:18 +08:00
|
|
|
|
|
|
|
//Get kubernetes node status result
|
2020-11-10 10:49:25 +08:00
|
|
|
func NodeStatusResult(nodes []v1.Node) ([]AllNodeStatusResults, error) {
|
|
|
|
var nodestatus []AllNodeStatusResults
|
|
|
|
for k := 0; k < len(nodes); k++ {
|
2020-11-20 18:57:02 +08:00
|
|
|
if nodes[k].Status.Conditions[len(nodes[k].Status.Conditions)-1].Status == "True" {
|
|
|
|
continue
|
|
|
|
}
|
2020-11-10 10:49:25 +08:00
|
|
|
nodestate := AllNodeStatusResults{
|
|
|
|
Name: nodes[k].ObjectMeta.Name,
|
2020-11-08 02:43:58 +08:00
|
|
|
HeartbeatTime: nodes[k].Status.Conditions[len(nodes[k].Status.Conditions)-1].LastHeartbeatTime.Time,
|
2020-11-10 10:49:25 +08:00
|
|
|
Status: nodes[k].Status.Conditions[len(nodes[k].Status.Conditions)-1].Status,
|
|
|
|
Reason: nodes[k].Status.Conditions[len(nodes[k].Status.Conditions)-1].Reason,
|
|
|
|
Message: nodes[k].Status.Conditions[len(nodes[k].Status.Conditions)-1].Message,
|
2020-12-09 17:11:18 +08:00
|
|
|
Severity: "Fatal",
|
2020-11-08 02:43:58 +08:00
|
|
|
}
|
2020-11-20 18:57:02 +08:00
|
|
|
|
2020-11-08 02:43:58 +08:00
|
|
|
nodestatus = append(nodestatus, nodestate)
|
|
|
|
}
|
|
|
|
return nodestatus, nil
|
2020-11-10 10:49:25 +08:00
|
|
|
}
|
2021-01-06 16:15:06 +08:00
|
|
|
|
|
|
|
func ResidualTime(t time.Time) string {
|
|
|
|
d := time.Until(t)
|
|
|
|
if seconds := int(d.Seconds()); seconds < -1 {
|
|
|
|
return fmt.Sprintf("<invalid>")
|
|
|
|
} else if seconds < 0 {
|
|
|
|
return fmt.Sprintf("0s")
|
|
|
|
} else if seconds < 60 {
|
|
|
|
return fmt.Sprintf("%ds", seconds)
|
|
|
|
} else if minutes := int(d.Minutes()); minutes < 60 {
|
|
|
|
return fmt.Sprintf("%dm", minutes)
|
|
|
|
} else if hours := int(d.Hours()); hours < 24 {
|
|
|
|
return fmt.Sprintf("%dh", hours)
|
|
|
|
} else if hours < 24*365 {
|
|
|
|
return fmt.Sprintf("%dd", hours/24)
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("%dy", int(d.Hours()/24/365))
|
|
|
|
}
|