From 385050ad2546cc2dcd124136f6196e978654efb8 Mon Sep 17 00:00:00 2001 From: Forest-L Date: Fri, 27 Nov 2020 17:20:00 +0800 Subject: [PATCH] add custom configuration --- Makefile | 5 ++- README.md | 73 ++++++++++++++++++++--------------------- cmd/add.go | 4 +-- pkg/validator/audit.go | 24 +++++++------- pkg/validator/output.go | 1 + pkg/validator/pod.go | 5 +++ 6 files changed, 60 insertions(+), 52 deletions(-) diff --git a/Makefile b/Makefile index f4e638e..4792d21 100644 --- a/Makefile +++ b/Makefile @@ -2,5 +2,8 @@ BINARY="ke" -build: +ke-linux: CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ${BINARY} + +ke-darwin: + CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o ${BINARY} diff --git a/README.md b/README.md index aab0975..da4cc3a 100644 --- a/README.md +++ b/README.md @@ -15,32 +15,22 @@ chmod +x ke ```shell script git clone https://github.com/kubesphere/kubeye.git cd kubeye -make +make ke-linux ``` 2、Perform operation ```shell script -./ke audit --kubeconfig *** - ---kubeconfig string - Path to a kubeconfig. Only required if out-of-cluster. -> Note: If it is an external cluster, the server needs an external network address in the config file. +./ke audit --kubeconfig /home/ubuntu/.kube/config ``` -3、Install Node-problem-Detector in the inspection cluster +3、(Optional) Install Node-problem-Detector in the inspection cluster > Note: The NPD module does not need to be installed When more detailed node information does not need to be probed. ```shell script -./ke add npd --kubeconfig *** - ---kubeconfig string - Path to a kubeconfig. Only required if out-of-cluster. -> Note: If it is an external cluster, the server needs an external network address in the config file. +./ke install npd --kubeconfig /home/ubuntu/.kube/config ``` -* Continue with step 2. - -## Results +## Features 1. Whether the core components of the cluster are healthy, including controller-manager, scheduler and etc. 2. Whether the cluster node healthy. @@ -51,39 +41,44 @@ make ``` root@node1:/home/ubuntu/go/src/kubeye# ./ke audit --kubeconfig /home/ubuntu/config -HEARTBEATTIME SEVERITY NODENAME REASON MESSAGE -2020-11-19 10:32:03 +0800 CST danger node18 NodeStatusUnknown Kubelet stopped posting node status. -2020-11-19 10:31:37 +0800 CST danger node19 NodeStatusUnknown Kubelet stopped posting node status. -2020-11-19 10:31:14 +0800 CST danger node2 NodeStatusUnknown Kubelet stopped posting node status. -2020-11-19 10:31:58 +0800 CST danger node3 NodeStatusUnknown Kubelet stopped posting node status. +NODENAME SEVERITY HEARTBEATTIME REASON MESSAGE +node18 danger 2020-11-19T10:32:03+08:00 NodeStatusUnknown Kubelet stopped posting node status. +node19 danger 2020-11-19T10:31:37+08:00 NodeStatusUnknown Kubelet stopped posting node status. +node2 danger 2020-11-19T10:31:14+08:00 NodeStatusUnknown Kubelet stopped posting node status. -NAME SEVERITY MESSAGE -scheduler danger Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused +NAME SEVERITY TIME MESSAGE +scheduler danger 2020-11-27T17:09:59+08:00 Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused -EVENTTIME NODENAME NAMESPACE REASON MESSAGE -2020-11-20 18:52:13 +0800 CST nginx-b8ffcf679-q4n9v.16491643e6b68cd7 default Failed Error: ImagePullBackOff +NAMESPACE NODENAME EVENTTIME REASON MESSAGE +insights-agent workloads-1606467120.164b519ca8c67416 2020-11-27T16:57:05+08:00 DeadlineExceeded Job was active longer than specified deadline +kube-system calico-node-zvl9t.164b3dc50580845d 2020-11-27T17:09:35+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29 +kube-system kube-proxy-4bnn7.164b3dc4f4c4125d 2020-11-27T17:09:09+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29 +kube-system nodelocaldns-2zbhh.164b3dc4f42d358b 2020-11-27T17:09:14+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29 +default nginx-b8ffcf679-q4n9v.16491643e6b68cd7 2020-11-27T17:09:24+08:00 Failed Error: ImagePullBackOff -TIME NAME NAMESPACE KIND MESSAGE -2020-11-20T18:54:44+08:00 calico-node kube-system DaemonSet [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}] -2020-11-20T18:54:44+08:00 kube-proxy kube-system DaemonSet [{map[runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}] -2020-11-20T18:54:44+08:00 coredns kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources}]}] -2020-11-20T18:54:44+08:00 nodelocaldns kube-system DaemonSet [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} hostPortSet:{hostPortSet Host port should not be configured false warning Networking} runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}] -2020-11-20T18:54:44+08:00 nginx default Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} livenessProbeMissing:{livenessProbeMissing Liveness probe should be configured false warning Health Checks} tagNotSpecified:{tagNotSpecified Image tag should be specified false danger Images }]}] -2020-11-20T18:54:44+08:00 calico-kube-controllers kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} livenessProbeMissing:{livenessProbeMissing Liveness probe should be configured false warning Health Checks}]} +NAMESPACE NAME KIND TIME MESSAGE +kube-system node-problem-detector DaemonSet 2020-11-27T17:09:59+08:00 [livenessProbeMissing runAsPrivileged] +kube-system calico-node DaemonSet 2020-11-27T17:09:59+08:00 [runAsPrivileged cpuLimitsMissing] +kube-system nodelocaldns DaemonSet 2020-11-27T17:09:59+08:00 [cpuLimitsMissing runAsPrivileged] +default nginx Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing livenessProbeMissing tagNotSpecified] +insights-agent workloads CronJob 2020-11-27T17:09:59+08:00 [livenessProbeMissing] +insights-agent cronjob-executor Job 2020-11-27T17:09:59+08:00 [livenessProbeMissing] +kube-system calico-kube-controllers Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing livenessProbeMissing] +kube-system coredns Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing] ``` ## Custom check * Add custom npd rule methods ``` -1. Deploy npd, ./ke add npd --kubeconfig *** +1. Deploy npd, ./ke add npd --kubeconfig /home/ubuntu/.kube/config 2. Ddit node-problem-detector-config configMap, such as: kubectl edit cm -n kube-system node-problem-detector-config 3. Add exception log information under the rule of configMap, rules follow regular expressions. ``` * Add custom best practice configuration ``` 1. Use the -f parameter and file name config.yaml. -./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml --kubeconfig *** +./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml --kubeconfig /home/ubuntu/.kube/config --kubeconfig string Path to a kubeconfig. Only required if out-of-cluster. @@ -109,8 +104,12 @@ customChecks: ubuntu@node1:~/go/src/kubeye/examples/tmp$./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml -TIME NAME NAMESPACE KIND MESSAGE -2020-11-25T20:41:59+08:00 nginx default Deployment [{map[imageRegistry:{imageRegistry Image should not be from disallowed registry false warning Images }]}] -2020-11-25T20:41:59+08:00 coredns kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources}]}] - +NAMESPACE NAME KIND TIME MESSAGE +default nginx Deployment 2020-11-27T17:18:31+08:00 [imageRegistry] +kube-system node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged] +kube-system calico-node DaemonSet 2020-11-27T17:18:31+08:00 [cpuLimitsMissing runAsPrivileged] +kube-system calico-kube-controllers Deployment 2020-11-27T17:18:31+08:00 [cpuLimitsMissing livenessProbeMissing] +kube-system nodelocaldns DaemonSet 2020-11-27T17:18:31+08:00 [runAsPrivileged cpuLimitsMissing] +default nginx Deployment 2020-11-27T17:18:31+08:00 [livenessProbeMissing cpuLimitsMissing] +kube-system coredns Deployment 2020-11-27T17:18:31+08:00 [cpuLimitsMissing] ``` diff --git a/cmd/add.go b/cmd/add.go index 891b72b..503e9cb 100644 --- a/cmd/add.go +++ b/cmd/add.go @@ -15,8 +15,8 @@ func init() { } var addCmd = &cobra.Command{ - Use: "add ntp", - Short: "add the ntp", + Use: "install ntp", + Short: "install the ntp", Run: func(cmd *cobra.Command, args []string) { err := validator.Add(cmd.Context()) if err != nil { diff --git a/pkg/validator/audit.go b/pkg/validator/audit.go index be49a27..73be681 100644 --- a/pkg/validator/audit.go +++ b/pkg/validator/audit.go @@ -56,12 +56,12 @@ func Cluster(configuration string, ctx context.Context) error { w := tabwriter.NewWriter(os.Stdout, 10, 4, 3, ' ', 0) if len(nodeStatus) != 0 { - fmt.Fprintln(w, "HEARTBEATTIME\tSEVERITY\tNODENAME\tREASON\tMESSAGE") + fmt.Fprintln(w, "NODENAME\tSEVERITY\tHEARTBEATTIME\tREASON\tMESSAGE") for _, nodestatus := range nodeStatus { s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v", - nodestatus.HeartbeatTime.Format(time.RFC3339), - nodestatus.Severity, nodestatus.Name, + nodestatus.Severity, + nodestatus.HeartbeatTime.Format(time.RFC3339), nodestatus.Reason, nodestatus.Message, ) @@ -71,12 +71,12 @@ func Cluster(configuration string, ctx context.Context) error { } if len(basicComponentStatus) != 0 { - fmt.Fprintln(w, "\nTIME\tNAME\tSEVERITY\tMESSAGE") + fmt.Fprintln(w, "\nNAME\tSEVERITY\tTIME\tMESSAGE") for _, basiccomponentStatus := range basicComponentStatus { s := fmt.Sprintf("%s\t%s\t%s\t%-8v", - basiccomponentStatus.Time, basiccomponentStatus.Name, basiccomponentStatus.Severity, + basiccomponentStatus.Time, basiccomponentStatus.Message, ) fmt.Fprintln(w, s) @@ -85,12 +85,12 @@ func Cluster(configuration string, ctx context.Context) error { } if len(clusterCheckResults) != 0 { - fmt.Fprintln(w, "\nEVENTTIME\tNODENAME\tNAMESPACE\tREASON\tMESSAGE") + fmt.Fprintln(w, "\nNAMESPACE\tNODENAME\tEVENTTIME\tREASON\tMESSAGE") for _, clusterCheckResult := range clusterCheckResults { s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v", - clusterCheckResult.EventTime.Format(time.RFC3339), - clusterCheckResult.Name, clusterCheckResult.Namespace, + clusterCheckResult.Name, + clusterCheckResult.EventTime.Format(time.RFC3339), clusterCheckResult.Reason, clusterCheckResult.Message, ) @@ -100,14 +100,14 @@ func Cluster(configuration string, ctx context.Context) error { } if len(goodPractice) != 0 { - fmt.Fprintln(w, "\nTIME\tNAME\tNAMESPACE\tKIND\tMESSAGE") + fmt.Fprintln(w, "\nNAMESPACE\tNAME\tKIND\tTIME\tMESSAGE") for _, goodpractice := range goodPractice { s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v", - goodpractice.CreatedTime, - goodpractice.Name, goodpractice.Namespace, + goodpractice.Name, goodpractice.Kind, - goodpractice.ContainerResults, + goodpractice.CreatedTime, + goodpractice.Message, ) fmt.Fprintln(w, s) continue diff --git a/pkg/validator/output.go b/pkg/validator/output.go index ae0e5d4..5b3d5c8 100644 --- a/pkg/validator/output.go +++ b/pkg/validator/output.go @@ -52,6 +52,7 @@ type PodResult struct { Namespace string `yaml:"namespace" json:"namespace,omitempty"` Kind string `yaml:"kind" json:"kind,omitempty"` Name string `yaml:"name" json:"name,omitempty"` + Message []string `yaml:"message" json:"message,omitempty"` ContainerResults []ContainerResult `yaml:"containerResults" json:"containerResults,omitempty"` } diff --git a/pkg/validator/pod.go b/pkg/validator/pod.go index 68cfc76..82f2263 100644 --- a/pkg/validator/pod.go +++ b/pkg/validator/pod.go @@ -15,6 +15,7 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource for _, pod := range podToAudit { result, err := ValidatePod(ctx, conf, pod) + var messages []string if err != nil { return nil, errors.Wrap(err, "Failed to get result") } @@ -22,6 +23,10 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource if len(result.ContainerResults[0].Results) == 0 || result.ContainerResults == nil { continue } + for key, _ := range result.ContainerResults[0].Results { + messages = append(messages, key) + } + result.Message = messages results = append(results, result) } return results, nil