add custom configuration
This commit is contained in:
Forest-L
parent
bb17b5aaa4
commit
385050ad25
5
Makefile
5
Makefile
|
|
@ -2,5 +2,8 @@
|
||||||
|
|
||||||
BINARY="ke"
|
BINARY="ke"
|
||||||
|
|
||||||
build:
|
ke-linux:
|
||||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ${BINARY}
|
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o ${BINARY}
|
||||||
|
|
||||||
|
ke-darwin:
|
||||||
|
CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -o ${BINARY}
|
||||||
|
|
|
||||||
73
README.md
73
README.md
|
|
@ -15,32 +15,22 @@ chmod +x ke
|
||||||
```shell script
|
```shell script
|
||||||
git clone https://github.com/kubesphere/kubeye.git
|
git clone https://github.com/kubesphere/kubeye.git
|
||||||
cd kubeye
|
cd kubeye
|
||||||
make
|
make ke-linux
|
||||||
```
|
```
|
||||||
2、Perform operation
|
2、Perform operation
|
||||||
```shell script
|
```shell script
|
||||||
./ke audit --kubeconfig ***
|
./ke audit --kubeconfig /home/ubuntu/.kube/config
|
||||||
|
|
||||||
--kubeconfig string
|
|
||||||
Path to a kubeconfig. Only required if out-of-cluster.
|
|
||||||
> Note: If it is an external cluster, the server needs an external network address in the config file.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
3、Install Node-problem-Detector in the inspection cluster
|
3、(Optional) Install Node-problem-Detector in the inspection cluster
|
||||||
|
|
||||||
> Note: The NPD module does not need to be installed When more detailed node information does not need to be probed.
|
> Note: The NPD module does not need to be installed When more detailed node information does not need to be probed.
|
||||||
|
|
||||||
```shell script
|
```shell script
|
||||||
./ke add npd --kubeconfig ***
|
./ke install npd --kubeconfig /home/ubuntu/.kube/config
|
||||||
|
|
||||||
--kubeconfig string
|
|
||||||
Path to a kubeconfig. Only required if out-of-cluster.
|
|
||||||
> Note: If it is an external cluster, the server needs an external network address in the config file.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
* Continue with step 2.
|
## Features
|
||||||
|
|
||||||
## Results
|
|
||||||
|
|
||||||
1. Whether the core components of the cluster are healthy, including controller-manager, scheduler and etc.
|
1. Whether the core components of the cluster are healthy, including controller-manager, scheduler and etc.
|
||||||
2. Whether the cluster node healthy.
|
2. Whether the cluster node healthy.
|
||||||
|
|
@ -51,39 +41,44 @@ make
|
||||||
|
|
||||||
```
|
```
|
||||||
root@node1:/home/ubuntu/go/src/kubeye# ./ke audit --kubeconfig /home/ubuntu/config
|
root@node1:/home/ubuntu/go/src/kubeye# ./ke audit --kubeconfig /home/ubuntu/config
|
||||||
HEARTBEATTIME SEVERITY NODENAME REASON MESSAGE
|
NODENAME SEVERITY HEARTBEATTIME REASON MESSAGE
|
||||||
2020-11-19 10:32:03 +0800 CST danger node18 NodeStatusUnknown Kubelet stopped posting node status.
|
node18 danger 2020-11-19T10:32:03+08:00 NodeStatusUnknown Kubelet stopped posting node status.
|
||||||
2020-11-19 10:31:37 +0800 CST danger node19 NodeStatusUnknown Kubelet stopped posting node status.
|
node19 danger 2020-11-19T10:31:37+08:00 NodeStatusUnknown Kubelet stopped posting node status.
|
||||||
2020-11-19 10:31:14 +0800 CST danger node2 NodeStatusUnknown Kubelet stopped posting node status.
|
node2 danger 2020-11-19T10:31:14+08:00 NodeStatusUnknown Kubelet stopped posting node status.
|
||||||
2020-11-19 10:31:58 +0800 CST danger node3 NodeStatusUnknown Kubelet stopped posting node status.
|
|
||||||
|
|
||||||
NAME SEVERITY MESSAGE
|
NAME SEVERITY TIME MESSAGE
|
||||||
scheduler danger Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused
|
scheduler danger 2020-11-27T17:09:59+08:00 Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused
|
||||||
|
|
||||||
EVENTTIME NODENAME NAMESPACE REASON MESSAGE
|
NAMESPACE NODENAME EVENTTIME REASON MESSAGE
|
||||||
2020-11-20 18:52:13 +0800 CST nginx-b8ffcf679-q4n9v.16491643e6b68cd7 default Failed Error: ImagePullBackOff
|
insights-agent workloads-1606467120.164b519ca8c67416 2020-11-27T16:57:05+08:00 DeadlineExceeded Job was active longer than specified deadline
|
||||||
|
kube-system calico-node-zvl9t.164b3dc50580845d 2020-11-27T17:09:35+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29
|
||||||
|
kube-system kube-proxy-4bnn7.164b3dc4f4c4125d 2020-11-27T17:09:09+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29
|
||||||
|
kube-system nodelocaldns-2zbhh.164b3dc4f42d358b 2020-11-27T17:09:14+08:00 DNSConfigForming Nameserver limits were exceeded, some nameservers have been omitted, the applied nameserver line is: 100.64.11.3 114.114.114.114 119.29.29.29
|
||||||
|
default nginx-b8ffcf679-q4n9v.16491643e6b68cd7 2020-11-27T17:09:24+08:00 Failed Error: ImagePullBackOff
|
||||||
|
|
||||||
TIME NAME NAMESPACE KIND MESSAGE
|
NAMESPACE NAME KIND TIME MESSAGE
|
||||||
2020-11-20T18:54:44+08:00 calico-node kube-system DaemonSet [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}]
|
kube-system node-problem-detector DaemonSet 2020-11-27T17:09:59+08:00 [livenessProbeMissing runAsPrivileged]
|
||||||
2020-11-20T18:54:44+08:00 kube-proxy kube-system DaemonSet [{map[runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}]
|
kube-system calico-node DaemonSet 2020-11-27T17:09:59+08:00 [runAsPrivileged cpuLimitsMissing]
|
||||||
2020-11-20T18:54:44+08:00 coredns kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources}]}]
|
kube-system nodelocaldns DaemonSet 2020-11-27T17:09:59+08:00 [cpuLimitsMissing runAsPrivileged]
|
||||||
2020-11-20T18:54:44+08:00 nodelocaldns kube-system DaemonSet [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} hostPortSet:{hostPortSet Host port should not be configured false warning Networking} runningAsPrivileged:{runningAsPrivileged Should not be running as privileged false warning Security}]}]
|
default nginx Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing livenessProbeMissing tagNotSpecified]
|
||||||
2020-11-20T18:54:44+08:00 nginx default Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} livenessProbeMissing:{livenessProbeMissing Liveness probe should be configured false warning Health Checks} tagNotSpecified:{tagNotSpecified Image tag should be specified false danger Images }]}]
|
insights-agent workloads CronJob 2020-11-27T17:09:59+08:00 [livenessProbeMissing]
|
||||||
2020-11-20T18:54:44+08:00 calico-kube-controllers kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources} livenessProbeMissing:{livenessProbeMissing Liveness probe should be configured false warning Health Checks}]}
|
insights-agent cronjob-executor Job 2020-11-27T17:09:59+08:00 [livenessProbeMissing]
|
||||||
|
kube-system calico-kube-controllers Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing livenessProbeMissing]
|
||||||
|
kube-system coredns Deployment 2020-11-27T17:09:59+08:00 [cpuLimitsMissing]
|
||||||
```
|
```
|
||||||
|
|
||||||
## Custom check
|
## Custom check
|
||||||
|
|
||||||
* Add custom npd rule methods
|
* Add custom npd rule methods
|
||||||
```
|
```
|
||||||
1. Deploy npd, ./ke add npd --kubeconfig ***
|
1. Deploy npd, ./ke add npd --kubeconfig /home/ubuntu/.kube/config
|
||||||
2. Ddit node-problem-detector-config configMap, such as: kubectl edit cm -n kube-system node-problem-detector-config
|
2. Ddit node-problem-detector-config configMap, such as: kubectl edit cm -n kube-system node-problem-detector-config
|
||||||
3. Add exception log information under the rule of configMap, rules follow regular expressions.
|
3. Add exception log information under the rule of configMap, rules follow regular expressions.
|
||||||
```
|
```
|
||||||
* Add custom best practice configuration
|
* Add custom best practice configuration
|
||||||
```
|
```
|
||||||
1. Use the -f parameter and file name config.yaml.
|
1. Use the -f parameter and file name config.yaml.
|
||||||
./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml --kubeconfig ***
|
./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml --kubeconfig /home/ubuntu/.kube/config
|
||||||
|
|
||||||
--kubeconfig string
|
--kubeconfig string
|
||||||
Path to a kubeconfig. Only required if out-of-cluster.
|
Path to a kubeconfig. Only required if out-of-cluster.
|
||||||
|
|
@ -109,8 +104,12 @@ customChecks:
|
||||||
|
|
||||||
|
|
||||||
ubuntu@node1:~/go/src/kubeye/examples/tmp$./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml
|
ubuntu@node1:~/go/src/kubeye/examples/tmp$./ke audit -f /home/ubuntu/go/src/kubeye/examples/tmp/config.yaml
|
||||||
TIME NAME NAMESPACE KIND MESSAGE
|
NAMESPACE NAME KIND TIME MESSAGE
|
||||||
2020-11-25T20:41:59+08:00 nginx default Deployment [{map[imageRegistry:{imageRegistry Image should not be from disallowed registry false warning Images }]}]
|
default nginx Deployment 2020-11-27T17:18:31+08:00 [imageRegistry]
|
||||||
2020-11-25T20:41:59+08:00 coredns kube-system Deployment [{map[cpuLimitsMissing:{cpuLimitsMissing CPU limits should be set false warning Resources}]}]
|
kube-system node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged]
|
||||||
|
kube-system calico-node DaemonSet 2020-11-27T17:18:31+08:00 [cpuLimitsMissing runAsPrivileged]
|
||||||
|
kube-system calico-kube-controllers Deployment 2020-11-27T17:18:31+08:00 [cpuLimitsMissing livenessProbeMissing]
|
||||||
|
kube-system nodelocaldns DaemonSet 2020-11-27T17:18:31+08:00 [runAsPrivileged cpuLimitsMissing]
|
||||||
|
default nginx Deployment 2020-11-27T17:18:31+08:00 [livenessProbeMissing cpuLimitsMissing]
|
||||||
|
kube-system coredns Deployment 2020-11-27T17:18:31+08:00 [cpuLimitsMissing]
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,8 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
var addCmd = &cobra.Command{
|
var addCmd = &cobra.Command{
|
||||||
Use: "add ntp",
|
Use: "install ntp",
|
||||||
Short: "add the ntp",
|
Short: "install the ntp",
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
err := validator.Add(cmd.Context())
|
err := validator.Add(cmd.Context())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -56,12 +56,12 @@ func Cluster(configuration string, ctx context.Context) error {
|
||||||
|
|
||||||
w := tabwriter.NewWriter(os.Stdout, 10, 4, 3, ' ', 0)
|
w := tabwriter.NewWriter(os.Stdout, 10, 4, 3, ' ', 0)
|
||||||
if len(nodeStatus) != 0 {
|
if len(nodeStatus) != 0 {
|
||||||
fmt.Fprintln(w, "HEARTBEATTIME\tSEVERITY\tNODENAME\tREASON\tMESSAGE")
|
fmt.Fprintln(w, "NODENAME\tSEVERITY\tHEARTBEATTIME\tREASON\tMESSAGE")
|
||||||
for _, nodestatus := range nodeStatus {
|
for _, nodestatus := range nodeStatus {
|
||||||
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
||||||
nodestatus.HeartbeatTime.Format(time.RFC3339),
|
|
||||||
nodestatus.Severity,
|
|
||||||
nodestatus.Name,
|
nodestatus.Name,
|
||||||
|
nodestatus.Severity,
|
||||||
|
nodestatus.HeartbeatTime.Format(time.RFC3339),
|
||||||
nodestatus.Reason,
|
nodestatus.Reason,
|
||||||
nodestatus.Message,
|
nodestatus.Message,
|
||||||
)
|
)
|
||||||
|
|
@ -71,12 +71,12 @@ func Cluster(configuration string, ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(basicComponentStatus) != 0 {
|
if len(basicComponentStatus) != 0 {
|
||||||
fmt.Fprintln(w, "\nTIME\tNAME\tSEVERITY\tMESSAGE")
|
fmt.Fprintln(w, "\nNAME\tSEVERITY\tTIME\tMESSAGE")
|
||||||
for _, basiccomponentStatus := range basicComponentStatus {
|
for _, basiccomponentStatus := range basicComponentStatus {
|
||||||
s := fmt.Sprintf("%s\t%s\t%s\t%-8v",
|
s := fmt.Sprintf("%s\t%s\t%s\t%-8v",
|
||||||
basiccomponentStatus.Time,
|
|
||||||
basiccomponentStatus.Name,
|
basiccomponentStatus.Name,
|
||||||
basiccomponentStatus.Severity,
|
basiccomponentStatus.Severity,
|
||||||
|
basiccomponentStatus.Time,
|
||||||
basiccomponentStatus.Message,
|
basiccomponentStatus.Message,
|
||||||
)
|
)
|
||||||
fmt.Fprintln(w, s)
|
fmt.Fprintln(w, s)
|
||||||
|
|
@ -85,12 +85,12 @@ func Cluster(configuration string, ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(clusterCheckResults) != 0 {
|
if len(clusterCheckResults) != 0 {
|
||||||
fmt.Fprintln(w, "\nEVENTTIME\tNODENAME\tNAMESPACE\tREASON\tMESSAGE")
|
fmt.Fprintln(w, "\nNAMESPACE\tNODENAME\tEVENTTIME\tREASON\tMESSAGE")
|
||||||
for _, clusterCheckResult := range clusterCheckResults {
|
for _, clusterCheckResult := range clusterCheckResults {
|
||||||
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
||||||
clusterCheckResult.EventTime.Format(time.RFC3339),
|
|
||||||
clusterCheckResult.Name,
|
|
||||||
clusterCheckResult.Namespace,
|
clusterCheckResult.Namespace,
|
||||||
|
clusterCheckResult.Name,
|
||||||
|
clusterCheckResult.EventTime.Format(time.RFC3339),
|
||||||
clusterCheckResult.Reason,
|
clusterCheckResult.Reason,
|
||||||
clusterCheckResult.Message,
|
clusterCheckResult.Message,
|
||||||
)
|
)
|
||||||
|
|
@ -100,14 +100,14 @@ func Cluster(configuration string, ctx context.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(goodPractice) != 0 {
|
if len(goodPractice) != 0 {
|
||||||
fmt.Fprintln(w, "\nTIME\tNAME\tNAMESPACE\tKIND\tMESSAGE")
|
fmt.Fprintln(w, "\nNAMESPACE\tNAME\tKIND\tTIME\tMESSAGE")
|
||||||
for _, goodpractice := range goodPractice {
|
for _, goodpractice := range goodPractice {
|
||||||
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%-8v",
|
||||||
goodpractice.CreatedTime,
|
|
||||||
goodpractice.Name,
|
|
||||||
goodpractice.Namespace,
|
goodpractice.Namespace,
|
||||||
|
goodpractice.Name,
|
||||||
goodpractice.Kind,
|
goodpractice.Kind,
|
||||||
goodpractice.ContainerResults,
|
goodpractice.CreatedTime,
|
||||||
|
goodpractice.Message,
|
||||||
)
|
)
|
||||||
fmt.Fprintln(w, s)
|
fmt.Fprintln(w, s)
|
||||||
continue
|
continue
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,7 @@ type PodResult struct {
|
||||||
Namespace string `yaml:"namespace" json:"namespace,omitempty"`
|
Namespace string `yaml:"namespace" json:"namespace,omitempty"`
|
||||||
Kind string `yaml:"kind" json:"kind,omitempty"`
|
Kind string `yaml:"kind" json:"kind,omitempty"`
|
||||||
Name string `yaml:"name" json:"name,omitempty"`
|
Name string `yaml:"name" json:"name,omitempty"`
|
||||||
|
Message []string `yaml:"message" json:"message,omitempty"`
|
||||||
ContainerResults []ContainerResult `yaml:"containerResults" json:"containerResults,omitempty"`
|
ContainerResults []ContainerResult `yaml:"containerResults" json:"containerResults,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource
|
||||||
|
|
||||||
for _, pod := range podToAudit {
|
for _, pod := range podToAudit {
|
||||||
result, err := ValidatePod(ctx, conf, pod)
|
result, err := ValidatePod(ctx, conf, pod)
|
||||||
|
var messages []string
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "Failed to get result")
|
return nil, errors.Wrap(err, "Failed to get result")
|
||||||
}
|
}
|
||||||
|
|
@ -22,6 +23,10 @@ func ValidatePods(ctx context.Context, conf *config.Configuration, kubeResource
|
||||||
if len(result.ContainerResults[0].Results) == 0 || result.ContainerResults == nil {
|
if len(result.ContainerResults[0].Results) == 0 || result.ContainerResults == nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
for key, _ := range result.ContainerResults[0].Results {
|
||||||
|
messages = append(messages, key)
|
||||||
|
}
|
||||||
|
result.Message = messages
|
||||||
results = append(results, result)
|
results = append(results, result)
|
||||||
}
|
}
|
||||||
return results, nil
|
return results, nil
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue