diff --git a/README.md b/README.md index 43cad81..c9b42f6 100644 --- a/README.md +++ b/README.md @@ -96,9 +96,8 @@ kube-system Warning coredns Deployment 2020-11-27T1 | :white_check_mark: | PodFileExists | Check for existing files| | :white_check_mark: | PodTooManyOpenFiles | The number of file /socket connections opened by the program exceeds the system set value| | :white_check_mark: | PodNoSpaceLeftOnDevice | Check for disk and inode usage| -| | NodeTokenExpired | Token certificate expired| -| | NodeApiServerExpired | kube-apiserver certificate expired| -| | NodeKubeletExpired | Kubelet certificate expired| +| | NodeTokenExpiredPeriod | Check Token expiration period is one month| +| | NodeKubeletExpiredPeriod | Check Kubelet period is one month| | :white_check_mark: | PodSetCpuRequestsMissing | The CPU Resource Request value was not declared| | :white_check_mark: | PodSetHostIPCSet | Set the hostIP| | :white_check_mark: | PodSetHostNetworkSet | Set the hostNetwork| @@ -135,8 +134,7 @@ checks: customChecks: imageFromUnauthorizedRegistry: - successMessage: Image from an authorized registriy. - failureMessage: Image from an unauthorized registry. + promptMessage: When the corresponding rule does not match. Show that image from an unauthorized registry. category: Images target: Container schema: @@ -152,7 +150,7 @@ customChecks: - Save the above rule as a yaml, for example, `rule.yaml`. - Run kubeye with `rule.yaml` ```shell -root:# ke fault -f rule.yaml --kubeconfig ~/.kube/config +root:# ke diags -f rule.yaml --kubeconfig ~/.kube/config NAMESPACE SEVERITY NAME KIND TIME MESSAGE default Warning nginx Deployment 2020-11-27T17:18:31+08:00 [imageFromUnauthorizedRegistry] kube-system Warning node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged] diff --git a/checks/cpuLimitsMissing.yaml b/checks/cpuLimitsMissing.yaml index abe0470..33b4f45 100644 --- a/checks/cpuLimitsMissing.yaml +++ b/checks/cpuLimitsMissing.yaml @@ -1,4 +1,3 @@ -#successMessage: CPU limits are set promptMessage: CPU limits should be set category: Resources target: Container diff --git a/cmd/audit.go b/cmd/audit.go index cd2ebed..2611c89 100644 --- a/cmd/audit.go +++ b/cmd/audit.go @@ -23,12 +23,13 @@ import ( ) var config string +var allInformation bool var auditCmd = &cobra.Command{ Use: "diags", Short: "diagnostic information from the cluster", Run: func(cmd *cobra.Command, args []string) { - err := validator.Cluster(config, cmd.Context()) + err := validator.Cluster(config, cmd.Context(), allInformation) if err != nil { fmt.Println(err) } @@ -39,4 +40,5 @@ func init() { rootCmd.AddCommand(auditCmd) pflag.CommandLine.AddGoFlagSet(flag.CommandLine) auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration") + auditCmd.Flags().BoolVarP(&allInformation, "all", "a", false, "Show more specific information") } diff --git a/cmd/root.go b/cmd/root.go index 1cc57ba..67f1de3 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -34,6 +34,3 @@ func Execute() { os.Exit(1) } } -func init() { - rootCmd.PersistentFlags().BoolVar(&Verbose, "debug", true, "Print detailed information") -} diff --git a/pkg/validator/audit.go b/pkg/validator/audit.go index 1f31d77..d96ad72 100644 --- a/pkg/validator/audit.go +++ b/pkg/validator/audit.go @@ -28,7 +28,7 @@ import ( "time" ) -func Cluster(configuration string, ctx context.Context) error { +func Cluster(configuration string, ctx context.Context, allInformation bool) error { k, err := kube.CreateResourceProvider(ctx) if err != nil { return errors.Wrap(err, "Failed to get cluster information") @@ -117,13 +117,32 @@ func Cluster(configuration string, ctx context.Context) error { if len(goodPractice) != 0 { fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE") for _, goodpractice := range goodPractice { + var message []string + if allInformation { + for _, tmpMessage := range goodpractice.ContainerResults[0].Results { + message = append(message, tmpMessage.Message, "") + } + if len(goodpractice.Results) != 0 { + for _, tmpResult := range goodpractice.Results { + if tmpResult.Success == false { + message = append(message, tmpResult.Message, "") + } + } + message = message[:len(message)-1] + } else { + message = message[:len(message)-1] + } + + } else { + message = goodpractice.Message + } s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v", goodpractice.Namespace, goodpractice.Severity, goodpractice.Name, goodpractice.Kind, goodpractice.CreatedTime, - goodpractice.Message, + message, ) fmt.Fprintln(w, s) continue