Merge pull request #11 from kubesphere/dev-ll
Add the "-a" parameter to show more information about the best practice
This commit is contained in:
Forest
GitHub
commit
b1dfc53df7
10
README.md
10
README.md
|
|
@ -96,9 +96,8 @@ kube-system Warning coredns Deployment 2020-11-27T1
|
||||||
| :white_check_mark: | PodFileExists | Check for existing files|
|
| :white_check_mark: | PodFileExists | Check for existing files|
|
||||||
| :white_check_mark: | PodTooManyOpenFiles | The number of file /socket connections opened by the program exceeds the system set value|
|
| :white_check_mark: | PodTooManyOpenFiles | The number of file /socket connections opened by the program exceeds the system set value|
|
||||||
| :white_check_mark: | PodNoSpaceLeftOnDevice | Check for disk and inode usage|
|
| :white_check_mark: | PodNoSpaceLeftOnDevice | Check for disk and inode usage|
|
||||||
| | NodeTokenExpired | Token certificate expired|
|
| | NodeTokenExpiredPeriod | Check Token expiration period is one month|
|
||||||
| | NodeApiServerExpired | kube-apiserver certificate expired|
|
| | NodeKubeletExpiredPeriod | Check Kubelet period is one month|
|
||||||
| | NodeKubeletExpired | Kubelet certificate expired|
|
|
||||||
| :white_check_mark: | PodSetCpuRequestsMissing | The CPU Resource Request value was not declared|
|
| :white_check_mark: | PodSetCpuRequestsMissing | The CPU Resource Request value was not declared|
|
||||||
| :white_check_mark: | PodSetHostIPCSet | Set the hostIP|
|
| :white_check_mark: | PodSetHostIPCSet | Set the hostIP|
|
||||||
| :white_check_mark: | PodSetHostNetworkSet | Set the hostNetwork|
|
| :white_check_mark: | PodSetHostNetworkSet | Set the hostNetwork|
|
||||||
|
|
@ -135,8 +134,7 @@ checks:
|
||||||
|
|
||||||
customChecks:
|
customChecks:
|
||||||
imageFromUnauthorizedRegistry:
|
imageFromUnauthorizedRegistry:
|
||||||
successMessage: Image from an authorized registriy.
|
promptMessage: When the corresponding rule does not match. Show that image from an unauthorized registry.
|
||||||
failureMessage: Image from an unauthorized registry.
|
|
||||||
category: Images
|
category: Images
|
||||||
target: Container
|
target: Container
|
||||||
schema:
|
schema:
|
||||||
|
|
@ -152,7 +150,7 @@ customChecks:
|
||||||
- Save the above rule as a yaml, for example, `rule.yaml`.
|
- Save the above rule as a yaml, for example, `rule.yaml`.
|
||||||
- Run kubeye with `rule.yaml`
|
- Run kubeye with `rule.yaml`
|
||||||
```shell
|
```shell
|
||||||
root:# ke fault -f rule.yaml --kubeconfig ~/.kube/config
|
root:# ke diags -f rule.yaml --kubeconfig ~/.kube/config
|
||||||
NAMESPACE SEVERITY NAME KIND TIME MESSAGE
|
NAMESPACE SEVERITY NAME KIND TIME MESSAGE
|
||||||
default Warning nginx Deployment 2020-11-27T17:18:31+08:00 [imageFromUnauthorizedRegistry]
|
default Warning nginx Deployment 2020-11-27T17:18:31+08:00 [imageFromUnauthorizedRegistry]
|
||||||
kube-system Warning node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged]
|
kube-system Warning node-problem-detector DaemonSet 2020-11-27T17:18:31+08:00 [livenessProbeMissing runAsPrivileged]
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,3 @@
|
||||||
#successMessage: CPU limits are set
|
|
||||||
promptMessage: CPU limits should be set
|
promptMessage: CPU limits should be set
|
||||||
category: Resources
|
category: Resources
|
||||||
target: Container
|
target: Container
|
||||||
|
|
|
||||||
|
|
@ -23,12 +23,13 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var config string
|
var config string
|
||||||
|
var allInformation bool
|
||||||
|
|
||||||
var auditCmd = &cobra.Command{
|
var auditCmd = &cobra.Command{
|
||||||
Use: "diags",
|
Use: "diags",
|
||||||
Short: "diagnostic information from the cluster",
|
Short: "diagnostic information from the cluster",
|
||||||
Run: func(cmd *cobra.Command, args []string) {
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
err := validator.Cluster(config, cmd.Context())
|
err := validator.Cluster(config, cmd.Context(), allInformation)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
}
|
}
|
||||||
|
|
@ -39,4 +40,5 @@ func init() {
|
||||||
rootCmd.AddCommand(auditCmd)
|
rootCmd.AddCommand(auditCmd)
|
||||||
pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
|
pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
|
||||||
auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration")
|
auditCmd.Flags().StringVarP(&config, "filename", "f", "", "Customize best practice configuration")
|
||||||
|
auditCmd.Flags().BoolVarP(&allInformation, "all", "a", false, "Show more specific information")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,3 @@ func Execute() {
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
func init() {
|
|
||||||
rootCmd.PersistentFlags().BoolVar(&Verbose, "debug", true, "Print detailed information")
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func Cluster(configuration string, ctx context.Context) error {
|
func Cluster(configuration string, ctx context.Context, allInformation bool) error {
|
||||||
k, err := kube.CreateResourceProvider(ctx)
|
k, err := kube.CreateResourceProvider(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "Failed to get cluster information")
|
return errors.Wrap(err, "Failed to get cluster information")
|
||||||
|
|
@ -117,13 +117,32 @@ func Cluster(configuration string, ctx context.Context) error {
|
||||||
if len(goodPractice) != 0 {
|
if len(goodPractice) != 0 {
|
||||||
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
|
fmt.Fprintln(w, "\nNAMESPACE\tSEVERITY\tNAME\tKIND\tTIME\tMESSAGE")
|
||||||
for _, goodpractice := range goodPractice {
|
for _, goodpractice := range goodPractice {
|
||||||
|
var message []string
|
||||||
|
if allInformation {
|
||||||
|
for _, tmpMessage := range goodpractice.ContainerResults[0].Results {
|
||||||
|
message = append(message, tmpMessage.Message, "")
|
||||||
|
}
|
||||||
|
if len(goodpractice.Results) != 0 {
|
||||||
|
for _, tmpResult := range goodpractice.Results {
|
||||||
|
if tmpResult.Success == false {
|
||||||
|
message = append(message, tmpResult.Message, "")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
message = message[:len(message)-1]
|
||||||
|
} else {
|
||||||
|
message = message[:len(message)-1]
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
message = goodpractice.Message
|
||||||
|
}
|
||||||
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
|
s := fmt.Sprintf("%s\t%s\t%s\t%s\t%s\t%-8v",
|
||||||
goodpractice.Namespace,
|
goodpractice.Namespace,
|
||||||
goodpractice.Severity,
|
goodpractice.Severity,
|
||||||
goodpractice.Name,
|
goodpractice.Name,
|
||||||
goodpractice.Kind,
|
goodpractice.Kind,
|
||||||
goodpractice.CreatedTime,
|
goodpractice.CreatedTime,
|
||||||
goodpractice.Message,
|
message,
|
||||||
)
|
)
|
||||||
fmt.Fprintln(w, s)
|
fmt.Fprintln(w, s)
|
||||||
continue
|
continue
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue