aboutsummaryrefslogtreecommitdiffstats
path: root/test/security/k8s
diff options
context:
space:
mode:
Diffstat (limited to 'test/security/k8s')
-rw-r--r--test/security/k8s/src/check/check.go12
-rw-r--r--test/security/k8s/src/check/cmd/check/check.go5
-rw-r--r--test/security/k8s/src/check/rancher/rancher.go6
-rw-r--r--test/security/k8s/src/check/raw/raw.go6
4 files changed, 27 insertions, 2 deletions
diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go
index b9814829e..cf412c112 100644
--- a/test/security/k8s/src/check/check.go
+++ b/test/security/k8s/src/check/check.go
@@ -6,6 +6,8 @@ type Informer interface {
GetAPIParams() ([]string, error)
// GetSchedulerParams returns scheduler parameters.
GetSchedulerParams() ([]string, error)
+ // GetControllerManagerParams returns controller manager parameters.
+ GetControllerManagerParams() ([]string, error)
}
// Command represents commands run on cluster.
@@ -16,15 +18,18 @@ const (
APIProcess Command = iota
// SchedulerProcess represents scheduler command ("kube-scheduler").
SchedulerProcess
+ // ControllerManagerProcess represents controller manager command ("kube-controller-manager").
+ ControllerManagerProcess
)
func (c Command) String() string {
names := [...]string{
"kube-apiserver",
"kube-scheduler",
+ "kube-controller-manager",
}
- if c < APIProcess || c > SchedulerProcess {
+ if c < APIProcess || c > ControllerManagerProcess {
return "exit"
}
return names[c]
@@ -38,15 +43,18 @@ const (
APIService Service = iota
// SchedulerService represents scheduler service ("kubernetes/scheduler").
SchedulerService
+ // ControllerManagerService represents controller manager service ("kubernetes/controller-manager").
+ ControllerManagerService
)
func (s Service) String() string {
names := [...]string{
"kubernetes/kubernetes",
"kubernetes/scheduler",
+ "kubernetes/controller-manager",
}
- if s < APIService || s > SchedulerService {
+ if s < APIService || s > ControllerManagerService {
return ""
}
return names[s]
diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go
index 2d25100f3..dd089b107 100644
--- a/test/security/k8s/src/check/cmd/check/check.go
+++ b/test/security/k8s/src/check/cmd/check/check.go
@@ -48,4 +48,9 @@ func main() {
log.Fatal(err)
}
master.CheckScheduler(schedulerParams)
+
+ _, err = info.GetControllerManagerParams()
+ if err != nil {
+ log.Fatal(err)
+ }
}
diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go
index 41f3c38e2..842fd3ff6 100644
--- a/test/security/k8s/src/check/rancher/rancher.go
+++ b/test/security/k8s/src/check/rancher/rancher.go
@@ -40,6 +40,12 @@ func (r *Rancher) GetSchedulerParams() ([]string, error) {
return getProcessParams(check.SchedulerProcess, check.SchedulerService)
}
+// GetControllerManagerParams returns parameters of running Kubernetes scheduler.
+// It queries default environment set in configuration file.
+func (r *Rancher) GetControllerManagerParams() ([]string, error) {
+ return getProcessParams(check.ControllerManagerProcess, check.ControllerManagerService)
+}
+
func getProcessParams(process check.Command, service check.Service) ([]string, error) {
hosts, err := listHosts()
if err != nil {
diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go
index 3c5409aee..04a6fa554 100644
--- a/test/security/k8s/src/check/raw/raw.go
+++ b/test/security/k8s/src/check/raw/raw.go
@@ -40,6 +40,12 @@ func (r *Raw) GetSchedulerParams() ([]string, error) {
return getProcessParams(check.SchedulerProcess)
}
+// GetControllerManagerParams returns parameters of running Kubernetes scheduler.
+// It queries only cluster nodes with "controlplane" role.
+func (r *Raw) GetControllerManagerParams() ([]string, error) {
+ return getProcessParams(check.ControllerManagerProcess)
+}
+
func getProcessParams(process check.Command) ([]string, error) {
nodes, err := config.GetNodesInfo()
if err != nil {