From 96f4e2fe0ef3bfaf8371f29562ecb6129f20e3ab Mon Sep 17 00:00:00 2001 From: Pawel Wieczorek Date: Fri, 27 Sep 2019 16:10:33 +0200 Subject: k8s: Add scheduler information collection Issue-ID: SECCOM-235 Change-Id: I7da645737440172d3cf11f33069daa2697f83056 Signed-off-by: Pawel Wieczorek --- test/security/k8s/src/check/check.go | 12 ++++++++++-- test/security/k8s/src/check/cmd/check/check.go | 5 +++++ test/security/k8s/src/check/rancher/rancher.go | 6 ++++++ test/security/k8s/src/check/raw/raw.go | 6 ++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/test/security/k8s/src/check/check.go b/test/security/k8s/src/check/check.go index c185887d7..b9814829e 100644 --- a/test/security/k8s/src/check/check.go +++ b/test/security/k8s/src/check/check.go @@ -4,6 +4,8 @@ package check type Informer interface { // GetAPIParams returns API server parameters. GetAPIParams() ([]string, error) + // GetSchedulerParams returns scheduler parameters. + GetSchedulerParams() ([]string, error) } // Command represents commands run on cluster. @@ -12,14 +14,17 @@ type Command int const ( // APIProcess represents API server command ("kube-apiserver"). APIProcess Command = iota + // SchedulerProcess represents scheduler command ("kube-scheduler"). + SchedulerProcess ) func (c Command) String() string { names := [...]string{ "kube-apiserver", + "kube-scheduler", } - if c < APIProcess || c > APIProcess { + if c < APIProcess || c > SchedulerProcess { return "exit" } return names[c] @@ -31,14 +36,17 @@ type Service int const ( // APIService represents API server service ("kubernetes/kubernetes"). APIService Service = iota + // SchedulerService represents scheduler service ("kubernetes/scheduler"). + SchedulerService ) func (s Service) String() string { names := [...]string{ "kubernetes/kubernetes", + "kubernetes/scheduler", } - if s < APIService || s > APIService { + if s < APIService || s > SchedulerService { return "" } return names[s] diff --git a/test/security/k8s/src/check/cmd/check/check.go b/test/security/k8s/src/check/cmd/check/check.go index 40e3a092c..e60912801 100644 --- a/test/security/k8s/src/check/cmd/check/check.go +++ b/test/security/k8s/src/check/cmd/check/check.go @@ -42,4 +42,9 @@ func main() { log.Fatal(err) } master.CheckAPI(apiParams) + + _, err = info.GetSchedulerParams() + if err != nil { + log.Fatal(err) + } } diff --git a/test/security/k8s/src/check/rancher/rancher.go b/test/security/k8s/src/check/rancher/rancher.go index d77f15445..41f3c38e2 100644 --- a/test/security/k8s/src/check/rancher/rancher.go +++ b/test/security/k8s/src/check/rancher/rancher.go @@ -34,6 +34,12 @@ func (r *Rancher) GetAPIParams() ([]string, error) { return getProcessParams(check.APIProcess, check.APIService) } +// GetSchedulerParams returns parameters of running Kubernetes scheduler. +// It queries default environment set in configuration file. +func (r *Rancher) GetSchedulerParams() ([]string, error) { + return getProcessParams(check.SchedulerProcess, check.SchedulerService) +} + func getProcessParams(process check.Command, service check.Service) ([]string, error) { hosts, err := listHosts() if err != nil { diff --git a/test/security/k8s/src/check/raw/raw.go b/test/security/k8s/src/check/raw/raw.go index 2a9f0a17f..3c5409aee 100644 --- a/test/security/k8s/src/check/raw/raw.go +++ b/test/security/k8s/src/check/raw/raw.go @@ -34,6 +34,12 @@ func (r *Raw) GetAPIParams() ([]string, error) { return getProcessParams(check.APIProcess) } +// GetSchedulerParams returns parameters of running Kubernetes scheduler. +// It queries only cluster nodes with "controlplane" role. +func (r *Raw) GetSchedulerParams() ([]string, error) { + return getProcessParams(check.SchedulerProcess) +} + func getProcessParams(process check.Command) ([]string, error) { nodes, err := config.GetNodesInfo() if err != nil { -- cgit 1.2.3-korg