kube_auto_analyzer 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/kube_auto_analyzer/agent_checks/process_checks.rb +12 -0
- data/lib/kube_auto_analyzer/api_checks/master_node.rb +13 -0
- data/lib/kube_auto_analyzer/js_files/chartkick.js +1817 -0
- data/lib/kube_auto_analyzer/js_files/highcharts.js +402 -0
- data/lib/kube_auto_analyzer/js_files/test.html +11 -0
- data/lib/kube_auto_analyzer/reporting.rb +101 -0
- data/lib/kube_auto_analyzer/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b212499095793da59595c95f41a0bdd3718ec462
|
|
4
|
+
data.tar.gz: 8e12eef51832ebfe3932040931f545920a8401b1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2f85d2bce93fcaec371fed52bc4c0b235cd2a0decc33845ebeb7d4ae08c7c0a785d6a0a2bc29f9d0ddc8f6b240a28e3e34c434f5ca83147aaae896f48604f9f6
|
|
7
|
+
data.tar.gz: 3cd1e421d9611c3a6c4d7628060b5dac492ee687c3e9947747230459878432b0ad2b351a0ec437b283469b745a87bc20465f2185bc6657b4ac564063a03799dd
|
|
@@ -143,6 +143,18 @@ module KubeAutoAnalyzer
|
|
|
143
143
|
else
|
|
144
144
|
@results[target]['kubelet_checks'][node_hostname]['CIS 2.1.13 - Ensure that the --cadvisor-port argument is set to 0'] = "Pass"
|
|
145
145
|
end
|
|
146
|
+
|
|
147
|
+
unless kubelet_proc =~ /--feature-gates=RotateKubeletClientCertificate=true/
|
|
148
|
+
@results[target]['kubelet_checks'][node_hostname]['CIS 2.1.14 - Ensure that the RotateKubeletClientCertificate argument is set to true'] = "Fail"
|
|
149
|
+
else
|
|
150
|
+
@results[target]['kubelet_checks'][node_hostname]['CIS 2.1.14 - Ensure that the RotateKubeletClientCertificate argument is set to true'] = "Pass"
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
unless kubelet_proc =~ /--feature-gates=RotateKubeletServerCertificate=true/
|
|
154
|
+
@results[target]['kubelet_checks'][node_hostname]['CIS 2.1.15 - Ensure that the RotateKubeletServerCertificate argument is set to true'] = "Fail"
|
|
155
|
+
else
|
|
156
|
+
@results[target]['kubelet_checks'][node_hostname]['CIS 2.1.15 - Ensure that the RotateKubeletServerCertificate argument is set to true'] = "Pass"
|
|
157
|
+
end
|
|
146
158
|
#Need an ensure block here to make sure that the pod is deleted after its run
|
|
147
159
|
ensure
|
|
148
160
|
@client.delete_pod(container_name,"default")
|
|
@@ -385,6 +385,19 @@ module KubeAutoAnalyzer
|
|
|
385
385
|
@results[target]['etcd']['CIS 1.5.6 - Ensure that the --peer-auto-tls argument is not set to true'] = "Pass"
|
|
386
386
|
end
|
|
387
387
|
|
|
388
|
+
#This isn't quite right as we should really check the dir. but as that's not easily done lets start with an existence check
|
|
389
|
+
unless etcd_command_line.index{|line| line =~ /--wall-dir/}
|
|
390
|
+
@results[target]['etcd']['CIS 1.5.7 - Ensure that the --wal-dir argument is set as appropriate'] = "Fail"
|
|
391
|
+
else
|
|
392
|
+
@results[target]['etcd']['CIS 1.5.7 - Ensure that the --wal-dir argument is set as appropriate'] = "Pass"
|
|
393
|
+
end
|
|
394
|
+
|
|
395
|
+
unless etcd_command_line.index{|line| line =~ /--max-wals=0/}
|
|
396
|
+
@results[target]['etcd']['CIS 1.5.8 - Ensure that the --max-wals argument is set to 0'] = "Fail"
|
|
397
|
+
else
|
|
398
|
+
@results[target]['etcd']['CIS 1.5.8 - Ensure that the --max-wals argument is set to 0'] = "Pass"
|
|
399
|
+
end
|
|
400
|
+
|
|
388
401
|
|
|
389
402
|
|
|
390
403
|
@results[target]['evidence']['etcd'] = etcd_command_line
|