kube_auto_analyzer 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 62e3662e8af79fd34786e09365d3dc9247facc66
-  data.tar.gz: 6f8b1ab40edfba133847ebc220863c00f5d5f6c6
+  metadata.gz: 8fd1aff1f5704afeae2c8834fc74af48bdec557b
+  data.tar.gz: f9db491c94623efc96d3250db2023c1da9af59b0
 SHA512:
-  metadata.gz: 47fdb79b36cdf3cad35b13f9225426e3c926040a60dbf806ca1b2d7b388ce0a88d6037e172571b58ad2db9d45cf46b005e4e7c242e24629160bb9dd6484e290e
-  data.tar.gz: 28f825709c18510c33d0e524e877b6de640489d63c0668df9c05256ff64a0a635820ee157e6e8585afec48d1d7f19973f712607a7e060b45a9042f37fbb7e37e
+  metadata.gz: 8b4513de20ce3a52618dec8c5bad3b86d9c9d80b7b3281101655dc2f5bf4a0e577dd1186be9cc0cb2c927515ed9c1b0cc55574b091fb2ee5a9acfcf868d300a4
+  data.tar.gz: ef690999d310ef569f7bb06b03b486133724393e7e82020ff77e69d374b0ba806d234f539f6b15762b9bb332c7129ecbdc23706c2ab879cb44aad0ec53064acc

data/bin/kubeautoanalyzer

@@ -9,6 +9,7 @@
   options.report_file = 'kube-parse-report'
   options.target_server = 'http://127.0.0.1:8080'
   options.html_report = false
+  options.json_report = false
   options.token = ''
   options.token_file = ''
   options.config_file = false
@@ -33,6 +34,14 @@
       options.token = token
     end
 
+    opts.on("-j", "--json", "Create a JSON report") do |json|
+      options.json_report = true
+    end
+
+    opts.on("--html", "Create an HTML report") do |html|
+      options.html_report = true
+    end
+
     opts.on("-f", "--token_file [TOKENFILE]", "Token file to use (provide full path)") do |token_file|
       options.token = token_file
     end
@@ -68,4 +77,10 @@
     exit
   end
 
+  unless (options.json_report || options.html_report)
+    puts "You need to ask for either an HTML report or a JSON one (or both)"
+    puts opts
+    exit
+  end
+
 KubeAutoAnalyzer.execute(options)

data/lib/kube_auto_analyzer/agent_checks/file_checks.rb

@@ -4,15 +4,12 @@ module KubeAutoAnalyzer
     require 'json'
     @log.debug ("entering File check")
     target = @options.target_server
-    @results[target]['worker_files'] = Hash.new
+    @results[target]['node_files'] = Hash.new
+
 
-    #Run on any nodes that aren't NoSchedule
-    #Doesn't necessarily mean worker nodes, but a reasonable facsimile for now.
     nodes = Array.new
     @client.get_nodes.each do |node|
-      unless node.spec.taints.to_s =~ /NoSchedule/
-        nodes << node
-      end
+      nodes << node
     end
     nodes.each do |nod|
       node_hostname = nod.metadata.labels['kubernetes.io/hostname']
@@ -25,6 +22,11 @@ module KubeAutoAnalyzer
       pod.spec.restartPolicy = "Never"
       pod.spec.containers = {}
       pod.spec.containers = [{name: "kubeautoanalyzerfiletest", image: "raesene/kaa-agent:latest"}]
+
+      #Try the Toleration for Master
+      pod.spec.tolerations = {}
+      pod.spec.tolerations = [{ key:"key", operator:"Equal", value:"value",effect:"NoSchedule"}]
+      
       pod.spec.volumes = [{name: 'etck8s', hostPath: {path: '/etc'}}]
       pod.spec.containers[0].volumeMounts = [{mountPath: '/etc', name: 'etck8s'}]
       pod.spec.containers[0].args = ["/file-checker.rb","/etc/kubernetes"]
@@ -39,13 +41,13 @@ module KubeAutoAnalyzer
         end
         files = JSON.parse(@client.get_pod_log(container_name,"default"))
       
-        @results[target]['worker_files'][node_hostname] = files
+        @results[target]['node_files'][node_hostname] = files
       ensure
         @client.delete_pod(container_name,"default")
       end
 
     end
-    @log.debug("Finished Worker File Check")
+    @log.debug("Finished Node File Check")
   end
 
 end

data/lib/kube_auto_analyzer/agent_checks/process_checks.rb

@@ -9,9 +9,9 @@ module KubeAutoAnalyzer
 
     nodes = Array.new
     @client.get_nodes.each do |node|
-      unless node.spec.taints.to_s =~ /NoSchedule/
+    #  unless node.spec.taints.to_s =~ /NoSchedule/
         nodes << node
-      end
+    #  end
     end
 
     nodes.each do |nod|
@@ -25,6 +25,11 @@ module KubeAutoAnalyzer
       pod.spec.restartPolicy = "Never"
       pod.spec.containers = {}
       pod.spec.containers = [{name: "kaakubelettest", image: "raesene/kaa-agent:latest"}]
+      
+      #Try the Toleration for Master
+      pod.spec.tolerations = {}
+      pod.spec.tolerations = [{ key:"key", operator:"Equal", value:"value",effect:"NoSchedule"}]
+
       pod.spec.containers[0].args = ["/process-checker.rb"]
       pod.spec.hostPID = true
       pod.spec.nodeselector = {}

data/lib/kube_auto_analyzer/reporting.rb

@@ -1,54 +1,10 @@
 module KubeAutoAnalyzer
 
-  def self.report
+  def self.json_report
+    require 'json'
     @log.debug("Starting Report")
-    @report_file.puts "Kubernetes Analyzer"
-    @report_file.puts "===================\n\n"
-    @report_file.puts "**Server Reviewed** : #{@options.target_server}"
-    @report_file.puts "\n\nAPI Server Results"
-    @report_file.puts "----------------------\n\n"
-    @results[@options.target_server]['api_server'].each do |test, result|
-      @report_file.puts '* ' + test + ' - **' + result + '**'
-    end
-    @report_file.puts "\n\nScheduler Results"
-    @report_file.puts "----------------------\n\n"
-    @results[@options.target_server]['scheduler'].each do |test, result|
-      @report_file.puts '* ' + test + ' - **' + result + '**'
-    end
-
-    @report_file.puts "\n\nController Manager Results"
-    @report_file.puts "----------------------\n\n"
-    @results[@options.target_server]['controller_manager'].each do |test, result|
-      @report_file.puts '* ' + test + ' - **' + result + '**'
-    end
-
-    @report_file.puts "\n\netcd Results"
-    @report_file.puts "----------------------\n\n"
-    @results[@options.target_server]['etcd'].each do |test, result|
-      @report_file.puts '* ' + test + ' - **' + result + '**'
-    end
-    if @options.agent_file_checks
-      @report_file.puts "\n\nWorker Nodes File Permissions"
-      @report_file.puts "----------------------\n\n"
-      @log.debug("Class is #{@results[@options.target_server]['worker_files'].class}")
-      @results[@options.target_server]['worker_files'].each do |node, results|
-        @report_file.puts "\n\n#{node}\n"
-        results.each do |file|
-         @report_file.puts file.join(', ')
-        end
-      end
-    end
+    @json_report_file.puts JSON.generate(@results) 
 
-    @report_file.puts "\n\nEvidence"
-    @report_file.puts "---------------\n\n"
-    @report_file.puts '    ' + @results[@options.target_server]['evidence']['API Server'].to_s
-    @report_file.puts "---------------\n\n"
-    @report_file.puts '    ' + @results[@options.target_server]['evidence']['Scheduler'].to_s
-    @report_file.puts "---------------\n\n"
-    @report_file.puts '    ' + @results[@options.target_server]['evidence']['Controller Manager'].to_s
-    @report_file.puts "---------------\n\n"
-    @report_file.puts '    ' + @results[@options.target_server]['evidence']['etcd'].to_s
-    @report_file.close
   end
 
   def self.html_report
@@ -295,8 +251,8 @@ module KubeAutoAnalyzer
     #Close the Worker Node Div
     @html_report_file.puts '</div>'
     if @options.agent_checks
-      @html_report_file.puts '<br><h2>File Permissions</h2>'
-      @results[@options.target_server]['worker_files'].each do |node, results|
+      @html_report_file.puts '<br><h2>Node File Permissions</h2>'
+      @results[@options.target_server]['node_files'].each do |node, results|
         @html_report_file.puts "<br><b>#{node}</b><br>"
         @html_report_file.puts "<table><thead><tr><th>file</th><th>user</th><th>group</th><th>permissions</th></thead>"
         results.each do |file|

data/lib/kube_auto_analyzer/version.rb

@@ -1,3 +1,3 @@
 module KubeAutoAnalyzer
-  VERSION = "0.0.6"
+  VERSION = "0.0.7"
 end

data/lib/kube_auto_analyzer/vuln_checks/amicontained.rb

@@ -10,9 +10,7 @@ module KubeAutoAnalyzer
 
     nodes = Array.new
     @client.get_nodes.each do |node|
-      unless node.spec.taints.to_s =~ /NoSchedule/
-        nodes << node
-      end
+      nodes << node
     end
     
     nodes.each do |nod|
@@ -28,6 +26,11 @@ module KubeAutoAnalyzer
       pod.spec.containers = {}
       pod.spec.containers = [{name: "kubeautoanalyzerkubelettest", image: "raesene/kaa-agent:latest"}]
       pod.spec.containers[0].args = ["/amicontained.rb"]
+
+      #Try the Toleration for Master
+      pod.spec.tolerations = {}
+      pod.spec.tolerations = [{ key:"key", operator:"Equal", value:"value",effect:"NoSchedule"}]
+      
       pod.spec.nodeselector = {}
       pod.spec.nodeselector['kubernetes.io/hostname'] = node_hostname
       begin

data/lib/kube_auto_analyzer.rb

@@ -33,9 +33,13 @@ module KubeAutoAnalyzer
     @log.debug("Target API Server is " + @options.target_server)
 
     @report_file_name = @base_dir + '/' + @options.report_file
-    #Remove the Text report for now as we're not using this option
-    #@report_file = File.new(@report_file_name + '.txt','w+')
-    @html_report_file = File.new(@report_file_name + '.html','w+')
+    if @options.json_report
+      @json_report_file = File.new(@report_file_name + '.json','w+')
+    end
+
+    if @options.html_report
+      @html_report_file = File.new(@report_file_name + '.html','w+')
+    end
     @log.debug("New Report File created #{@report_file_name}")
         
     @results = Hash.new
@@ -96,7 +100,12 @@ module KubeAutoAnalyzer
       check_kubelet_process
       check_amicontained
     end
-    html_report
+    if @options.html_report
+      html_report
+    end
+    if @options.json_report
+      json_report
+    end
   end
 
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kube_auto_analyzer
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Rory McCune