diff options
| author |   Parth Inamdar <parth.inamdar1@gmail.com> | 2021-11-29 22:01:38 -0500 |
|---|---|---|
| committer | Parth Inamdar <parth.inamdar1@gmail.com> | 2021-11-30 05:25:24 +0000 |
| commit | 52ba79c07aa517160698ee7e04797447448ebf3c (patch) | |
| tree | 5a27ed50d5f75d21eaf789ae027ac7e899cb254d /docs | |
| parent | bfd37762bdf91a7f89d4ebc259454ddb2f5e7b3d (diff) | |
Added Security, Policy, Observability & Plugin Checks
Security Checks:
Checking for security config on the cluster, consisting of capability, privilege, host network, host path and
connectivity checks
Policy Checks:
Validating CPU Manager and Topology Manager policies against the settings from PDF
Observability Checks
Checking existence and health of prometheus, node-exporter and collectd pods
Plugin checks
Checking for the existence of multi-interface pod (multus) and validating the list of CNI against the PDF
Also added usage information and pdf field information to userguide.rst file in the docs section. For reference, I have added a PDF.json in sdv/docker/sdvstate/settings section file to look at necessary configuration required for the kuberef validation.
Signed-off-by: Parth V Inamdar <parth.inamdar1@gmail.com>
Change-Id: I28dc8e687c14cba099230f2226b4add79a55a7ad
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/state/user/userguide.rst | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/docs/state/user/userguide.rst b/docs/state/user/userguide.rst index ef95584..17470d8 100644 --- a/docs/state/user/userguide.rst +++ b/docs/state/user/userguide.rst @@ -2,11 +2,12 @@ SDVState User Guide ==================== -Currently, SDVState supports validation of Airship 1.7. Before running checks you need two files: - - kubeconfig file which gives access to clusterAPI of Airship cluster. - - PDF(Pod Descriptor File) of the current Airship deployment. +Currently, SDVState supports validation of Airship 1.7 and Kuberef, Kuberef, a reference implementation according to the CNTT RA-2. Before running checks you need two files: + - kubeconfig file which gives access to clusterAPI of the cluster. + - PDF(Pod Descriptor File) of the current the deployment. -Create a config file of SDVState using the above files as values. Look at example conf-file at sdv/docker/sdvstate/example/state.yml +To choose between Airship and Kuberef, you need to specify the installer using "installer_used" field in the PDF of your deployment, it can either "airship" or "kuberef". +You also need to create a config file of SDVState using the above files as values. Look at example conf-file at sdv/docker/sdvstate/settings/state.yml To run checks use command: @@ -19,4 +20,13 @@ After running checks, you can find all results at ``/tmp`` directory by default. SDVState uses default settings stored at sdv/docker/sdvstate/settings. We can override default settings by adding those in our conf-file. To view help and all available options with the SDVState tool check help command: - ``./state --help``
\ No newline at end of file + ``./state --help`` + + For properly running validation on kuberef, we need some additions to the PDF file. Take a look at the PDF file at sdv/docker/sdvstate/settings/PDF.json + + We need to add following entries in the "vim_functional" field of PDF to make the validation work properly. + + - cpu_manager_policy: It includes the details about the cpu manager policy and it is important for the policy_checks + - topo_manager_policy: It includes the details about the topology manager policy and it is important for the policy_checks + - cnis_supported: It includes list of cnis supported by the cluster and it is important for the cni_plugin_check. + |