diff options
author | Parth Inamdar <parth.inamdar1@gmail.com> | 2021-11-29 22:01:38 -0500 |
---|---|---|
committer | Parth Inamdar <parth.inamdar1@gmail.com> | 2021-11-30 05:25:24 +0000 |
commit | 52ba79c07aa517160698ee7e04797447448ebf3c (patch) | |
tree | 5a27ed50d5f75d21eaf789ae027ac7e899cb254d /sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py | |
parent | bfd37762bdf91a7f89d4ebc259454ddb2f5e7b3d (diff) |
Added Security, Policy, Observability & Plugin Checks
Security Checks:
Checking for security config on the cluster, consisting of capability, privilege, host network, host path and
connectivity checks
Policy Checks:
Validating CPU Manager and Topology Manager policies against the settings from PDF
Observability Checks
Checking existence and health of prometheus, node-exporter and collectd pods
Plugin checks
Checking for the existence of multi-interface pod (multus) and validating the list of CNI against the PDF
Also added usage information and pdf field information to userguide.rst file in the docs section. For reference, I have added a PDF.json in sdv/docker/sdvstate/settings section file to look at necessary configuration required for the kuberef validation.
Signed-off-by: Parth V Inamdar <parth.inamdar1@gmail.com>
Change-Id: I28dc8e687c14cba099230f2226b4add79a55a7ad
Diffstat (limited to 'sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py')
-rw-r--r-- | sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py b/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py index 4768e81..f42c723 100644 --- a/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py +++ b/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py @@ -22,6 +22,14 @@ from datetime import datetime as dt from internal import store_result from internal.validator.validator import Validator +from internal.validator.kuberef.policy_checks import topology_manager_policy_check, cpu_manager_policy_check +from internal.validator.kuberef.security_check import capability_check, privilege_check, host_network_check +from internal.validator.kuberef.security_check import host_path_vol_check, k8s_api_conn_check +from internal.validator.kuberef.monitoring_agent_checker import collectd_check, monitoring_agent_check +from internal.validator.kuberef.node_exporter_checker import node_exporter_check +from internal.validator.kuberef.plugin_check import cni_plugin_check, multi_interface_cni_check +from internal.validator.kuberef.helm_check import helmv2_disabled_check +from internal.validator.kuberef.kubevirt_health_check import kubevirt_check from tools.conf import settings from tools.kube_utils import load_kube_api @@ -82,8 +90,29 @@ class KuberefValidator(Validator): # PLATFORM CHECKS self.update_report(pod_health_check()) + self.update_report(kubevirt_check()) + self.update_report(helmv2_disabled_check()) + self.update_report(capability_check()) + self.update_report(privilege_check()) + self.update_report(host_network_check()) + self.update_report(host_path_vol_check()) + self.update_report(k8s_api_conn_check()) + + + # MONITORING & LOGGING AGENT CHECKS + self.update_report(monitoring_agent_check()) + self.update_report(collectd_check()) + self.update_report(node_exporter_check()) # COMPUTE CHECKS + self.update_report(cpu_manager_policy_check()) + self.update_report(topology_manager_policy_check()) + + + # NETWORK CHECKS + self.update_report(cni_plugin_check()) + self.update_report(multi_interface_cni_check()) + def get_report(self): |