From 52ba79c07aa517160698ee7e04797447448ebf3c Mon Sep 17 00:00:00 2001
From: Parth Inamdar <parth.inamdar1@gmail.com>
Date: Mon, 29 Nov 2021 22:01:38 -0500
Subject: Added Security, Policy, Observability & Plugin Checks

Security Checks:
Checking for security config on the cluster, consisting of capability, privilege, host network, host path and
connectivity checks

Policy Checks:
Validating CPU Manager and Topology Manager policies against the settings from PDF

Observability Checks
Checking existence and health of prometheus, node-exporter and collectd pods

Plugin checks
Checking for the existence of multi-interface pod (multus) and validating the list of CNI against the PDF

Also added usage information and pdf field information to userguide.rst file in the docs section. For reference, I have added a PDF.json in sdv/docker/sdvstate/settings section file to look at necessary configuration required for the kuberef validation.

Signed-off-by: Parth V Inamdar <parth.inamdar1@gmail.com>
Change-Id: I28dc8e687c14cba099230f2226b4add79a55a7ad
---
 .../sdvstate/internal/validator/kuberef/kuberef.py | 29 ++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py')

diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py b/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py
index 4768e81..f42c723 100644
--- a/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/kuberef.py
@@ -22,6 +22,14 @@ from datetime import datetime as dt
 
 from internal import store_result
 from internal.validator.validator import Validator
+from internal.validator.kuberef.policy_checks import topology_manager_policy_check, cpu_manager_policy_check
+from internal.validator.kuberef.security_check import capability_check, privilege_check, host_network_check
+from internal.validator.kuberef.security_check import host_path_vol_check, k8s_api_conn_check
+from internal.validator.kuberef.monitoring_agent_checker import collectd_check, monitoring_agent_check
+from internal.validator.kuberef.node_exporter_checker import node_exporter_check
+from internal.validator.kuberef.plugin_check import cni_plugin_check, multi_interface_cni_check
+from internal.validator.kuberef.helm_check import helmv2_disabled_check
+from internal.validator.kuberef.kubevirt_health_check import kubevirt_check
 from tools.conf import settings
 from tools.kube_utils import load_kube_api
 
@@ -82,8 +90,29 @@ class KuberefValidator(Validator):
 
         # PLATFORM CHECKS
         self.update_report(pod_health_check())
+        self.update_report(kubevirt_check())
+        self.update_report(helmv2_disabled_check())
+        self.update_report(capability_check())
+        self.update_report(privilege_check())
+        self.update_report(host_network_check())
+        self.update_report(host_path_vol_check())
+        self.update_report(k8s_api_conn_check())
+
+
+        # MONITORING & LOGGING AGENT CHECKS
+        self.update_report(monitoring_agent_check())
+        self.update_report(collectd_check())
+        self.update_report(node_exporter_check())
 
         # COMPUTE CHECKS
+        self.update_report(cpu_manager_policy_check())
+        self.update_report(topology_manager_policy_check())
+
+
+        # NETWORK CHECKS
+        self.update_report(cni_plugin_check())
+        self.update_report(multi_interface_cni_check())
+
 
 
     def get_report(self):
-- 
cgit 1.2.3-korg