From 52ba79c07aa517160698ee7e04797447448ebf3c Mon Sep 17 00:00:00 2001
From: Parth Inamdar <parth.inamdar1@gmail.com>
Date: Mon, 29 Nov 2021 22:01:38 -0500
Subject: Added Security, Policy, Observability & Plugin Checks

Security Checks:
Checking for security config on the cluster, consisting of capability, privilege, host network, host path and
connectivity checks

Policy Checks:
Validating CPU Manager and Topology Manager policies against the settings from PDF

Observability Checks
Checking existence and health of prometheus, node-exporter and collectd pods

Plugin checks
Checking for the existence of multi-interface pod (multus) and validating the list of CNI against the PDF

Also added usage information and pdf field information to userguide.rst file in the docs section. For reference, I have added a PDF.json in sdv/docker/sdvstate/settings section file to look at necessary configuration required for the kuberef validation.

Signed-off-by: Parth V Inamdar <parth.inamdar1@gmail.com>
Change-Id: I28dc8e687c14cba099230f2226b4add79a55a7ad
---
 .../validator/kuberef/node_exporter_checker.py     | 65 ++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 sdv/docker/sdvstate/internal/validator/kuberef/node_exporter_checker.py

(limited to 'sdv/docker/sdvstate/internal/validator/kuberef/node_exporter_checker.py')

diff --git a/sdv/docker/sdvstate/internal/validator/kuberef/node_exporter_checker.py b/sdv/docker/sdvstate/internal/validator/kuberef/node_exporter_checker.py
new file mode 100644
index 0000000..7262fb1
--- /dev/null
+++ b/sdv/docker/sdvstate/internal/validator/kuberef/node_exporter_checker.py
@@ -0,0 +1,65 @@
+"""
+Node Exporter Check
+"""
+
+import logging
+from tools.kube_utils import kube_api
+from internal.checks.pod_health_check import pod_status, get_logs
+from internal.store_result import store_result
+
+
+def node_exporter_check():
+    """
+    Checks existence & health of node exporter pods
+    """
+    kube = kube_api()
+    namespaces = kube.list_namespace()
+    ns_names = []
+    for nspace in namespaces.items:
+        ns_names.append(nspace.metadata.name)
+
+    result = {'category':  'observability',
+              'case_name': 'node_exporter_check',
+              'criteria':  'pass',
+              'details': []
+             }
+
+    status = []
+
+    flag = False
+
+    logger = logging.getLogger(__name__)
+
+    if 'monitoring' in ns_names:
+        pod_list = kube.list_namespaced_pod('monitoring', watch=False)
+        pods = pod_list.items
+        for pod in pods:
+            if 'node-exporter' in pod.metadata.name:
+                pod_stats = pod_status(logger, pod)
+                if pod_stats['criteria'] == 'fail':
+                    pod_stats['logs'] = get_logs(kube, pod)
+                    result['criteria'] = 'fail'
+                status.append(pod.metadata.name)
+                status.append(pod_stats)
+                flag = True
+    else:
+        for nspace in namespaces.items:
+            pod_list = kube.list_namespaced_pod(nspace.metadata.name, watch=False)
+            pods = pod_list.items
+            for pod in pods:
+                if 'node-exporter' in pod.metadata.name:
+                    pod_stats = pod_status(logger, pod)
+                    if pod_stats['criteria'] == 'fail':
+                        pod_stats['logs'] = get_logs(kube, pod)
+                        result['criteria'] = 'fail'
+                    status.append(pod.metadata.name)
+                    status.append(pod_stats)
+                    flag = True
+
+    if flag is False:
+        result['criteria'] = 'fail'
+
+    result['details'].append(status)
+
+    store_result(logger, result)
+    return result
-- 
cgit 1.2.3-korg