mirror of
https://github.com/lucky-sideburn/kubeinvaders.git
synced 2026-02-14 17:50:00 +00:00
added kube-linter
This commit is contained in:
Eugenio Marzo
@@ -18,11 +18,14 @@ RUN luarocks install luasec
|
||||
RUN luarocks install lunajson
|
||||
|
||||
# Install kube-linter
|
||||
RUN curl -L -O https://github.com/stackrox/kube-linter/releases/download/0.1.5/kube-linter-linux.tar.gz
|
||||
RUN curl -L -O https://github.com/stackrox/kube-linter/releases/download/0.2.4/kube-linter-linux.tar.gz
|
||||
RUN tar -xvf kube-linter-linux.tar.gz
|
||||
RUN rm -f kube-linter-linux.tar.gz
|
||||
RUN cp kube-linter /usr/local/bin/
|
||||
RUN chmod 775 /usr/local/bin/kube-linter
|
||||
RUN mkdir /tmp/kube-linter-pods
|
||||
RUN chmod 777 /tmp/kube-linter-pods
|
||||
|
||||
COPY kube-linter/kube-linter-parser.sh /opt/kube-linter-parser.sh
|
||||
RUN chmod +x /opt/kube-linter-parser.sh
|
||||
|
||||
@@ -42,6 +45,7 @@ COPY nginx/nginx.conf /etc/nginx/nginx.conf
|
||||
COPY scripts/metrics.lua /usr/local/openresty/nginx/conf/kubeinvaders/metrics.lua
|
||||
COPY scripts/pod.lua /usr/local/openresty/nginx/conf/kubeinvaders/pod.lua
|
||||
COPY scripts/node.lua /usr/local/openresty/nginx/conf/kubeinvaders/node.lua
|
||||
COPY scripts/kube-linter.lua /usr/local/openresty/nginx/conf/kubeinvaders/kube-linter.lua
|
||||
COPY scripts/chaos-node.lua /usr/local/openresty/nginx/conf/kubeinvaders/chaos-node.lua
|
||||
COPY scripts/chaos-containers.lua /usr/local/openresty/nginx/conf/kubeinvaders/chaos-containers.lua
|
||||
COPY scripts/config_kubeinv.lua /usr/local/openresty/lualib/config_kubeinv.lua
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
<font style="color: #0cf52b;">Menu</font>
|
||||
</a>
|
||||
<ul class="dropdown-menu dropdown-menu-dark" aria-labelledby="navbarDarkDropdownMenuLink">
|
||||
<li><a class="dropdown-item" href="#" onclick="runKubeLinter()">Run KubeLinter On Curent Namespace</a></li>
|
||||
<li><a class="dropdown-item" href="#" onclick="showSpecialKeys()">Show Special Keys</a></li>
|
||||
<li><a class="dropdown-item" href="#" onclick="showCurrentChaosContainer()">Show Current Chaos Container for nodes</a></li>
|
||||
<li><a class="dropdown-item" href="#" onclick="showSetCurrentChaosContainer()">Set Custom Chaos Container for nodes</a></li>
|
||||
@@ -53,6 +54,19 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="modal" id="kubeLinterModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
|
||||
<div class="modal-dialog modal-xl modal-dialog-scrollable" role="document">
|
||||
<div class="modal-content">
|
||||
<div class="modal-body">
|
||||
<pre id="currentKubeLinterResult"></pre>
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-default" data-dismiss="modal" onclick="closeKubeLinterModal()">Close</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="modal fade" id="setChaosContainerModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
|
||||
<div class="modal-dialog" role="document">
|
||||
<div class="modal-content">
|
||||
@@ -135,7 +149,7 @@
|
||||
</div>
|
||||
<div id="footer" style="margin-top: 5%;">
|
||||
<div class="container text-center">
|
||||
<p class="text-muted credit" style="color:#fff">kubeinvaders_version: v1.9</p>
|
||||
<p class="text-muted credit" style="color:#fff">kubeinvaders_version: develop</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -205,7 +219,12 @@
|
||||
$('#setChaosContainerModal').modal('hide');
|
||||
modal_opened = false;
|
||||
}
|
||||
|
||||
|
||||
function closeKubeLinterModal() {
|
||||
$('#kubeLinterModal').modal('hide');
|
||||
modal_opened = false;
|
||||
}
|
||||
|
||||
$('textarea').on('input', function() {
|
||||
$('#alert_placeholder2').text('');
|
||||
});
|
||||
|
||||
@@ -78,6 +78,7 @@ var chaos_nodes = true;
|
||||
var chaos_pods = true;
|
||||
|
||||
var alert_div = '<div id="alert_placeholder" style="margin-top: 2%; background-color:#000000; color: #0cf52b" class="alert" role="alert">';
|
||||
var kubelinter = '';
|
||||
|
||||
function IsJsonString(str) {
|
||||
try {
|
||||
@@ -100,7 +101,7 @@ function contains(a, obj) {
|
||||
function getMetrics() {
|
||||
var oReq = new XMLHttpRequest();
|
||||
oReq.onload = function () {
|
||||
console.log(this.responseText);
|
||||
//console.log(this.responseText);
|
||||
var lines = this.responseText.split('\n');
|
||||
for (var i = 0;i < lines.length;i++){
|
||||
metric = lines[i].split(' ');
|
||||
@@ -126,12 +127,25 @@ function getMetrics() {
|
||||
oReq.send();
|
||||
}
|
||||
|
||||
function runKubeLinter() {
|
||||
$('#kubeLinterModal').modal('show');
|
||||
modal_opened = true;
|
||||
var oReq = new XMLHttpRequest();
|
||||
oReq.onload = function () {
|
||||
kubelinter = this.responseText;
|
||||
result_parsed = JSON.stringify(JSON.parse(kubelinter), null, 4);
|
||||
$('#currentKubeLinterResult').text(result_parsed);
|
||||
};;
|
||||
//console.log("https://ENDPOINT_PLACEHOLDER/kube/kube-linter?namespace=" + namespace);
|
||||
oReq.open("GET", "https://ENDPOINT_PLACEHOLDER/kube/kube-linter?namespace=" + namespace);
|
||||
oReq.send();
|
||||
}
|
||||
function getNamespaces() {
|
||||
var oReq = new XMLHttpRequest();
|
||||
oReq.onload = function () {
|
||||
namespaces = this.responseText;
|
||||
namespaces = namespaces.split(",");
|
||||
namespace = namespaces[namespaces_index];
|
||||
namespaces = this.responseText;
|
||||
namespaces = namespaces.split(",");
|
||||
namespace = namespaces[namespaces_index];
|
||||
};;
|
||||
oReq.open("GET", "https://ENDPOINT_PLACEHOLDER/kube/namespaces");
|
||||
oReq.send();
|
||||
@@ -149,9 +163,8 @@ function getEndpoint() {
|
||||
function getCurrentChaosContainer() {
|
||||
var oReq = new XMLHttpRequest();
|
||||
oReq.onload = function () {
|
||||
console.log(this.responseText);
|
||||
//console.log(this.responseText);
|
||||
job_parsed = JSON.stringify(JSON.parse(this.responseText), null, 4);
|
||||
console.log(job_parsed);
|
||||
$('#currentChaosContainrYaml').text(job_parsed);
|
||||
$('#currentChaosContainerJsonTextArea').val(job_parsed);
|
||||
};;
|
||||
@@ -169,7 +182,7 @@ function setChaosContainer() {
|
||||
|
||||
oReq.onreadystatechange = function () {
|
||||
if (this.readyState === XMLHttpRequest.DONE && this.status === 200) {
|
||||
console.log(this.responseText);
|
||||
//console.log(this.responseText);
|
||||
$('#alert_placeholder2').text('New container definition has been saved.');
|
||||
}
|
||||
};;
|
||||
|
||||
@@ -1,23 +1,18 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Very temporary work-around
|
||||
KUBE=$(cat /etc/nginx/conf.d/KubeInvaders.conf | grep proxy_pass | head -n1 | awk '{ print $2 }' | sed 's/;//g')
|
||||
|
||||
POD_FILE=/tmp/${3}.json
|
||||
|
||||
curl -XGET "${KUBE}/api/v1/namespaces/${2}/pods/${3}" --header "Authorization: Bearer ${4}" --silent -k > ${POD_FILE}
|
||||
[ ! $? -eq 0 ] && (echo "{}" && exit 0)
|
||||
|
||||
chmod 775 ${POD_FILE}
|
||||
wcl=$(cat $POD_FILE | wc -l )
|
||||
|
||||
if [ $wcl -gt 0 ];then
|
||||
kube-linter lint ${POD_FILE} 2>&1 |
|
||||
while read -r line
|
||||
do
|
||||
echo $line | sed -n 's/^\([^\ ]*\)\ \(([^\(]*)\)\ \(.*\)$/\3/p'
|
||||
done | jq -R -s -c 'split("\n")'
|
||||
rm -f ${POD_FILE}
|
||||
if [ ! -z "$K8S_TOKEN" ];then
|
||||
echo 'Found K8S_TOKEN... using K8S_TOKEN instead of TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)'
|
||||
export TOKEN=$K8S_TOKEN
|
||||
else
|
||||
echo "{}"
|
||||
fi
|
||||
# Source the service account token from the container directly.
|
||||
export TOKEN="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
|
||||
fi
|
||||
|
||||
for i in $(curl -k -s https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/namespaces/${1}/pods/ \
|
||||
--header "Authorization: Bearer ${TOKEN}" | jq -rM '.items[].metadata.name')
|
||||
do
|
||||
curl -k -s https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT_HTTPS}/api/v1/namespaces/${1}/pods/${i} \
|
||||
--header "Authorization: Bearer ${TOKEN}" > /tmp/kube-linter-pods/${i}.yaml
|
||||
done
|
||||
|
||||
kube-linter lint /tmp/kube-linter-pods/* --format json
|
||||
@@ -33,6 +33,10 @@ server {
|
||||
access_by_lua_file "/usr/local/openresty/nginx/conf/kubeinvaders/chaos-node.lua";
|
||||
}
|
||||
|
||||
location /kube/kube-linter {
|
||||
access_by_lua_file "/usr/local/openresty/nginx/conf/kubeinvaders/kube-linter.lua";
|
||||
}
|
||||
|
||||
location /kube/endpoint {
|
||||
content_by_lua_block {
|
||||
ngx.header['Access-Control-Allow-Origin'] = '*'
|
||||
@@ -85,18 +89,6 @@ server {
|
||||
}
|
||||
}
|
||||
|
||||
location /kube/kube-linter {
|
||||
default_type text/html;
|
||||
content_by_lua_block {
|
||||
local arg = ngx.req.get_uri_args()
|
||||
ngx.req.read_body()
|
||||
local request_body = ngx.req.get_body_data()
|
||||
local handle = io.popen("/opt/kube-linter-parser.sh " .. arg['k8s_url'] .. " " .. arg['namespace'] .. " " .. arg['pod_name'] .. " " .. arg['token'])
|
||||
local result = handle:read("*a")
|
||||
ngx.say(result)
|
||||
}
|
||||
}
|
||||
|
||||
location /kube/chaos/containers {
|
||||
lua_need_request_body 'on';
|
||||
access_by_lua_file "/usr/local/openresty/nginx/conf/kubeinvaders/chaos-containers.lua";
|
||||
|
||||
15
scripts/kube-linter.lua
Normal file
15
scripts/kube-linter.lua
Normal file
@@ -0,0 +1,15 @@
|
||||
|
||||
|
||||
ngx.header['Access-Control-Allow-Origin'] = '*'
|
||||
ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'
|
||||
ngx.header['Access-Control-Allow-Headers'] = 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
|
||||
ngx.header['Access-Control-Expose-Headers'] = 'Content-Length,Content-Range';
|
||||
ngx.req.read_body()
|
||||
|
||||
local request_body = ngx.req.get_body_data()
|
||||
local arg = ngx.req.get_uri_args()
|
||||
local namespace = arg['namespace']
|
||||
|
||||
local handle = io.popen("/opt/kube-linter-parser.sh " .. namespace)
|
||||
local result = handle:read("*a")
|
||||
ngx.say(result)
|
||||
Reference in New Issue
Block a user