Documentation
¶
Index ¶
- Constants
- Variables
- func CNIConfigDirFromKubelet() string
- func GetFilePermissions(filePath string) (int, error)
- func GetFileUNIXOwnership(filePath string) (int64, int64, error)
- func IsPathExists(filename string) bool
- func LookupGroupnameByGID(gid int64, root string) (string, error)
- func ReadFileOnHostFileSystem(fileName string) ([]byte, error)
- func ReadKubeletConfig(kubeletConfArgs string) ([]byte, error)
- func SenseKernelVersion() ([]byte, error)
- func SenseKubeletConfigurations() ([]byte, error)deprecated
- func SenseOsRelease() ([]byte, error)
- type ActionType
- type ApiServerInfo
- type ContainerRuntimeInfo
- type ControlPlaneInfo
- type FileInfo
- type FileOwnership
- type K8sProcessInfo
- type KernelVariable
- type KubeProxyInfo
- type KubeletInfo
- type LinuxSecurityHardeningStatus
- type OpenPortsStatus
- type ProcessDetails
- type SenseError
Constants ¶
const (
ActionTypeGetKubeletCMD = iota + 1
)
const (
CNIDefaultConfigDir string = "/etc/cni/"
)
CNI default constants
Variables ¶
var ( ProcNetTCPPaths = []string{"/proc/net/tcp", "/proc/net/tcp6"} ProcNetUDPPaths = []string{"/proc/net/udp", "/proc/net/udp6", "/proc/net/udplite", "/proc/net/udplite6"} ProcNetICMPPaths = []string{"/proc/net/icmp", "/proc/net/icmp6"} )
var (
ErrDataDirNotFound = errors.New("failed to find etcd data-dir")
)
var (
ErrNotUnixFS = errors.New("operation not supported by the file system")
)
var (
ErrServicePathNotFound = errors.New("cannot locate service file path")
)
Functions ¶
func CNIConfigDirFromKubelet ¶
func CNIConfigDirFromKubelet() string
CNIConfigDirFromKubelet - returns cni config dir by kubelet --container-runtime-endpoint flag. Returns empty string if not found. A specific case is cri-dockerd.sock process which it's container runtime is determined by kubernetes docs.
func GetFilePermissions ¶
GetFilePermissions returns file permissions as int. On filesystem error, it returns the error as is.
func GetFileUNIXOwnership ¶
GetFileUNIXOwnership returns the user id and group of a file. On error, it return values of -1 for the ids. On filesystem error, it returns the error as is. If the filesystem not support UNIX ownership (like FAT), it returns ErrNotUnixFS.
func IsPathExists ¶
IsPathExists returns true if a given path exist and false otherwise
func LookupGroupnameByGID ¶
returns group name if gid was found in a group file {root}/etc/group, otherwise returns empty string.
func ReadFileOnHostFileSystem ¶
ReadFileOnHostFileSystem reads a file on the host file system.
func ReadKubeletConfig ¶
func SenseKernelVersion ¶
func SenseKubeletConfigurations
deprecated
func SenseOsRelease ¶
Types ¶
type ActionType ¶
type ActionType int
type ApiServerInfo ¶
type ApiServerInfo struct {
EncryptionProviderConfigFile *FileInfo `json:"encryptionProviderConfigFile,omitempty"`
AuditPolicyFile *FileInfo `json:"auditPolicyFile,omitempty"`
*K8sProcessInfo `json:",inline"`
}
type ContainerRuntimeInfo ¶
type ContainerRuntimeInfo struct {
// contains filtered or unexported fields
}
A ContainerRuntimeInfo holds a container runtime properties and process info.
type ControlPlaneInfo ¶
type ControlPlaneInfo struct {
APIServerInfo *ApiServerInfo `json:"APIServerInfo,omitempty"`
ControllerManagerInfo *K8sProcessInfo `json:"controllerManagerInfo,omitempty"`
SchedulerInfo *K8sProcessInfo `json:"schedulerInfo,omitempty"`
EtcdConfigFile *FileInfo `json:"etcdConfigFile,omitempty"`
EtcdDataDir *FileInfo `json:"etcdDataDir,omitempty"`
AdminConfigFile *FileInfo `json:"adminConfigFile,omitempty"`
PKIDIr *FileInfo `json:"PKIDir,omitempty"`
PKIFiles []*FileInfo `json:"PKIFiles,omitempty"`
CNIConfigFiles []*FileInfo `json:"CNIConfigFiles,omitempty"`
// The name of the running CNI
CNIName string `json:"CNIName,omitempty"`
}
KubeProxyInfo holds information about kube-proxy process
func SenseControlPlaneInfo ¶
func SenseControlPlaneInfo() (*ControlPlaneInfo, error)
SenseControlPlaneInfo return `ControlPlaneInfo`
type FileInfo ¶
type FileInfo struct {
// Ownership information
Ownership *FileOwnership `json:"ownership"`
// The path of the file
// Example: /etc/kubernetes/manifests/kube-apiserver.yaml
Path string `json:"path"`
// Content of the file
Content []byte `json:"content,omitempty"`
Permissions int `json:"permissions"`
}
FileInfo holds information about a file
type FileOwnership ¶
type FileOwnership struct {
// Error if couldn't get owner's file or uid/gid
Err string `json:"err,omitempty"`
// UID owner of the files
UID int64 `json:"uid"`
// GID of the file
GID int64 `json:"gid"`
// username extracted by UID from {root}/etc/passwd
Username string `json:"username"`
// group name extracted by GID from {root}/etc/group
Groupname string `json:"groupname"`
}
User FileOwnership holds the ownership of a file
type K8sProcessInfo ¶
type K8sProcessInfo struct {
// Information about the process specs file (if relevant)
SpecsFile *FileInfo `json:"specsFile,omitempty"`
// Information about the process config file (if relevant)
ConfigFile *FileInfo `json:"configFile,omitempty"`
// Information about the process kubeconfig file (if relevant)
KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"`
// Information about the process client ca file (if relevant)
ClientCAFile *FileInfo `json:"clientCAFile,omitempty"`
// Raw cmd line of the process
CmdLine string `json:"cmdLine"`
}
K8sProcessInfo holds information about a k8s process
type KernelVariable ¶
type KernelVariable struct {
Key string `json:"key"`
Value string `json:"value"`
Source string `json:"source"`
}
func SenseKernelConfs ¶
func SenseKernelConfs() ([]KernelVariable, error)
func SenseKernelVariables ¶
func SenseKernelVariables() ([]KernelVariable, error)
func SenseProcSysKernel ¶
func SenseProcSysKernel() ([]KernelVariable, error)
type KubeProxyInfo ¶
type KubeProxyInfo struct {
// Information about the kubeconfig file of kube-proxy
KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"`
// Raw cmd line of kubelet process
CmdLine string `json:"cmdLine"`
}
KubeProxyInfo holds information about kube-proxy process
func SenseKubeProxyInfo ¶
func SenseKubeProxyInfo() (*KubeProxyInfo, error)
SenseKubeProxyInfo return `KubeProxyInfo`
type KubeletInfo ¶
type KubeletInfo struct {
// ServiceFile is a list of files used to configure the kubelet service.
// Most of the times it will be a single file, under /etc/systemd/system/kubelet.service.d.
ServiceFiles []FileInfo `json:"serviceFiles,omitempty"`
// Information about kubelete config file
ConfigFile *FileInfo `json:"configFile,omitempty"`
// Information about the kubeconfig file of kubelet
KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"`
// Information about the client ca file of kubelet (if exist)
ClientCAFile *FileInfo `json:"clientCAFile,omitempty"`
// Raw cmd line of kubelet process
CmdLine string `json:"cmdLine"`
}
KubeletInfo holds information about kubelet
func SenseKubeletInfo ¶
func SenseKubeletInfo() (*KubeletInfo, error)
SenseKubeletInfo return varius information about the kubelet service
type LinuxSecurityHardeningStatus ¶
type LinuxSecurityHardeningStatus struct {
AppArmor string `json:"appArmor"`
SeLinux string `json:"seLinux"`
}
func SenseLinuxSecurityHardening ¶
func SenseLinuxSecurityHardening() (*LinuxSecurityHardeningStatus, error)
type OpenPortsStatus ¶
type OpenPortsStatus struct {
TcpPorts []procspy.Connection `json:"tcpPorts"`
UdpPorts []procspy.Connection `json:"udpPorts"`
ICMPPorts []procspy.Connection `json:"icmpPorts"`
}
func SenseOpenPorts ¶
func SenseOpenPorts() (*OpenPortsStatus, error)
type ProcessDetails ¶
func LocateKubeletProcess ¶
func LocateKubeletProcess() (*ProcessDetails, error)
func LocateProcessByExecSuffix ¶
func LocateProcessByExecSuffix(processSuffix string) (*ProcessDetails, error)
LocateProcessByExecSuffix locates process with executable name ends with `processSuffix`. The first entry at `/proc` that matches the suffix is returned, other process are ignored. It returns a `ProcessDetails` object.
func (ProcessDetails) ContaineredPath ¶
func (p ProcessDetails) ContaineredPath(filePath string) string
ContaineredPath returns path for the file that the process see. This is useful when dealing with processes that are running inside a container
func (ProcessDetails) GetArg ¶
func (p ProcessDetails) GetArg(argName string) (string, bool)
GetArg returns argument value from the process cmdline, and an ok. If the argument does not exist, it returns an empty string and `false`. If the argument exists but has no value, it returns an empty string and `true`. TODO: support multiple options
func (ProcessDetails) RawCmd ¶
func (p ProcessDetails) RawCmd() string
RawCmd returns the raw command used to start the process
func (ProcessDetails) RootDir ¶
func (p ProcessDetails) RootDir() string
RootDir returns the root directory of a process. This is useful when dealing with processes that are running inside a container
type SenseError ¶
type SenseError struct {
Massage string `json:"error"` // The error message
Function string `json:"-"` // The function where the error occurred
Code int `json:"-"` // The error code (for HTTP response codes)
// contains filtered or unexported fields
}
SenseError is informative sensor error
func (*SenseError) Is ¶
func (err *SenseError) Is(target error) bool
Is implementation for errors.Is
func (*SenseError) Unwrap ¶
func (err *SenseError) Unwrap() error
Unwrap implementation for errors.Unwrap
Source Files