Documentation ¶
Index ¶
- Constants
- Variables
- func CNIConfigDirFromKubelet() string
- func GetFilePermissions(filePath string) (int, error)
- func GetFileUNIXOwnership(filePath string) (int64, int64, error)
- func IsPathExists(filename string) bool
- func LookupGroupnameByGID(gid int64, root string) (string, error)
- func ReadFileOnHostFileSystem(fileName string) ([]byte, error)
- func ReadKubeletConfig(kubeletConfArgs string) ([]byte, error)
- func SenseKernelVersion() ([]byte, error)
- func SenseKubeletConfigurations() ([]byte, error)deprecated
- func SenseOsRelease() ([]byte, error)
- type ActionType
- type ApiServerInfo
- type ContainerRuntimeInfo
- type ControlPlaneInfo
- type FileInfo
- type FileOwnership
- type K8sProcessInfo
- type KernelVariable
- type KubeProxyInfo
- type KubeletInfo
- type LinuxSecurityHardeningStatus
- type OpenPortsStatus
- type ProcessDetails
- type SenseError
Constants ¶
const (
ActionTypeGetKubeletCMD = iota + 1
)
const (
CNIDefaultConfigDir string = "/etc/cni/"
)
CNI default constants
Variables ¶
var ( ProcNetTCPPaths = []string{"/proc/net/tcp", "/proc/net/tcp6"} ProcNetUDPPaths = []string{"/proc/net/udp", "/proc/net/udp6", "/proc/net/udplite", "/proc/net/udplite6"} ProcNetICMPPaths = []string{"/proc/net/icmp", "/proc/net/icmp6"} )
var (
ErrDataDirNotFound = errors.New("failed to find etcd data-dir")
)
var (
ErrNotUnixFS = errors.New("operation not supported by the file system")
)
var (
ErrServicePathNotFound = errors.New("cannot locate service file path")
)
Functions ¶
func CNIConfigDirFromKubelet ¶
func CNIConfigDirFromKubelet() string
CNIConfigDirFromKubelet - returns cni config dir by kubelet --container-runtime-endpoint flag. Returns empty string if not found. A specific case is cri-dockerd.sock process which it's container runtime is determined by kubernetes docs.
func GetFilePermissions ¶
GetFilePermissions returns file permissions as int. On filesystem error, it returns the error as is.
func GetFileUNIXOwnership ¶
GetFileUNIXOwnership returns the user id and group of a file. On error, it return values of -1 for the ids. On filesystem error, it returns the error as is. If the filesystem not support UNIX ownership (like FAT), it returns ErrNotUnixFS.
func IsPathExists ¶
IsPathExists returns true if a given path exist and false otherwise
func LookupGroupnameByGID ¶
returns group name if gid was found in a group file {root}/etc/group, otherwise returns empty string.
func ReadFileOnHostFileSystem ¶
ReadFileOnHostFileSystem reads a file on the host file system.
func ReadKubeletConfig ¶
func SenseKernelVersion ¶
func SenseKubeletConfigurations
deprecated
func SenseOsRelease ¶
Types ¶
type ActionType ¶
type ActionType int
type ApiServerInfo ¶
type ApiServerInfo struct { EncryptionProviderConfigFile *FileInfo `json:"encryptionProviderConfigFile,omitempty"` AuditPolicyFile *FileInfo `json:"auditPolicyFile,omitempty"` *K8sProcessInfo `json:",inline"` }
type ContainerRuntimeInfo ¶
type ContainerRuntimeInfo struct {
// contains filtered or unexported fields
}
A ContainerRuntimeInfo holds a container runtime properties and process info.
type ControlPlaneInfo ¶
type ControlPlaneInfo struct { APIServerInfo *ApiServerInfo `json:"APIServerInfo,omitempty"` ControllerManagerInfo *K8sProcessInfo `json:"controllerManagerInfo,omitempty"` SchedulerInfo *K8sProcessInfo `json:"schedulerInfo,omitempty"` EtcdConfigFile *FileInfo `json:"etcdConfigFile,omitempty"` EtcdDataDir *FileInfo `json:"etcdDataDir,omitempty"` AdminConfigFile *FileInfo `json:"adminConfigFile,omitempty"` PKIDIr *FileInfo `json:"PKIDir,omitempty"` PKIFiles []*FileInfo `json:"PKIFiles,omitempty"` CNIConfigFiles []*FileInfo `json:"CNIConfigFiles,omitempty"` // The name of the running CNI CNIName string `json:"CNIName,omitempty"` }
KubeProxyInfo holds information about kube-proxy process
func SenseControlPlaneInfo ¶
func SenseControlPlaneInfo() (*ControlPlaneInfo, error)
SenseControlPlaneInfo return `ControlPlaneInfo`
type FileInfo ¶
type FileInfo struct { // Ownership information Ownership *FileOwnership `json:"ownership"` // The path of the file // Example: /etc/kubernetes/manifests/kube-apiserver.yaml Path string `json:"path"` // Content of the file Content []byte `json:"content,omitempty"` Permissions int `json:"permissions"` }
FileInfo holds information about a file
type FileOwnership ¶
type FileOwnership struct { // Error if couldn't get owner's file or uid/gid Err string `json:"err,omitempty"` // UID owner of the files UID int64 `json:"uid"` // GID of the file GID int64 `json:"gid"` // username extracted by UID from {root}/etc/passwd Username string `json:"username"` // group name extracted by GID from {root}/etc/group Groupname string `json:"groupname"` }
User FileOwnership holds the ownership of a file
type K8sProcessInfo ¶
type K8sProcessInfo struct { // Information about the process specs file (if relevant) SpecsFile *FileInfo `json:"specsFile,omitempty"` // Information about the process config file (if relevant) ConfigFile *FileInfo `json:"configFile,omitempty"` // Information about the process kubeconfig file (if relevant) KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"` // Information about the process client ca file (if relevant) ClientCAFile *FileInfo `json:"clientCAFile,omitempty"` // Raw cmd line of the process CmdLine string `json:"cmdLine"` }
K8sProcessInfo holds information about a k8s process
type KernelVariable ¶
type KernelVariable struct { Key string `json:"key"` Value string `json:"value"` Source string `json:"source"` }
func SenseKernelConfs ¶
func SenseKernelConfs() ([]KernelVariable, error)
func SenseKernelVariables ¶
func SenseKernelVariables() ([]KernelVariable, error)
func SenseProcSysKernel ¶
func SenseProcSysKernel() ([]KernelVariable, error)
type KubeProxyInfo ¶
type KubeProxyInfo struct { // Information about the kubeconfig file of kube-proxy KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"` // Raw cmd line of kubelet process CmdLine string `json:"cmdLine"` }
KubeProxyInfo holds information about kube-proxy process
func SenseKubeProxyInfo ¶
func SenseKubeProxyInfo() (*KubeProxyInfo, error)
SenseKubeProxyInfo return `KubeProxyInfo`
type KubeletInfo ¶
type KubeletInfo struct { // ServiceFile is a list of files used to configure the kubelet service. // Most of the times it will be a single file, under /etc/systemd/system/kubelet.service.d. ServiceFiles []FileInfo `json:"serviceFiles,omitempty"` // Information about kubelete config file ConfigFile *FileInfo `json:"configFile,omitempty"` // Information about the kubeconfig file of kubelet KubeConfigFile *FileInfo `json:"kubeConfigFile,omitempty"` // Information about the client ca file of kubelet (if exist) ClientCAFile *FileInfo `json:"clientCAFile,omitempty"` // Raw cmd line of kubelet process CmdLine string `json:"cmdLine"` }
KubeletInfo holds information about kubelet
func SenseKubeletInfo ¶
func SenseKubeletInfo() (*KubeletInfo, error)
SenseKubeletInfo return varius information about the kubelet service
type LinuxSecurityHardeningStatus ¶
type LinuxSecurityHardeningStatus struct { AppArmor string `json:"appArmor"` SeLinux string `json:"seLinux"` }
func SenseLinuxSecurityHardening ¶
func SenseLinuxSecurityHardening() (*LinuxSecurityHardeningStatus, error)
type OpenPortsStatus ¶
type OpenPortsStatus struct { TcpPorts []procspy.Connection `json:"tcpPorts"` UdpPorts []procspy.Connection `json:"udpPorts"` ICMPPorts []procspy.Connection `json:"icmpPorts"` }
func SenseOpenPorts ¶
func SenseOpenPorts() (*OpenPortsStatus, error)
type ProcessDetails ¶
func LocateKubeletProcess ¶
func LocateKubeletProcess() (*ProcessDetails, error)
func LocateProcessByExecSuffix ¶
func LocateProcessByExecSuffix(processSuffix string) (*ProcessDetails, error)
LocateProcessByExecSuffix locates process with executable name ends with `processSuffix`. The first entry at `/proc` that matches the suffix is returned, other process are ignored. It returns a `ProcessDetails` object.
func (ProcessDetails) ContaineredPath ¶
func (p ProcessDetails) ContaineredPath(filePath string) string
ContaineredPath returns path for the file that the process see. This is useful when dealing with processes that are running inside a container
func (ProcessDetails) GetArg ¶
func (p ProcessDetails) GetArg(argName string) (string, bool)
GetArg returns argument value from the process cmdline, and an ok. If the argument does not exist, it returns an empty string and `false`. If the argument exists but has no value, it returns an empty string and `true`. TODO: support multiple options
func (ProcessDetails) RawCmd ¶
func (p ProcessDetails) RawCmd() string
RawCmd returns the raw command used to start the process
func (ProcessDetails) RootDir ¶
func (p ProcessDetails) RootDir() string
RootDir returns the root directory of a process. This is useful when dealing with processes that are running inside a container
type SenseError ¶
type SenseError struct { Massage string `json:"error"` // The error message Function string `json:"-"` // The function where the error occurred Code int `json:"-"` // The error code (for HTTP response codes) // contains filtered or unexported fields }
SenseError is informative sensor error
func (*SenseError) Is ¶
func (err *SenseError) Is(target error) bool
Is implementation for errors.Is
func (*SenseError) Unwrap ¶
func (err *SenseError) Unwrap() error
Unwrap implementation for errors.Unwrap