Skip to content

Latest commit

 

History

History
110 lines (83 loc) · 3.31 KB

README.md

File metadata and controls

110 lines (83 loc) · 3.31 KB
Raw

kaudit

Auditing tool for resources in Kubernetes.

App Def Working Group

The App Def working group has develop a guide line for labels and annotations here.

This project attempts to do two things:

JSON Spec

The app-def.json file in this repo defines the JSON Schema for labels and annotations.

Audit Tool

The kaudit tool accepts a JSON Schema config file and validates all objects in the workload API adhere adhere to the schema.

Usage

Installation

$ go get github.com/runyontr/kaudit

Deploy Samples

Execute the following from the command line to deploy two different deployments. The deployment foo are configured with the appropriate labels and annotations, where bar is missing all of the labels and annotations

Kubernetes 1.9.0+

$ kubectl apply -f ./deployments/1.9.0/

Kubernetes <1.9.0

$ kubectl apply -f ./deployments/1.8.0/

Validate

Validate there are two deployments

$ kubectl get deployments
NAME             DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
bar-deployment   3         3         3            3           35m
foo-deployment   1         1         1            1           36m

running the kaudit command should demonstrate which labels and annotations are missing from which applications:

$ kaudit --spec app-def.json

deployments: 
bar-deployment:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
foo-deployment:	Ok!
replicasets: 
bar-deployment-589f55cb9d:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
foo-deployment-57fc95945b:	Errors:
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
foo-deployment-744646dc5d:	Ok!
exit status 7

To compare against v1 resources (e.g. services, pods) use the following:

$ kaudit --spec app-def.json --version v1


pods: 
bar-deployment-589f55cb9d-qftz2:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
bar-deployment-589f55cb9d-t5sm5:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
bar-deployment-589f55cb9d-xdcms:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
foo-deployment-744646dc5d-z25n5:	Ok!
services: 
kubernetes:	Errors:
	 - app.kubernetes.io/name: app.kubernetes.io/name is required
	 - app.kubernetes.io/version: app.kubernetes.io/version is required
	 - app.kubernetes.io/deploy-manager: app.kubernetes.io/deploy-manager is required
exit status 12