mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity

Merge pull request #106 from chaitanyaenr/selinux

Browse source 
Add label to advertise selinux status
This commit is contained in:
Balaji Subramaniam 2018-04-10 16:38:09 -07:00 committed by GitHub
commit 0e4c7a6617
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -41,7 +41,7 @@ node-feature-discovery.
-h --help Show this screen. -h --help Show this screen.
--version Output version and exit. --version Output version and exit.
--sources=<sources> Comma separated list of feature sources. --sources=<sources> Comma separated list of feature sources.
[Default: cpuid,rdt,pstate,memory,network,storage] [Default: cpuid,rdt,pstate,memory,network,storage,selinux]
--no-publish Do not publish discovered features to the --no-publish Do not publish discovered features to the
cluster-local Kubernetes API server. cluster-local Kubernetes API server.
--label-whitelist=<pattern> Regular expression to filter label names to --label-whitelist=<pattern> Regular expression to filter label names to
@ -60,6 +60,7 @@ The current set of feature sources are the following:
- Memory - Memory
- Network - Network
- Storage - Storage
- Selinux
### Feature labels ### Feature labels
@ -83,7 +84,8 @@ the only label value published for features is the string `"true"`._
"node.alpha.kubernetes-incubator.io/nfd-pstate-<feature-name>": "true", "node.alpha.kubernetes-incubator.io/nfd-pstate-<feature-name>": "true",
"node.alpha.kubernetes-incubator.io/nfd-memory-<feature-name>": "true", "node.alpha.kubernetes-incubator.io/nfd-memory-<feature-name>": "true",
"node.alpha.kubernetes-incubator.io/nfd-network-<feature-name>": "true", "node.alpha.kubernetes-incubator.io/nfd-network-<feature-name>": "true",
"node.alpha.kubernetes-incubator.io/nfd-storage-<feature-name>": "true" "node.alpha.kubernetes-incubator.io/nfd-storage-<feature-name>": "true",
"node.alpha.kubernetes-incubator.io/nfd-selinux-<feature-name>": "true"
} }
``` ```
@ -134,6 +136,12 @@ such as restricting discovered features with the --label-whitelist option._
| :--------------: | :---------------------------------------------------------------------------------: | | :--------------: | :---------------------------------------------------------------------------------: |
| nonrotationaldisk | Non-rotational disk, like SSD, is present in the node | nonrotationaldisk | Non-rotational disk, like SSD, is present in the node
### Selinux Features
| Feature name | Description |
| :--------------: | :---------------------------------------------------------------------------------: |
| selinux | selinux is enabled on the node
## Getting started ## Getting started
### System requirements ### System requirements

4
main.go
View file

@ -17,6 +17,7 @@ import (
"github.com/kubernetes-incubator/node-feature-discovery/source/pstate" "github.com/kubernetes-incubator/node-feature-discovery/source/pstate"
"github.com/kubernetes-incubator/node-feature-discovery/source/storage" "github.com/kubernetes-incubator/node-feature-discovery/source/storage"
"github.com/kubernetes-incubator/node-feature-discovery/source/rdt" "github.com/kubernetes-incubator/node-feature-discovery/source/rdt"
"github.com/kubernetes-incubator/node-feature-discovery/source/selinux"
api "k8s.io/api/core/v1" api "k8s.io/api/core/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
k8sclient "k8s.io/client-go/kubernetes" k8sclient "k8s.io/client-go/kubernetes"
@ -110,7 +111,7 @@ func argsParse(argv []string) (noPublish bool, sourcesArg []string, whiteListArg
-h --help Show this screen. -h --help Show this screen.
--version Output version and exit. --version Output version and exit.
--sources=<sources> Comma separated list of feature sources. --sources=<sources> Comma separated list of feature sources.
[Default: cpuid,rdt,pstate,memory,network,storage] [Default: cpuid,rdt,pstate,memory,network,storage,selinux]
--no-publish Do not publish discovered features to the --no-publish Do not publish discovered features to the
cluster-local Kubernetes API server. cluster-local Kubernetes API server.
--label-whitelist=<pattern> Regular expression to filter label names to --label-whitelist=<pattern> Regular expression to filter label names to
@ -148,6 +149,7 @@ func configureParameters(sourcesArg []string, whiteListArg string) (sources []so
memory.Source{}, memory.Source{},
network.Source{}, network.Source{},
storage.Source{}, storage.Source{},
selinux.Source{},
fake.Source{}, fake.Source{},
panic_fake.Source{}, panic_fake.Source{},
} }

4
main_test.go
View file

@ -132,7 +132,7 @@ func TestArgsParse(t *testing.T) {
Convey("noPublish is set and sourcesArg is set to the default value", func() { Convey("noPublish is set and sourcesArg is set to the default value", func() {
So(noPublish, ShouldBeTrue) So(noPublish, ShouldBeTrue)
So(sourcesArg, ShouldResemble, []string{"cpuid", "rdt", "pstate", "memory", "network", "storage"}) So(sourcesArg, ShouldResemble, []string{"cpuid", "rdt", "pstate", "memory", "network", "storage", "selinux"})
So(len(whiteListArg), ShouldEqual, 0) So(len(whiteListArg), ShouldEqual, 0)
}) })
}) })
@ -152,7 +152,7 @@ func TestArgsParse(t *testing.T) {
Convey("whiteListArg is set to appropriate value and sourcesArg is set to default value", func() { Convey("whiteListArg is set to appropriate value and sourcesArg is set to default value", func() {
So(noPublish, ShouldBeFalse) So(noPublish, ShouldBeFalse)
So(sourcesArg, ShouldResemble, []string{"cpuid", "rdt", "pstate", "memory", "network", "storage"}) So(sourcesArg, ShouldResemble, []string{"cpuid", "rdt", "pstate", "memory", "network", "storage","selinux"})
So(whiteListArg, ShouldResemble, ".*rdt.*") So(whiteListArg, ShouldResemble, ".*rdt.*")
}) })
}) })

18
node-feature-discovery-job.json.template
View file

@ -17,7 +17,7 @@
} }
}, },
"spec": { "spec": {
"hostNetwork": true, "hostNetwork": true,
"containers": [ "containers": [
{ {
"env": [ "env": [
@ -37,10 +37,24 @@
"containerPort": 7156, "containerPort": 7156,
"hostPort": 7156 "hostPort": 7156
} }
],
"volumeMounts": [
{
"name": "host-sys",
"mountPath": "/host-sys"
}
] ]
} }
], ],
"restartPolicy": "Never" "restartPolicy": "Never",
"volumes": [
{
"name": "host-sys",
"hostPath": {
"path": "/sys"
}
}
]
} }
} }
} }

39
source/selinux/selinux.go Normal file
View file

@ -0,0 +1,39 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package selinux
import (
"io/ioutil"
"fmt"
)
type Source struct{}
func (s Source) Name() string { return "selinux" }
func (s Source) Discover() ([]string, error) {
features := []string{}
status, err := ioutil.ReadFile("/host-sys/fs/selinux/enforce")
if err != nil {
return nil, fmt.Errorf("Failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error())
}
if status[0] == byte('1') {
// selinux is enabled.
features = append(features, "enabled")
}
return features, nil
}