add host dns wildcard check

Makefile

@@ -12,7 +12,7 @@ K0S_GO_VERSION = v1.29.8+k0s.0
 PREVIOUS_K0S_VERSION ?= v1.28.10+k0s.0
 K0S_BINARY_SOURCE_OVERRIDE =
 PREVIOUS_K0S_BINARY_SOURCE_OVERRIDE =
-TROUBLESHOOT_VERSION = v0.102.0
+TROUBLESHOOT_VERSION = v0.103.0
 KOTS_VERSION = v$(shell awk '/^version/{print $$2}' pkg/addons/adminconsole/static/metadata.yaml | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
 # When updating KOTS_BINARY_URL_OVERRIDE, also update the KOTS_VERSION above or
 # scripts/ci-upload-binaries.sh may find the version in the cache and not upload the overridden binary.

go.mod

@@ -31,7 +31,7 @@ require (
 	github.com/replicatedhq/embedded-cluster/kinds v0.0.0
 	github.com/replicatedhq/embedded-cluster/utils v0.0.0
 	github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4
-	github.com/replicatedhq/troubleshoot v0.102.0
+	github.com/replicatedhq/troubleshoot v0.103.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
@@ -177,7 +177,6 @@ require (
 	go.opentelemetry.io/otel v1.30.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.27.0 // indirect
 	go.opentelemetry.io/otel/metric v1.30.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.30.0 // indirect
 	go.opentelemetry.io/otel/trace v1.30.0 // indirect
 	go.starlark.net v0.0.0-20230717150657-8a3343210976 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
@@ -190,7 +189,7 @@ require (
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	k8s.io/apiserver v0.31.1 // indirect
-	k8s.io/cli-runtime v0.31.0 // indirect
+	k8s.io/cli-runtime v0.31.1 // indirect
 	k8s.io/component-base v0.31.1 // indirect
 	k8s.io/kubectl v0.31.0 // indirect
 	oras.land/oras-go v1.2.6 // indirect

go.sum

@@ -490,8 +490,8 @@ github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f
 github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4 h1:nsNSod6wpFpaMUq1IqnU4y2XWQd2FEKtdr02UB2udkk=
 github.com/replicatedhq/kotskinds v0.0.0-20240621115447-55148ce032e4/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I=
-github.com/replicatedhq/troubleshoot v0.102.0 h1:qPuLdio9JnZHXQ+ah1uJDbkZyh5gR9NEM88aZBkQyq0=
-github.com/replicatedhq/troubleshoot v0.102.0/go.mod h1:zw25eyvPPj6SUnoVGEUjFzWOlhH097UeJgakWLDYo9k=
+github.com/replicatedhq/troubleshoot v0.103.0 h1:nQ/9bLUSF9doTlEL9I0CHJ8LKKU83V7KOej6NGgPaXU=
+github.com/replicatedhq/troubleshoot v0.103.0/go.mod h1:AQ5IJLyTc/5PkoqITe5UqG52uMdyYkP+j2XPHfuMEhg=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -802,8 +802,8 @@ k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U=
 k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
 k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
 k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
-k8s.io/cli-runtime v0.31.0 h1:V2Q1gj1u3/WfhD475HBQrIYsoryg/LrhhK4RwpN+DhA=
-k8s.io/cli-runtime v0.31.0/go.mod h1:vg3H94wsubuvWfSmStDbekvbla5vFGC+zLWqcf+bGDw=
+k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk=
+k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U=
 k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0=
 k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg=
 k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8=

pkg/preflights/host-preflight.yaml

@@ -70,7 +70,11 @@ spec:
         fileSize: 22Mi
         operationSize: 2300
         datasync: true
-        runTime: "0" # let it run to completion
+        runTime: '0' # let it run to completion
+    - dns:
+        collectorName: 'wildcard-check'
+        hostnames:
+          - '*'
   analyzers:
     - cpu:
         checkName: CPU
@@ -269,49 +273,49 @@ spec:
         regex: 'proc'
         outcomes:
           - pass:
-              when: "true"
+              when: 'true'
               message: /proc filesystem is mounted
           - fail:
-              when: "false"
+              when: 'false'
               message: /proc filesystem must be mounted, but it currently is not
     - textAnalyze:
         checkName: "'modprobe' Command"
         fileName: host-collectors/run-host/check-modprobe.txt
         regex: 'modprobe'
         outcomes:
           - pass:
-              when: "true"
+              when: 'true'
               message: "'modprobe' command exists in PATH"
           - fail:
-              when: "false"
+              when: 'false'
               message: "'modprobe' command must exist in PATH"
     - textAnalyze:
         checkName: "'mount' Command"
         fileName: host-collectors/run-host/check-mount.txt
         regex: 'mount'
         outcomes:
           - pass:
-              when: "true"
+              when: 'true'
               message: "'mount' command exists in PATH"
           - fail:
-              when: "false"
+              when: 'false'
               message: "'mount' command must exist in PATH"
     - textAnalyze:
         checkName: "'umount' Command"
         fileName: host-collectors/run-host/check-umount.txt
         regex: 'umount'
         outcomes:
           - pass:
-              when: "true"
+              when: 'true'
               message: "'umount' command exists in PATH"
           - fail:
-              when: "false"
+              when: 'false'
               message: "'umount' command must exist in PATH"
     - hostOS:
         checkName: Kernel Version
         outcomes:
           - pass:
-              when: "kernelVersion >= 3.10"
+              when: 'kernelVersion >= 3.10'
               message: Kernel version is at least 3.10
           - fail:
               message: Kernel version must be at least 3.10
@@ -367,17 +371,30 @@ spec:
         regex: 'nameserver\s*(localhost|127\.0\.0\.1)'
         outcomes:
           - fail:
-              when: "true"
+              when: 'true'
               message: "Neither 'nameserver localhost' nor 'nameserver 127.0.0.1' can be present in resolv.conf. Remove them to continue."
           - pass:
-              when: "false"
+              when: 'false'
               message: "Neither 'nameserver localhost' nor 'nameserver 127.0.01' is present in resolv.conf"
     - filesystemPerformance:
         checkName: Filesystem Write Latency
         collectorName: filesystem-write-latency-etcd
         outcomes:
           - pass:
-              when: "p99 < 10ms"
+              when: 'p99 < 10ms'
               message: 'P99 write latency for the disk at /var/lib/k0s/etcd is {{ "{{" }} .P99 {{ "}}" }}, which is better than the 10 ms requirement.'
           - fail:
               message: 'P99 write latency for the disk at /var/lib/k0s/etcd is {{ "{{" }} .P99 {{ "}}" }}, but it must be less than 10 ms. A higher-performance disk is required.'
+    - jsonCompare:
+        checkName: Wildcard DNS
+        fileName: host-collectors/dns/wildcard-check/result.json
+        path: 'resolvedFromSearch'
+        value: |
+          ""
+        outcomes:
+          - fail:
+              when: 'false'
+              message: 'Possible wildcard DNS entry detected at: {{ "{{" }}  .resolvedFromSearch {{ "}}" }} . Remove the search domain OR remove the wildcard DNS entry.'
+          - pass:
+              when: 'true'
+              message: No wildcard DNS entry detected.