Skip to content

Commit

Permalink
add host dns wildcard check
Browse files Browse the repository at this point in the history
  • Loading branch information
@nvanthao
nvanthao committed Sep 25, 2024
1 parent e2cfe38 commit ebfe34c
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 14 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ K0S_GO_VERSION = v1.29.8+k0s.0
PREVIOUS_K0S_VERSION ?= v1.28.10+k0s.0
K0S_BINARY_SOURCE_OVERRIDE =
PREVIOUS_K0S_BINARY_SOURCE_OVERRIDE =
TROUBLESHOOT_VERSION = v0.102.0
TROUBLESHOOT_VERSION = v0.103.0
KOTS_VERSION = v$(shell awk '/^version/{print $$2}' pkg/addons/adminconsole/static/metadata.yaml | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
# When updating KOTS_BINARY_URL_OVERRIDE, also update the KOTS_VERSION above or
# scripts/ci-upload-binaries.sh may find the version in the cache and not upload the overridden binary.
Expand Down
43 changes: 30 additions & 13 deletions pkg/preflights/host-preflight.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,11 @@ spec:
fileSize: 22Mi
operationSize: 2300
datasync: true
runTime: "0" # let it run to completion
runTime: '0' # let it run to completion
- dns:
collectorName: 'wildcard-check'
hostnames:
- '*'
analyzers:
- cpu:
checkName: CPU
Expand Down Expand Up @@ -269,49 +273,49 @@ spec:
regex: 'proc'
outcomes:
- pass:
when: "true"
when: 'true'
message: /proc filesystem is mounted
- fail:
when: "false"
when: 'false'
message: /proc filesystem must be mounted, but it currently is not
- textAnalyze:
checkName: "'modprobe' Command"
fileName: host-collectors/run-host/check-modprobe.txt
regex: 'modprobe'
outcomes:
- pass:
when: "true"
when: 'true'
message: "'modprobe' command exists in PATH"
- fail:
when: "false"
when: 'false'
message: "'modprobe' command must exist in PATH"
- textAnalyze:
checkName: "'mount' Command"
fileName: host-collectors/run-host/check-mount.txt
regex: 'mount'
outcomes:
- pass:
when: "true"
when: 'true'
message: "'mount' command exists in PATH"
- fail:
when: "false"
when: 'false'
message: "'mount' command must exist in PATH"
- textAnalyze:
checkName: "'umount' Command"
fileName: host-collectors/run-host/check-umount.txt
regex: 'umount'
outcomes:
- pass:
when: "true"
when: 'true'
message: "'umount' command exists in PATH"
- fail:
when: "false"
when: 'false'
message: "'umount' command must exist in PATH"
- hostOS:
checkName: Kernel Version
outcomes:
- pass:
when: "kernelVersion >= 3.10"
when: 'kernelVersion >= 3.10'
message: Kernel version is at least 3.10
- fail:
message: Kernel version must be at least 3.10
Expand Down Expand Up @@ -367,17 +371,30 @@ spec:
regex: 'nameserver\s*(localhost|127\.0\.0\.1)'
outcomes:
- fail:
when: "true"
when: 'true'
message: "Neither 'nameserver localhost' nor 'nameserver 127.0.0.1' can be present in resolv.conf. Remove them to continue."
- pass:
when: "false"
when: 'false'
message: "Neither 'nameserver localhost' nor 'nameserver 127.0.01' is present in resolv.conf"
- filesystemPerformance:
checkName: Filesystem Write Latency
collectorName: filesystem-write-latency-etcd
outcomes:
- pass:
when: "p99 < 10ms"
when: 'p99 < 10ms'
message: 'P99 write latency for the disk at /var/lib/k0s/etcd is {{ "{{" }} .P99 {{ "}}" }}, which is better than the 10 ms requirement.'
- fail:
message: 'P99 write latency for the disk at /var/lib/k0s/etcd is {{ "{{" }} .P99 {{ "}}" }}, but it must be less than 10 ms. A higher-performance disk is required.'
- jsonCompare:
checkName: Wildcard DNS
fileName: host-collectors/dns/wildcard-check/result.json
path: 'resolvedFromSearch'
value: |
""
outcomes:
- fail:
when: 'false'
message: 'Possible wildcard DNS entry detected at: {{ "{{" }} .resolvedFromSearch {{ "}}" }} . Remove the search domain OR remove the wildcard DNS entry.'
- pass:
when: 'true'
message: No wildcard DNS entry detected.

0 comments on commit ebfe34c

Please sign in to comment.