Skip to content

Commit

Permalink
feat: Add check for CA-k8s version mismatch
Browse files Browse the repository at this point in the history
  • Loading branch information
dorukozturk committed Jan 31, 2023
1 parent aee0ab7 commit 6fea9b2
Show file tree
Hide file tree
Showing 4 changed files with 967 additions and 0 deletions.
28 changes: 28 additions & 0 deletions hardeneks/cluster_wide/cluster_autoscaling/cluster_autoscaler.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import boto3
from kubernetes import client
from rich.panel import Panel

Expand All @@ -23,3 +24,30 @@ def check_any_cluster_autoscaler_exists(resources: Resources):
return False
else:
return True


def ensure_cluster_autoscaler_and_cluster_versions_match(resources: Resources):

eks_client = boto3.client("eks", region_name=resources.region)
cluster_metadata = eks_client.describe_cluster(name=resources.cluster)

cluster_version = cluster_metadata["cluster"]["version"]

deployments = client.AppsV1Api().list_deployment_for_all_namespaces().items

for deployment in deployments:
if deployment.metadata.name == "cluster-autoscaler":
ca_containers = deployment.spec.template.spec.containers
ca_image = ca_containers[0].image
ca_image_version = ca_image.split(":")[-1]
if cluster_version not in ca_image_version:
console.print(
Panel(
f"[red]CA({ca_image_version})-k8s({cluster_version}) Cross version compatibility is not recommended.",
subtitle="[link=https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#operating-the-cluster-autoscaler]Click to see the guide[/link]",
)
)
console.print()
return False
else:
return True
1 change: 1 addition & 0 deletions hardeneks/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ rules:
cluster_autoscaling:
cluster_autoscaler:
- check_any_cluster_autoscaler_exists
- ensure_cluster_autoscaler_and_cluster_versions_match
namespace_based:
security:
iam:
Expand Down
Loading

0 comments on commit 6fea9b2

Please sign in to comment.