-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add custom rules and refactoring #102
Comments
Looking good to me. Hi @pixiake @ruiyaoOps , please help to give feedback on this user story and extension. |
Yes, Custom rules are a good idea, and we will verify as soon as possible. |
👌,Configmap is not necessary, but I want to have a configuration to control the checklist, or provide a checklist command, such as kubeeye checklist, and then the subcommand kubeeye checklist disable / enable? |
We plan to use the UI to implement the function of the management rules and display the results, but it has not yet been implemented. |
Good, there is no checklist config in this version. What else can I do? I'm glad to help |
Need to wait until January, it's busy now |
hello @leonharetd |
I think it is a good way to improve the flexibility of KubeEye. I think you can submit a pr. |
User Story
As a user Using kubeeye in a production environment, we not only uses OPA rule validation, we also used
and so on.
While meeting the above, we also hope to extend it with out of tree.
Detailed Description
Based on the above points, we extend kubeeye and refactor the code.
Feature Description
We have added the following features
custom command
Expand kubeeye's command line
Embed Rules
Function check rules provide more customized rule checks. For example, by using a shell and calling a third-party interface, you can enclose the function and return the output according to the agreed format, which can be displayed uniformly in the report.
Why
custom command
On the one hand, kubeeye can be programmed into subcommands of other command-line tools. On the other hand, other command-line tools can also become kubeeye tools.
Embed Rules
Checklist are different in different environments and different businesses, But they have something in common, If it is maintained only through an external directory, it will lead to redundancy of the checklist. Therefore, we can package it as a whole and control the start and stop of the business checklist through the configuration file later such as
Configuration file feature is still in progress.
How
custom command
A kubeeyecommand is defined using the builder pattern, You can assemble it with any command, regorule and funcrule,Finally, a cobra command line is returned.
Embed Rules
Refactor Description
In order to better add new features, we have adjusted the code structure.
Added directory funcrules, regorules, register
Funcrules: Storing default function rules
Regorules: Storing default regorules rules
Register: rules register
Use go channel mode, Fan In to connect pipeline in series, The main entrance is audit.Run
Use fs.FS abstracts local file and embedded file operations
Simplifies the function of output
Some channels have been merged
Anything else you would like to add:
https://github.com/leonharetd/kubeeye is refactor kubeeye code
https://github.com/leonharetd/kubeeye_sample is kubeeye sample
These are some of my practices. Welcome to communicate. Thank you very much🙏.
The text was updated successfully, but these errors were encountered: