diff --git a/docs/generated/checks.md b/docs/generated/checks.md index 045f79491..03254519a 100644 --- a/docs/generated/checks.md +++ b/docs/generated/checks.md @@ -530,6 +530,22 @@ KubeLinter includes the following built-in checks: {"port":22,"protocol":"TCP"} ``` +## duplicate-kinds + +**Enabled by default**: Yes + +**Description**: Indicates when too many of a kind exist within a cluster + +**Remediation**: Ensure to not have duplicate's of a kind + +**Template**: [Duplicate Kinds](generated/templates.md#duplicate-kinds) + +**Parameters**: + +````json +{} +```` + ## unsafe-proc-mount **Enabled by default**: No diff --git a/docs/generated/templates.md b/docs/generated/templates.md index 3d2baf3f8..1f85e44ab 100644 --- a/docs/generated/templates.md +++ b/docs/generated/templates.md @@ -699,6 +699,20 @@ KubeLinter supports the following templates: ] ``` +## Duplicate Kinds + +**Key**: `duplicate-kinds` + +**Description**: Flag containers that have duplicates of a kind + +**Supported Objects**: DeploymentLike + +**Parameters**: + +```json +[] +``` + ## Unsafe Proc Mount **Key**: `unsafe-proc-mount` diff --git a/pkg/builtinchecks/yamls/duplicate-kinds.yaml b/pkg/builtinchecks/yamls/duplicate-kinds.yaml new file mode 100644 index 000000000..44d4e16a5 --- /dev/null +++ b/pkg/builtinchecks/yamls/duplicate-kinds.yaml @@ -0,0 +1,7 @@ +name: "duplicate-kinds" +description: "Indicates when too many of a kind exist within a cluster" +remediation: "Ensure to not have duplicate's of a kind" +scope: + objectKinds: + - DeploymentLike +template: "duplicate-kinds" \ No newline at end of file diff --git a/pkg/templates/duplicatekinds/internal/params/params.go b/pkg/templates/duplicatekinds/internal/params/params.go new file mode 100644 index 000000000..578cc3aa8 --- /dev/null +++ b/pkg/templates/duplicatekinds/internal/params/params.go @@ -0,0 +1,5 @@ +package params + +// Params represents the params accepted by this template. +type Params struct { +} diff --git a/pkg/templates/duplicatekinds/template.go b/pkg/templates/duplicatekinds/template.go new file mode 100644 index 000000000..eb9703ca7 --- /dev/null +++ b/pkg/templates/duplicatekinds/template.go @@ -0,0 +1,60 @@ +package duplicatekinds + + +import ( + "fmt" + + "golang.stackrox.io/kube-linter/pkg/check" + "golang.stackrox.io/kube-linter/pkg/config" + "golang.stackrox.io/kube-linter/pkg/diagnostic" + "golang.stackrox.io/kube-linter/pkg/extract" + "golang.stackrox.io/kube-linter/pkg/lintcontext" + "golang.stackrox.io/kube-linter/pkg/objectkinds" + "golang.stackrox.io/kube-linter/pkg/templates" + "golang.stackrox.io/kube-linter/pkg/templates/duplicatekinds/internal/params" + v1 "k8s.io/api/core/v1" +) + +type kindStruct struct{ + str string + num int +} + +/*{ + {"deployment", 0}, + {"daemonset", 0}, + {"statefulset", 0}, + {"service", 0}, +}*/ + +func checkKindDuplicate(){ + +} + +func init() { + templates.Register(check.Template{ + HumanName: "Duplicate Kind found", + Key: "duplicate-kinds", + Description: "Flag when too many of a kind exist within a cluster", + SupportedObjectKinds: config.ObjectKindsDesc{ + ObjectKinds: []string{objectkinds.*}, + }, + Parameters: params.ParamDescs, + ParseAndValidateParams: params.ParseAndValidate, + Instantiate: params.WrapInstantiateFunc(func(_ params.Params) (check.Func, error) { + return func(_ lintcontext.LintContext, object lintcontext.Object) []diagnostic.Diagnostic { + kind, found := object.K8sObject.(*v1.kind) + if !found { + return nil + } + var results []diagnostic.Diagnostic + for _, duplicatekinds := range p.ForbiddenServiceTypes { + if strings.EqualFold(string(service.Spec.Type), servicetype) { + results = append(results, diagnostic.Diagnostic{Message: fmt.Sprintf("%q Duplicate Kind found.", duplicatekinds)}) + } + } + return results + }, nil + }), + }) +}