Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add google cloud integration on k8sgpt #1013

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

add google cloud integration on k8sgpt #1013

wants to merge 2 commits into from

Conversation

tozastation
Copy link

@tozastation tozastation commented Mar 13, 2024
edited

Closes #1012

πŸ“‘ Description

βœ… Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

β„Ή Additional Information

  • GKEClusterNotificationAnalysis
    • there are three type of notifications
      • UpgradeEvent (k8sgpt output example)
      • UpgradeAvailabilityEvent (k8sgpt output example)
      • SecurityBulletinEvent (k8sgpt output example)
    • there are two prompts
      • gke_cluster_notification_upgrade_prompt
      • gke_cluster_notification_security_bulletin_event_prompt
      • β€» I separated the prompts for vulnerability and update information because they are different types of notifications
    • reference url
  • About Source Code
    • integration/googlecloud
      • gke.go
        • This file is an implementation of GKEAnalyzer, which can be optionally turned on or off, following Trivy's implementation method.
      • gke_test.go
        • This test checks if the cluster notification payload can be converted to a structure
      • googlecloud.go
        • It follows other integration implementations.
      • pubsubclient.go
        • PubSub Client is used to receive GKE cluster notifications from Cloud Pub/Sub; the reason for using the REST endpoint instead of gRPC is that we wanted to query only as much as needed, without using gRPC Streaming.
  • k8sgpt.yaml
    • Parameters are required when initializing the client and GKEAnalyzer.
googlecloud:
    gke:
        cluster_notification_analysis_list:
            - cluster_notification_subscription_id: tozastation-gke-cluster-notification-pull-subscription
              project_id: 123456789
    pubsub:
        enable_ack: false # Default true
        timeout_sec: 10 # Default 10
        max_messages: 1 # Default 1

Next actions planned after PR is completed

  • Server Mode support for Google Cloud Integration
  • k8sgpt operator support for Google Cloud Integration
  • Support for making it possible to specify the option because the explanation of CVE needed to loosen the Safety Setting when verified by GoogleCloudVertexAI.

@tozastation tozastation marked this pull request as draft March 13, 2024 09:45
@tozastation
Copy link
Author

tozastation commented Mar 28, 2024
edited

GKE Cluster Notification UpgradeEvent

--- VertexAI Gemini Pro Response Example ---

Notification

{
  "resourceType": "MASTER",
  "operation": "operation-1595889094437-87b7254a",
  "operationStartTime": "2020-07-27T22:31:34.437652293Z",
  "currentVersion": "1.15.12-gke.2",
  "targetVersion": "1.15.12-gke.9"
}

Notification Attribute

  • project id: 123456789
  • cluster location: us-central1-c
  • cluster name: example-cluster

Explanation
This is a UpgradeEvent or UpgradeAvailabilityEvent of Google Kubernetes Engine (GKE) cluster notification.
The cluster is upgrading from version 1.15.12-gke.2 to version 1.15.12-gke.9.

Next Action
You can ignore this notification.

Reference URL
https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-upgrades

@tozastation
Copy link
Author

tozastation commented Mar 28, 2024
edited

GKE Cluster Notification UpgradeAvailabilityEvent

--- VertexAI Gemini Pro Response Example ---

Notification

{
  "version": "1.17.15-gke.800",
  "resourceType": "MASTER",
  "releaseChannel": {
    "channel": "RAPID"
  },
  "windowsVersions": [
    {
      "imageType": "WINDOWS_SAC",
      "osVersion": "10.0.18363.1198",
      "supportEndDate": {
        "day": 10,
        "month": 5,
        "year": 2022
      }
    },
    {
      "imageType": "WINDOWS_LTSC",
      "osVersion": "10.0.17763.1577",
      "supportEndDate": {
        "day": 9,
        "month": 1,
        "year": 2024
      }
    }
  ]
}

Notification Attribute

  • project id: 123456789
  • cluster location: us-central1-c
  • cluster name: example-cluster

Explanation
This is a UpgradeEvent or UpgradeAvailabilityEvent of Google Kubernetes Engine (GKE) cluster notification.

Next Action
Please upgrade your cluster to the latest version to avoid potential security risks and performance issues.

Reference URL

@tozastation
Copy link
Author

tozastation commented Mar 31, 2024
edited

GKE Cluster Notification Security Bulletin Event

--- VertexAI Gemini Pro Response Example ---

Notification

{
  "resourceTypeAffected": "RESOURCE_TYPE_CONTROLPLANE",
  "bulletinId": "GCP-2021-001",
  "cveIds": [
    "CVE-2021-3156"
  ],
  "severity": "Medium",
  "briefDescription": "A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.",
  "affectedSupportedMinors": [
    "1.18",
    "1.19"
  ],
  "patchedVersions": [
    "1.18.9-gke.1900",
    "1.19.9-gke.1900"
  ],
  "suggestedUpgradeTarget": "1.19.9-gke.1900",
  "bulletinUri": "https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-001"
}

Notification Attribute

  • project id: 123456789
  • cluster location: us-central1-c
  • cluster name: example-cluster

Severity

  • Medium

CVE ID

Description

  • A vulnerability was recently discovered in the Linux utility sudo, described in CVE-2021-3156, that may allow an attacker with unprivileged local shell access on a system with sudo installed to escalate their privileges to root on the system.
  • This vulnerability could allow an attacker to gain complete control of the affected system.

Solution

  • Upgrade to a patched version of Kubernetes.
  • The suggested upgrade target is 1.19.9-gke.1900.

Reference URL

@tozastation
add: googlecloud integration
c05a4c4 
Signed-off-by: tozastation <[email protected]>
@tozastation
add: main commit on 3/27
a52a800 
Signed-off-by: tozastation <[email protected]>
@tozastation tozastation changed the title Draft: add google cloud integration on k8sgpt add google cloud integration on k8sgpt Mar 31, 2024
@tozastation tozastation marked this pull request as ready for review March 31, 2024 04:45
@tozastation tozastation requested review from a team as code owners March 31, 2024 04:45
@tozastation
Copy link
Author

@AlexsJones @arbreezy @thschue
I have tried to implement google cloud integration.
Could you please review it...!!

matthisholleville
matthisholleville requested changes Apr 12, 2024
View reviewed changes
Copy link
Contributor

@matthisholleville matthisholleville left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shoudn't we add the reference guide https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-notifications to te README ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthisholleville matthisholleville matthisholleville requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Backlog
Status: Proposed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature]: add google cloud integration on k8sgpt
2 participants
@tozastation @matthisholleville