forked from mawinkler/c1-playground
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcollect-logs-cs.sh
executable file
·112 lines (98 loc) · 4.57 KB
/
collect-logs-cs.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/bin/bash
#
# a helper script to fetch Kubernetes settings and Trend Micro Cloud One container security logs.
#
RELEASE=${RELEASE:-trendmicro}
KUBECTL=kubectl
HELM=helm
#####
# check prerequisites
#####
command_exists () {
command -v "$1" >/dev/null 2>&1
}
if ! command_exists $KUBECTL; then
echo "No kubectl command found, exiting..."
exit 1
fi
if ! command_exists $HELM; then
echo "No helm command found, exiting..."
exit 1
fi
CURRENT_NS=$(kubectl config view --minify --output 'jsonpath={..namespace}')
CURRENT_NS=${CURRENT_NS:-trendmicro-system}
NAMESPACE=${NAMESPACE:-$CURRENT_NS}
NAMESPACE_PARAM="--namespace=$NAMESPACE"
PODS=$($KUBECTL get pods "$NAMESPACE_PARAM" -o=jsonpath='{range .items[*]}{.metadata.name}{";"}{end}' -l app.kubernetes.io/instance=$RELEASE)
if [ -z "${PODS}" ]; then
echo "No container security pods are found in release '$RELEASE' in namespace '$NAMESPACE'. You can use RELEASE and NAMESPACE environment variable to change its default settings."
exit 1
fi
# Get Helm version since 'helm list' on Helm 3 does not display all namespaces unless specified. However, this flag does not exist in Helm 2
case X`helm version --template="{{.Version}}"` in
Xv3.*)
HELM_COMMAND="$HELM list --all-namespaces";;
*)
echo "Trend Micro Cloud One Container Security only supports Helm 3 or newer version, exiting..."
exit 1
esac
# prepare the output folder
TIME=$(date +%s)
RESULTS_DIR="${RESULTS_DIR:-/tmp/container-security-${TIME}}"
MASTER_DIR="${RESULTS_DIR}/master"
mkdir -p "$MASTER_DIR/apps"
echo "Results folder will be: $RESULTS_DIR"
#####
# setting logs
#####
COMMANDS=( "version:$KUBECTL version"
"components:$KUBECTL get componentstatuses"
"events:$KUBECTL get events --all-namespaces"
"storageclass:$KUBECTL describe storageclass"
"helm:$HELM_COMMAND"
"helm-status:$HELM status $RELEASE $NAMESPACE_PARAM"
"nodes:$KUBECTL describe nodes"
"podlist:$KUBECTL get pods --all-namespaces"
"daemonsets: $KUBECTL get ds --all-namespaces"
"container-security-get:$KUBECTL get all --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-desc:$KUBECTL describe all --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-desc-netpol:$KUBECTL describe networkpolicy --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-secrets:$KUBECTL get secrets --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-config:$KUBECTL describe configmap --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-getvalidatewebhooks:$KUBECTL get ValidatingWebhookConfiguration --all-namespaces -l app.kubernetes.io/instance=$RELEASE"
"container-security-descvalidatewebhooks:$KUBECTL describe ValidatingWebhookConfiguration --all-namespaces -l app.kubernetes.io/instance=$RELEASE")
echo "Fetching setting logs..."
for command in "${COMMANDS[@]}"; do
KEY="${command%%:*}"
VALUE="${command##*:}"
echo "Command:" "$VALUE" > "$MASTER_DIR/$KEY.log"
echo "====================================" >> "$MASTER_DIR/$KEY.log"
$VALUE >> "$MASTER_DIR/$KEY.log" 2>&1
done
#####
# application logs
#####
for pod in $(echo "$PODS" | tr ";" "\n"); do
CONTAINERS=$($KUBECTL get pods "$NAMESPACE_PARAM" "$pod" -o jsonpath='{.spec.initContainers[*].name}')
for container in $CONTAINERS; do
echo "Fetching container security logs... $pod - $container"
$KUBECTL logs "$NAMESPACE_PARAM" "$pod" -c "$container" > "$MASTER_DIR/apps/$pod-$container.log"
# check for any previous containers, this would indicate a crash
PREV_LOGFILE="$MASTER_DIR/apps/$pod-$container-previous.log"
if ! $KUBECTL logs "$NAMESPACE_PARAM" "$pod" -c "$container" -p > "$PREV_LOGFILE" 2>/dev/null; then
rm -f "$PREV_LOGFILE"
fi
done
# list containers in pod
CONTAINERS=$($KUBECTL get pods "$NAMESPACE_PARAM" "$pod" -o jsonpath='{.spec.containers[*].name}')
for container in $CONTAINERS; do
echo "Fetching container security logs... $pod - $container"
$KUBECTL logs "$NAMESPACE_PARAM" "$pod" -c "$container" > "$MASTER_DIR/apps/$pod-$container.log"
# check for any previous containers, this would indicate a crash
PREV_LOGFILE="$MASTER_DIR/apps/$pod-$container-previous.log"
if ! $KUBECTL logs "$NAMESPACE_PARAM" "$pod" -c "$container" -p > "$PREV_LOGFILE" 2>/dev/null; then
rm -f "$PREV_LOGFILE"
fi
done
done
echo "Results folder: $RESULTS_DIR"