diff --git a/Makefile b/Makefile index b8751d11..ac46c090 100644 --- a/Makefile +++ b/Makefile @@ -37,7 +37,7 @@ test: ./test.sh test-setup: - kind create cluster --name ${TEST_CLUSTER_NAME} --image kindest/node:v1.15.0 + kind create cluster --name ${TEST_CLUSTER_NAME} --image kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248 test-teardown: kind delete cluster --name ${TEST_CLUSTER_NAME} diff --git a/README.md b/README.md index 22bc8ef9..b5ae355c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,8 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/Shopify/kubeaudit)](https://goreportcard.com/report/github.com/Shopify/kubeaudit) [![GoDoc](https://godoc.org/github.com/Shopify/kubeaudit?status.png)](https://godoc.org/github.com/Shopify/kubeaudit) -> Kubeaudit can now be used as both a command line tool (CLI) and as a Go package! +> Kubeaudit no longer supports APIs deprecated as of [Kubernetes v.1.16 release](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/). So, it is now a requirement for clusters to run Kubernetes >=1.16 + # kubeaudit :cloud: :lock: :muscle: diff --git a/auditors/capabilities/fixtures/capabilities-added-not-dropped.yml b/auditors/capabilities/fixtures/capabilities-added-not-dropped.yml index e65e05bd..dfece383 100644 --- a/auditors/capabilities/fixtures/capabilities-added-not-dropped.yml +++ b/auditors/capabilities/fixtures/capabilities-added-not-dropped.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-added.yml b/auditors/capabilities/fixtures/capabilities-added.yml index 433d4d5d..0a1b2f73 100644 --- a/auditors/capabilities/fixtures/capabilities-added.yml +++ b/auditors/capabilities/fixtures/capabilities-added.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-dropped-all.yml b/auditors/capabilities/fixtures/capabilities-dropped-all.yml index eeb5d306..b0c710f0 100644 --- a/auditors/capabilities/fixtures/capabilities-dropped-all.yml +++ b/auditors/capabilities/fixtures/capabilities-dropped-all.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-nil.yml b/auditors/capabilities/fixtures/capabilities-nil.yml index 51ce45d0..e574bd37 100644 --- a/auditors/capabilities/fixtures/capabilities-nil.yml +++ b/auditors/capabilities/fixtures/capabilities-nil.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-all-labels.yml b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-all-labels.yml index 1d928f0b..7fe2b172 100644 --- a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-all-labels.yml +++ b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-all-labels.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-mix-labels.yml b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-mix-labels.yml index 87694ff6..6ce80cb3 100644 --- a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-mix-labels.yml +++ b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-mix-labels.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-some-labels.yml b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-some-labels.yml index 8e5dab92..0e6a79a6 100644 --- a/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-some-labels.yml +++ b/auditors/capabilities/fixtures/capabilities-some-allowed-multi-containers-some-labels.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-some-allowed.yml b/auditors/capabilities/fixtures/capabilities-some-allowed.yml index b3bafbb9..7ba20b6b 100644 --- a/auditors/capabilities/fixtures/capabilities-some-allowed.yml +++ b/auditors/capabilities/fixtures/capabilities-some-allowed.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/auditors/capabilities/fixtures/capabilities-some-dropped.yml b/auditors/capabilities/fixtures/capabilities-some-dropped.yml index 0f1e88c7..5a709f05 100644 --- a/auditors/capabilities/fixtures/capabilities-some-dropped.yml +++ b/auditors/capabilities/fixtures/capabilities-some-dropped.yml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/docs/auditors/capabilities.md b/docs/auditors/capabilities.md index 38b3ae75..75be0d8e 100644 --- a/docs/auditors/capabilities.md +++ b/docs/auditors/capabilities.md @@ -23,7 +23,7 @@ $ kubeaudit capabilities -f "auditors/capabilities/fixtures/capabilities-nil.yml ---------------- Results for --------------- - apiVersion: apps/v1beta2 + apiVersion: apps/v1 kind: Deployment metadata: name: deployment @@ -54,7 +54,7 @@ auditors: `manifest.yaml` ```yaml -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment @@ -80,7 +80,7 @@ $ kubeaudit all --kconfig "config.yaml" -f "manifest.yaml" ---------------- Results for --------------- - apiVersion: apps/v1beta2 + apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/docs/auditors/mounts.md b/docs/auditors/mounts.md index 50c3cee0..091eb937 100644 --- a/docs/auditors/mounts.md +++ b/docs/auditors/mounts.md @@ -79,7 +79,7 @@ auditors: `manifest.yaml` ```yaml -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: deployment diff --git a/internal/k8sinternal/scheme.go b/internal/k8sinternal/scheme.go index d93a6de6..963fac27 100644 --- a/internal/k8sinternal/scheme.go +++ b/internal/k8sinternal/scheme.go @@ -4,8 +4,6 @@ import ( certmanagerv1alpha2 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1alpha2" admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" appsv1 "k8s.io/api/apps/v1" - appsv1beta1 "k8s.io/api/apps/v1beta1" - appsv1beta2 "k8s.io/api/apps/v1beta2" authenticationv1 "k8s.io/api/authentication/v1" authenticationv1beta1 "k8s.io/api/authentication/v1beta1" authorizationv1 "k8s.io/api/authorization/v1" @@ -20,7 +18,6 @@ import ( coordinationv1beta1 "k8s.io/api/coordination/v1beta1" corev1 "k8s.io/api/core/v1" eventsv1beta1 "k8s.io/api/events/v1beta1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" networkingv1 "k8s.io/api/networking/v1" networkingv1beta1 "k8s.io/api/networking/v1beta1" nodev1alpha1 "k8s.io/api/node/v1alpha1" @@ -35,7 +32,6 @@ import ( storagev1 "k8s.io/api/storage/v1" storagev1alpha1 "k8s.io/api/storage/v1alpha1" storagev1beta1 "k8s.io/api/storage/v1beta1" - extapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" schema "k8s.io/apimachinery/pkg/runtime/schema" @@ -49,8 +45,6 @@ var localSchemeBuilder = runtime.SchemeBuilder{ admissionregistrationv1beta1.AddToScheme, certmanagerv1alpha2.AddToScheme, appsv1.AddToScheme, - appsv1beta1.AddToScheme, - appsv1beta2.AddToScheme, authenticationv1.AddToScheme, authenticationv1beta1.AddToScheme, authorizationv1.AddToScheme, @@ -65,8 +59,6 @@ var localSchemeBuilder = runtime.SchemeBuilder{ coordinationv1.AddToScheme, corev1.AddToScheme, eventsv1beta1.AddToScheme, - extapi.AddToScheme, - extensionsv1beta1.AddToScheme, networkingv1.AddToScheme, networkingv1beta1.AddToScheme, nodev1alpha1.AddToScheme, diff --git a/internal/test/fixtures/all_resources/daemonset-v1beta1.yml b/internal/test/fixtures/all_resources/daemonset-v1beta1.yml deleted file mode 100644 index 0c6381b4..00000000 --- a/internal/test/fixtures/all_resources/daemonset-v1beta1.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: daemonset-v1beta1 - ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: daemonset1 - namespace: daemonset-v1beta1 -spec: - selector: - matchLabels: - name: daemonset1 - template: - metadata: - labels: - name: daemonset1 - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/internal/test/fixtures/all_resources/daemonset-v1beta2.yml b/internal/test/fixtures/all_resources/daemonset-v1beta2.yml deleted file mode 100644 index e2d600b1..00000000 --- a/internal/test/fixtures/all_resources/daemonset-v1beta2.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: daemonset-v1beta2 - ---- -apiVersion: apps/v1beta2 -kind: DaemonSet -metadata: - name: daemonset1 - namespace: daemonset-v1beta2 -spec: - selector: - matchLabels: - name: daemonset1 - template: - metadata: - labels: - name: daemonset1 - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/internal/test/fixtures/all_resources/deployment-apps-v1beta1.yml b/internal/test/fixtures/all_resources/deployment-apps-v1beta1.yml deleted file mode 100644 index cc156048..00000000 --- a/internal/test/fixtures/all_resources/deployment-apps-v1beta1.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: deployment-apps-v1beta1 - ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: deployment - namespace: deployment-apps-v1beta1 -spec: - selector: - matchLabels: - name: deployment - template: - metadata: - labels: - name: deployment - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/internal/test/fixtures/all_resources/deployment-apps-v1beta2.yml b/internal/test/fixtures/all_resources/deployment-apps-v1beta2.yml deleted file mode 100644 index c8d7c87b..00000000 --- a/internal/test/fixtures/all_resources/deployment-apps-v1beta2.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: deployment-apps-v1beta2 - ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: deployment - namespace: deployment-apps-v1beta2 -spec: - selector: - matchLabels: - name: deployment - template: - metadata: - labels: - name: deployment - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/internal/test/fixtures/all_resources/deployment-extensions-v1beta1.yml b/internal/test/fixtures/all_resources/deployment-extensions-v1beta1.yml deleted file mode 100644 index 0eef42a4..00000000 --- a/internal/test/fixtures/all_resources/deployment-extensions-v1beta1.yml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: deployment-extensions-v1beta1 - ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: deployment - namespace: deployment-extensions-v1beta1 -spec: - selector: - matchLabels: - name: deployment - template: - metadata: - labels: - name: deployment - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/internal/test/fixtures/all_resources/statefulset-v1beta1.yml b/internal/test/fixtures/all_resources/statefulset-v1beta1.yml deleted file mode 100644 index 767c3400..00000000 --- a/internal/test/fixtures/all_resources/statefulset-v1beta1.yml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: statefulset-v1beta1 - ---- -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: statefulset - namespace: statefulset-v1beta1 -spec: - serviceName: statefulset - selector: - matchLabels: - name: statefulset - template: - metadata: - labels: - name: statefulset - spec: - hostPID: true - hostIPC: true - hostNetwork: true - containers: - - name: container - image: scratch diff --git a/pkg/k8s/helpers.go b/pkg/k8s/helpers.go index 1b8cf073..0accc156 100644 --- a/pkg/k8s/helpers.go +++ b/pkg/k8s/helpers.go @@ -70,18 +70,8 @@ func GetObjectMeta(resource Resource) *ObjectMetaV1 { return &kubeType.ObjectMeta case *DaemonSetV1: return &kubeType.ObjectMeta - case *DaemonSetV1Beta1: - return &kubeType.ObjectMeta - case *DaemonSetV1Beta2: - return &kubeType.ObjectMeta - case *DeploymentExtensionsV1Beta1: - return &kubeType.ObjectMeta case *DeploymentV1: return &kubeType.ObjectMeta - case *DeploymentV1Beta1: - return &kubeType.ObjectMeta - case *DeploymentV1Beta2: - return &kubeType.ObjectMeta case *JobV1: return &kubeType.ObjectMeta case *PodTemplateV1: @@ -90,8 +80,6 @@ func GetObjectMeta(resource Resource) *ObjectMetaV1 { return &kubeType.ObjectMeta case *StatefulSetV1: return &kubeType.ObjectMeta - case *StatefulSetV1Beta1: - return &kubeType.ObjectMeta case *PodV1: return &kubeType.ObjectMeta case *NamespaceV1: @@ -144,18 +132,8 @@ func GetPodTemplateSpec(resource Resource) *PodTemplateSpecV1 { return &kubeType.Spec.JobTemplate.Spec.Template case *DaemonSetV1: return &kubeType.Spec.Template - case *DaemonSetV1Beta1: - return &kubeType.Spec.Template - case *DaemonSetV1Beta2: - return &kubeType.Spec.Template - case *DeploymentExtensionsV1Beta1: - return &kubeType.Spec.Template case *DeploymentV1: return &kubeType.Spec.Template - case *DeploymentV1Beta1: - return &kubeType.Spec.Template - case *DeploymentV1Beta2: - return &kubeType.Spec.Template case *JobV1: return &kubeType.Spec.Template case *PodTemplateV1: @@ -164,8 +142,6 @@ func GetPodTemplateSpec(resource Resource) *PodTemplateSpecV1 { return kubeType.Spec.Template case *StatefulSetV1: return &kubeType.Spec.Template - case *StatefulSetV1Beta1: - return &kubeType.Spec.Template case *PodV1, *NamespaceV1: return nil } diff --git a/pkg/k8s/types.go b/pkg/k8s/types.go index 76f6ae13..254b174b 100644 --- a/pkg/k8s/types.go +++ b/pkg/k8s/types.go @@ -2,12 +2,9 @@ package k8s import ( appsv1 "k8s.io/api/apps/v1" - appsv1beta1 "k8s.io/api/apps/v1beta1" - appsv1beta2 "k8s.io/api/apps/v1beta2" batchv1 "k8s.io/api/batch/v1" batchv1beta1 "k8s.io/api/batch/v1beta1" apiv1 "k8s.io/api/core/v1" - extensionsv1beta1 "k8s.io/api/extensions/v1beta1" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sRuntime "k8s.io/apimachinery/pkg/runtime" @@ -34,27 +31,12 @@ type DaemonSetSpecV1 = appsv1.DaemonSetSpec // DaemonSetV1 is a type alias for the v1 version of the k8s API. type DaemonSetV1 = appsv1.DaemonSet -// DaemonSetV1Beta1 is a type alias for the v1beta1 version of the k8s extensions API. -type DaemonSetV1Beta1 = extensionsv1beta1.DaemonSet - -// DaemonSetV1Beta2 is a type alias for the v1beta2 version of the k8s extensions API. -type DaemonSetV1Beta2 = appsv1beta2.DaemonSet - -// DeploymentExtensionsV1Beta1 is a type alias for the v1beta1 version of the k8s extensions API. -type DeploymentExtensionsV1Beta1 = extensionsv1beta1.Deployment - // DeploymentSpecV1 is a type alias for the v1 version of the k8s apps API. type DeploymentSpecV1 = appsv1.DeploymentSpec // DeploymentV1 is a type alias for the v1 version of the k8s apps API. type DeploymentV1 = appsv1.Deployment -// DeploymentV1Beta1 is a type alias for the v1beta1 version of the k8s apps API. -type DeploymentV1Beta1 = appsv1beta1.Deployment - -// DeploymentV1Beta2 is a type alias for the v1beta2 version of the k8s apps API. -type DeploymentV1Beta2 = appsv1beta2.Deployment - // JobTemplateSpecV1Beta1 is a type alias for the v1beta1 version of the k8s batch API. type JobTemplateSpecV1Beta1 = batchv1beta1.JobTemplateSpec @@ -124,9 +106,6 @@ type StatefulSetSpecV1 = appsv1.StatefulSetSpec // StatefulSetV1 is a type alias for the v1 version of the k8s apps API. type StatefulSetV1 = appsv1.StatefulSet -// StatefulSetV1Beta1 is a type alias for the v1beta1 version of the k8s API. -type StatefulSetV1Beta1 = appsv1beta1.StatefulSet - // TypeMetaV1 is a type alias for the v1 version of the k8s meta API. type TypeMetaV1 = metav1.TypeMeta @@ -137,8 +116,8 @@ type UnsupportedType = apiv1.Binding func IsSupportedResourceType(obj Resource) bool { switch obj.(type) { case *CronJobV1Beta1, - *DaemonSetV1, *DaemonSetV1Beta1, *DaemonSetV1Beta2, - *DeploymentExtensionsV1Beta1, *DeploymentV1, *DeploymentV1Beta1, *DeploymentV1Beta2, + *DaemonSetV1, + *DeploymentV1, *JobV1, *NamespaceV1, *NetworkPolicyV1, @@ -147,7 +126,7 @@ func IsSupportedResourceType(obj Resource) bool { *ReplicationControllerV1, *ServiceAccountV1, *ServiceV1, - *StatefulSetV1, *StatefulSetV1Beta1: + *StatefulSetV1: return true default: return false