Add kube checkers

bleggett · bleggett · commit 5061595e423f · 2026-02-18T14:24:58.000-05:00
diff --git a/src/checkers/postinstall/kube.rs b/src/checkers/postinstall/kube.rs
@@ -0,0 +1,102 @@
+use async_trait::async_trait;
+use futures::{FutureExt, future::join_all};
+use log::debug;
+
+use crate::helpers::{
+    CheckGroup, CheckGroupCategory, CheckGroupResult, CheckResult,
+    CheckResultValue::{Errored, Failed, Passed},
+    host_executor::HostNamespaceExecutor,
+    services as svchelpers,
+};
+
+const GROUP_IDENTIFIER: &str = "kubernetes";
+const NAME: &str = "Kubernetes Capability Checks";
+
+pub struct KubeChecks {
+    host_executor: HostNamespaceExecutor,
+}
+
+impl KubeChecks {
+    pub fn new(host_executor: HostNamespaceExecutor) -> Self {
+        KubeChecks { host_executor }
+    }
+
+    /// Run all the recorders asynchronously, then
+    /// join and collect the results.
+    pub async fn run_all(&self) -> CheckGroupResult {
+        let results = join_all([self.check_cri().boxed(), self.check_kubelet().boxed()]).await;
+
+        let mut group_result = Passed;
+        for res in results.iter() {
+            // Set group result to Failed if we failed and aren't already in an Errored state
+            if !matches!(group_result, Errored(_)) && matches!(res.result, Failed(_)) {
+                group_result = Failed(String::from("group failed"));
+            }
+
+            if matches!(res.result, Errored(_)) {
+                group_result = Errored(String::from("group errored"));
+            }
+        }
+
+        CheckGroupResult {
+            name: NAME.to_string(),
+            result: group_result,
+            results,
+        }
+    }
+
+    async fn check_cri(&self) -> CheckResult {
+        let name = "Protect CRI daemon status";
+        let sname = "protect-cri";
+        let init = svchelpers::detect_init_system(&self.host_executor).await;
+        debug!("detected init system: {:?}\n", init);
+
+        match svchelpers::is_running(&self.host_executor, sname.into(), init).await {
+            Ok(true) => CheckResult::new(name, Passed),
+            Ok(false) => CheckResult::new(name, Failed(format!("{} not running", &sname))),
+            Err(e) => CheckResult::new(
+                name,
+                Errored(format!("failed to check service {sname}: {e}")),
+            ),
+        }
+    }
+
+    async fn check_kubelet(&self) -> CheckResult {
+        let name = "kubelet status";
+        let sname = "kubelet";
+        let init = svchelpers::detect_init_system(&self.host_executor).await;
+        debug!("detected init system: {:?}\n", init);
+
+        match svchelpers::is_running(&self.host_executor, sname.into(), init).await {
+            Ok(true) => CheckResult::new(name, Passed),
+            Ok(false) => CheckResult::new(name, Failed(format!("{} not running", &sname))),
+            Err(e) => CheckResult::new(
+                name,
+                Errored(format!("failed to check service {sname}: {e}")),
+            ),
+        }
+    }
+}
+
+#[async_trait]
+impl CheckGroup for KubeChecks {
+    fn id(&self) -> &str {
+        GROUP_IDENTIFIER
+    }
+
+    fn name(&self) -> &str {
+        NAME
+    }
+
+    fn description(&self) -> &str {
+        "Check status of Kubernetes integration"
+    }
+
+    async fn run(&self) -> CheckGroupResult {
+        self.run_all().await
+    }
+
+    fn category(&self) -> CheckGroupCategory {
+        CheckGroupCategory::Optional("Kubernetes feature not available on this system".into())
+    }
+}
diff --git a/src/checkers/postinstall/mod.rs b/src/checkers/postinstall/mod.rs
@@ -1,3 +1,4 @@
 pub mod guest_type;
 pub mod kernel;
+pub mod kube;
 pub mod services;
diff --git a/src/checkers/postinstall/services.rs b/src/checkers/postinstall/services.rs
@@ -1,25 +1,17 @@
-use anyhow::{Result, bail};
 use async_trait::async_trait;
 use futures::{FutureExt, future::join_all};
 use log::debug;
-use std::process::Command;
 
 use crate::helpers::{
     CheckGroup, CheckGroupCategory, CheckGroupResult, CheckResult,
     CheckResultValue::{Errored, Failed, Passed},
     host_executor::HostNamespaceExecutor,
+    services as svchelpers,
 };
 
 const GROUP_IDENTIFIER: &str = "services";
 const NAME: &str = "Service Status Checks";
 
-#[derive(Debug, Clone, Copy, PartialEq)]
-enum InitSystem {
-    Systemd,
-    OpenRC,
-    Unknown,
-}
-
 pub struct ServiceChecks {
     host_executor: HostNamespaceExecutor,
 }
@@ -61,10 +53,10 @@ impl ServiceChecks {
     async fn check_daemon(&self) -> CheckResult {
         let name = "Protect daemon status";
         let sname = "protect-daemon";
-        let init = self.detect_init_system().await;
+        let init = svchelpers::detect_init_system(&self.host_executor).await;
         debug!("detected init system: {:?}\n", init);
 
-        match self.is_running(sname.into(), init).await {
+        match svchelpers::is_running(&self.host_executor, sname.into(), init).await {
             Ok(true) => CheckResult::new(name, Passed),
             Ok(false) => CheckResult::new(name, Failed(format!("{} not running", &sname))),
             Err(e) => CheckResult::new(
@@ -77,10 +69,10 @@ impl ServiceChecks {
     async fn check_storage(&self) -> CheckResult {
         let name = "Protect storage daemon status";
         let sname = "protect-storage";
-        let init = self.detect_init_system().await;
+        let init = svchelpers::detect_init_system(&self.host_executor).await;
         debug!("detected init system: {:?}\n", init);
 
-        match self.is_running(sname.into(), init).await {
+        match svchelpers::is_running(&self.host_executor, sname.into(), init).await {
             Ok(true) => CheckResult::new(name, Passed),
             Ok(false) => CheckResult::new(name, Failed(format!("{} not running", &sname))),
             Err(e) => CheckResult::new(
@@ -93,10 +85,10 @@ impl ServiceChecks {
     async fn check_network(&self) -> CheckResult {
         let name = "Protect network daemon status";
         let sname = "protect-network";
-        let init = self.detect_init_system().await;
+        let init = svchelpers::detect_init_system(&self.host_executor).await;
         debug!("detected init system: {:?}\n", init);
 
-        match self.is_running(sname.into(), init).await {
+        match svchelpers::is_running(&self.host_executor, sname.into(), init).await {
             Ok(true) => CheckResult::new(name, Passed),
             Ok(false) => CheckResult::new(name, Failed(format!("{} not running", &sname))),
             Err(e) => CheckResult::new(
@@ -105,54 +97,6 @@ impl ServiceChecks {
             ),
         }
     }
-
-    async fn detect_init_system(&self) -> InitSystem {
-        self.host_executor
-            .spawn_in_host_ns(async move {
-                // Check if systemd is PID 1
-                if let Ok(output) = Command::new("ps").args(["-p", "1", "-o", "comm="]).output() {
-                    let comm = String::from_utf8_lossy(&output.stdout);
-                    if comm.trim() == "systemd" {
-                        return InitSystem::Systemd;
-                    }
-                }
-
-                // otherwise, check if rc-service exists (OpenRC)
-                if Command::new("which")
-                    .arg("rc-service")
-                    .output()
-                    .map(|o| o.status.success())
-                    .unwrap_or(false)
-                {
-                    return InitSystem::OpenRC;
-                }
-                InitSystem::Unknown
-            })
-            .await
-            .unwrap_or(InitSystem::Unknown)
-    }
-
-    async fn is_running(&self, service: String, init: InitSystem) -> Result<bool> {
-        self.host_executor
-            .spawn_in_host_ns(async move {
-                match init {
-                    InitSystem::Systemd => {
-                        let status = Command::new("systemctl")
-                            .args(["is-active", "--quiet", &service])
-                            .status()?;
-                        Ok(status.success())
-                    }
-                    InitSystem::OpenRC => {
-                        let status = Command::new("rc-service")
-                            .args([&service, "status"])
-                            .status()?;
-                        Ok(status.success())
-                    }
-                    InitSystem::Unknown => bail!("unknown init system"),
-                }
-            })
-            .await?
-    }
 }
 
 #[async_trait]
diff --git a/src/helpers/mod.rs b/src/helpers/mod.rs
@@ -1,5 +1,6 @@
 pub mod host_executor;
 pub mod kernel;
+pub mod services;
 
 use async_trait::async_trait;
 use console::{Emoji, style};
diff --git a/src/helpers/services.rs b/src/helpers/services.rs
@@ -0,0 +1,63 @@
+use anyhow::{Result, bail};
+use std::process::Command;
+
+use crate::helpers::host_executor::HostNamespaceExecutor;
+
+#[derive(Debug, Clone, Copy, PartialEq)]
+pub enum InitSystem {
+    Systemd,
+    OpenRC,
+    Unknown,
+}
+
+pub async fn detect_init_system(host_executor: &HostNamespaceExecutor) -> InitSystem {
+    host_executor
+        .spawn_in_host_ns(async move {
+            // Check if systemd is PID 1
+            if let Ok(output) = Command::new("ps").args(["-p", "1", "-o", "comm="]).output() {
+                let comm = String::from_utf8_lossy(&output.stdout);
+                if comm.trim() == "systemd" {
+                    return InitSystem::Systemd;
+                }
+            }
+
+            // otherwise, check if rc-service exists (OpenRC)
+            if Command::new("which")
+                .arg("rc-service")
+                .output()
+                .map(|o| o.status.success())
+                .unwrap_or(false)
+            {
+                return InitSystem::OpenRC;
+            }
+            InitSystem::Unknown
+        })
+        .await
+        .unwrap_or(InitSystem::Unknown)
+}
+
+pub async fn is_running(
+    host_executor: &HostNamespaceExecutor,
+    service: String,
+    init: InitSystem,
+) -> Result<bool> {
+    host_executor
+        .spawn_in_host_ns(async move {
+            match init {
+                InitSystem::Systemd => {
+                    let status = Command::new("systemctl")
+                        .args(["is-active", "--quiet", &service])
+                        .status()?;
+                    Ok(status.success())
+                }
+                InitSystem::OpenRC => {
+                    let status = Command::new("rc-service")
+                        .args([&service, "status"])
+                        .status()?;
+                    Ok(status.success())
+                }
+                InitSystem::Unknown => bail!("unknown init system"),
+            }
+        })
+        .await?
+}
diff --git a/src/main.rs b/src/main.rs
@@ -8,7 +8,8 @@ use checkers::preinstall::{
 };
 
 use checkers::postinstall::{
-    guest_type::GuestTypeChecks, kernel::PostinstallKernelChecks, services::ServiceChecks,
+    guest_type::GuestTypeChecks, kernel::PostinstallKernelChecks, kube::KubeChecks,
+    services::ServiceChecks,
 };
 
 use clap::{Parser, Subcommand};
@@ -271,6 +272,7 @@ async fn main() -> Result<()> {
                 Box::new(GuestTypeChecks::new(host_executor.clone())),
                 Box::new(PostinstallKernelChecks::new(host_executor.clone())),
                 Box::new(ServiceChecks::new(host_executor.clone())),
+                Box::new(KubeChecks::new(host_executor.clone())),
             ];
 
             if record_hostinfo {
