Skip to content

Add AKS-1.7 version #1874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add AKS-1.7 version #1874

wants to merge 4 commits into from

Conversation

LaibaBareera
Copy link

@LaibaBareera LaibaBareera commented May 14, 2025
edited
Loading

@CLAassistant
Copy link

CLAassistant commented May 14, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@mjshastha
Copy link
Contributor

We need to add a benchmark version mapping for the aks platform in the getPlatformBenchmarkVersion function. Without this mapping, AKS clusters (e.g., aks-1.7) will fall back to the default CIS profile. Consider adding a case for "aks" similar to how it's handled for eks, gke, etc.

mjshastha
mjshastha reviewed May 23, 2025
View reviewed changes
cmd/util.go
@@ -490,6 +490,8 @@ func getPlatformBenchmarkVersion(platform Platform) string {
switch platform.Name {
case "eks":
return "eks-1.5.0"
case "aks":
Copy link
Contributor

@mjshastha mjshastha May 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most managed clusters embed the platform name in the Kubernetes version (e.g., "v1.32.3-gke.1785003"), but AKS doesn't. So, our current logic fails to detect AKS platform—we’ll need an alternative method to identify them and apply AKS-specific CIS rules.

@LaibaBareera
Copy link
Author

Added a new function isAKS to the utility file to identify AKS-specific clusters. Also, included test cases for it.

mjshastha
mjshastha reviewed May 28, 2025
View reviewed changes
cmd/util.go
@@ -485,11 +494,33 @@ func getPlatformInfoFromVersion(s string) Platform {
}
}

func IsAKS(ctx context.Context, k8sClient kubernetes.Interface) (bool, error) {
// Query the nodes for any annotations that indicate AKS (Azure Kubernetes Service)
Copy link
Contributor

@mjshastha mjshastha May 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IsAKS function relies on the azure-identity-binding annotation, which isn't present in all AKS clusters. Instead, check reliable AKS indicators like labels or any other.

afdesk
afdesk reviewed May 29, 2025
View reviewed changes
cmd/util.go
@@ -300,6 +300,7 @@ func getKubeVersion() (*KubeVersion, error) {
glog.V(3).Infof("Error fetching cluster config: %s", err)
}
isRKE := false
isAKS := false // Variable to track AKS detection
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we really need this comment?

cmd/util.go
}

if k8sVer, err := getKubeVersionFromRESTAPI(); err == nil {
glog.V(2).Info(fmt.Sprintf("Kubernetes REST API Reported version: %s", k8sVer))
if isRKE {
k8sVer.GitVersion = k8sVer.GitVersion + "-rancher1"
}
if isAKS {
k8sVer.GitVersion = k8sVer.GitVersion + "-aks1" // Mark it as AKS in the version
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afdesk afdesk afdesk left review comments

@mjshastha mjshastha mjshastha left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@LaibaBareera @CLAassistant @mjshastha @afdesk