Skip to content

kubesonde/kubesonde

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

143 Commits
.github
.github
 
 
crd
crd
 
 
docker
docker
 
 
docs
docs
 
 
examples
examples
 
 
frontend
frontend
 
 
.deepsource.toml
.deepsource.toml
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
kubesonde.yaml
kubesonde.yaml
 
 

Repository files navigation

workflow frontend_test frontend_deployment Netlify Status

Kubesonde logo

Kubesonde

Kubesonde is a tool to probe and test network security policies in Kubernetes.

⚠️ Check out our paper on FSE-3023 Analyzing Microservice Connectivity with Kubesonde

kubesonde infra

Structure of the project

Folders are organized as follows:

  • crd: backend service and kubesonde CRD
  • docs: documentation of the project/ideas.
  • frontend: contains the UI for analyzing the probe outputs
  • examples: sample output from Kubesonde

Prerequisite: Clone the Repository

Before applying Kubesonde, you need to clone the repository, as the required configuration files (kubesonde.yaml, etc.) are located in the root of the repository:

git clone https://github.com/kubesonde/kubesonde.git
cd kubesonde

This ensures that you have all the necessary files and configurations for setting up Kubesonde.

Run Kubesonde

1. Start the Kubernetes engine

You can run Kubernetes on the cloud, bare-metal or via Minikube or Kind.

2. Install the app to test

Install the application you want to test (e.g., helm install wordpress bitnami/wordpress). Make sure that the app is running with no errors.

3. Install Kubesonde

To install kubesonde run kubectl apply -f kubesonde.yaml. This creates all the required resources to run Kubesonde on your cluster. After that, you can install a scanner object for Kubesonde. The following is a Kubesonde object example that targets the default namespace:

apiVersion: security.kubesonde.io/v1
kind: Kubesonde
metadata:
  name: kubesonde-sample
spec:
  namespace: default
  probe: all

You can save it in a file probe.yaml and then apply it with kubectl apply -f probe.yaml

4. Fetching the results

To fetch the results, you need to use the following commands:

kubectl --namespace kubesonde port-forward deployment.apps/kubesonde-controller-manager 2709. This command creates a port mapping between your local computer and the Kubesonde deployment.

curl localhost:2709/probes > <output-file>.json. This command gets the probe result and stores it in an output file.

⚠️ If you try to get the results of the probe just after applying it in the cluster the results may be empty or incomplete. Wait a few minutes (depending on the amount of pods) to get better results.

5. View results

Navigate to the kubesonde website and upload the generated file to see the results.

Deleting Kubesonde Resources

To delete the resources created by Kubesonde, use the following commands:

  1. Delete the Kubesonde scanner object:
kubectl delete -f probe.yaml
  1. Delete the Kubesonde deployment and associated resources:
kubectl delete -f kubesonde.yaml

This will remove all resources created by Kubesonde from your cluster.

Credits

Logo from Elisabetta Russo [email protected]

About

Kubesonde: network policy testing and verification in K8s

kubesonde.jackops.dev/

Topics

kubernetes security network-policy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

6 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages