Kubesonde

Kubesonde is a tool to probe and test network security policies in Kubernetes.

Structure of the project

Folders are organized as follows:

• crd: backend service and kubesonde CRD
• docs: documentation of the project/ideas.
• frontend: contains the UI for analyzing the probe outputs
• examples: sample output from Kubesonde

Run Kubesonde

1. Start the Kubernetes engine

You can run Kubernetes on the cloud, bare-metal or via Minikube or Kind.

2. Install the app to test

Install the application you want to test (e.g., helm install wordpress bitnami/wordpress). Make sure that the app is running with no errors.

3. Install Kubesonde

To install kubesonde run kubectl apply -f kubesonde.yaml. This creates all the required resources to run Kubesonde on your cluster. After that, you can install a scanner object for Kubesonde. For example, targeting only the default namespace is available. Then, you can create a Kubesonde object, for instance:

apiVersion: security.kubesonde.io/v1
kind: Kubesonde
metadata:
  name: kubesonde-sample
spec:
  namespace: default
  probe: all

4. Fetching the results

To fetch the results, you need to use the following commands:

kubectl --namespace kubesonde port-forward deployment.apps/kubesonde-controller-manager 2709. This command creates a port mapping between your local computer and the Kubesonde deployment.

curl localhost:2709/probes > <output-file>.json. This command gets the probe result and stores it in an output file.

5. View results

Navigate to the kubesonde website and upload the generated file to see the results.

Credits

Logo from Elisabetta Russo [email protected]