kube-knark

command module

v0.1.1 Latest Latest Go to latest Published: Sep 1, 2021 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/chen-keinan/kube-knark

Links

Open Source Insights

README ¶

test coverage badge
kube-krank logo

Kube-Knark Project

Trace your kubernetes runtime !!

Kube-Knark is an open source tracer uses pcap & ebpf technology to perform runtime tracing on a deployed kubernetes cluster. It tracing the kubernetes API execution and master node configuration files permission changes. The trace matching events are leveraged via go plugin webhooks

kube-knark trace the following :

The full Kubernetes API specification execution calls especially mutation
kubernetes master node configuration files permission changes CIS Kubernetes Benchmark specification

kube-knark tracing data are reported :

Console dashboard
Go Plugin hooks

kube-Knark console:
kube-krank-console logo

Requirements
Installation
Quick Start
User Plugin Usage
Supported Specs
Contribution

Requirements

Go 1.13+
Linux Kernel 4.15+
Clang 10+
LLVM
Kernel Headers
Pcap

Installation

git clone https://github.com/chen-keinan/kube-knark
cd kube-knark
make build

Quick Start

Execute kube-knark without plugins

 ./kube-knark

User Plugin Usage (via go plugins)

The Kube-knark expose 2 hooks for user plugins Example :

OnK8sAPICallHook - this hook accepts k8s api call event with all details (http request /response ,matching API spec)
OnK8sFileConfigChangeHook - this hook accepts master file configuration change event with command details (chown or chmod ,args and matching file change spec)

Compile user plugin

go build -buildmode=plugin -o=~/<plugin folder>/<plugin>.so ~/<plugin folder>/<plugin>.go

Copy plugin to folder (.kube-knark folder is created on the 1st startup)

cp ~/<plugin folder>/<plugin>.so ~/.kube-knark/plugins/compile/<plugin>.so

Supported Specs

The Kube-knark support 2 specs and can be easily extended:

The full k8s API spec Kubernetes API specification
master config file change spec Master Node Config

both specs can be easily extended by amended the spec files under ~/.kube-knark/spec folder

Contribution

code contribution is welcome !! , contribution with tests and passing linter is more than welcome :)
/.dev folder include vagrantfile to be used for development : Dev Instruction

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
examples
plugins
external nolint nolint nolint nolint nolint	nolint nolint nolint nolint nolint
httpport Package internal contains HTTP internals shared by net/http and net/http/httputil.	Package internal contains HTTP internals shared by net/http and net/http/httputil.
internal
common
compiler
hooks
hooks/fixtures
matches
startup
tracer/kexec
tracer/khttp
pkg
model
model/execevent
model/netevent
model/specs
ui
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL