k8s

package
v0.0.0-...-fd0242a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: MIT Imports: 34 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	HeaderStyle  = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("6")).Align(lipgloss.Center)
	EvenRowStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("6"))
	OddRowStyle  = lipgloss.NewStyle().Foreground(lipgloss.Color("6"))
)
View Source 
var FoundPolicyStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("10")).
	Align(lipgloss.Center).
	PaddingLeft(0).
	PaddingRight(4).
	MarginTop(1).
	MarginBottom(1)
View Source 
var HeaderAboveTableStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("10")).
	PaddingLeft(0).
	PaddingRight(0).
	MarginBottom(1)

Use lipgloss for neat tables in CLI

View Source 
var PoliciesNotApplyingHeaderStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("6")).
	Align(lipgloss.Center).
	PaddingLeft(4).
	PaddingRight(4).
	MarginTop(1).
	MarginBottom(1)

Functions

func CalculateScore 

func CalculateScore(hasPolicies bool, hasDenyAll bool, unprotectedPodsCount int) int

Scoring logic

func ConvertEndpointToSelector 

func ConvertEndpointToSelector(endpointSelector map[string]interface{}) (string, error)

ConvertEndpointToSelector converts the endpointSelector from a CiliumNetworkPolicy to a label selector string.

func CreateAndApplyDefaultDenyCiliumClusterwidePolicy 

func CreateAndApplyDefaultDenyCiliumClusterwidePolicy(dynamicClient dynamic.Interface) error

CreateAndApplyDefaultDenyCiliumClusterwidePolicy creates and applies a default deny all network policy for Cilium at the cluster level.

func CreateAndApplyDefaultDenyCiliumPolicy 

func CreateAndApplyDefaultDenyCiliumPolicy(namespace string, dynamicClient dynamic.Interface) error

CreateAndApplyDefaultDenyCiliumPolicy creates and applies a default deny all network policy for Cilium in the specified namespace.

func FindCiliumClusterWideNetworkPolicyByName 

func FindCiliumClusterWideNetworkPolicyByName(dynamicClient dynamic.Interface, policyName string) (*unstructured.Unstructured, error)

FindCiliumClusterWideNetworkPolicyByName searches for a specific cluster wide Cilium network policy by name.

func FindCiliumNetworkPolicyByName 

func FindCiliumNetworkPolicyByName(dynamicClient dynamic.Interface, policyName string) (*unstructured.Unstructured, string, error)

FindCiliumNetworkPolicyByName searches for a specific Cilium network policy by name across all non-system namespaces.

func FindNativeNetworkPolicyByName 

func FindNativeNetworkPolicyByName(dynamicClient dynamic.Interface, clientset *kubernetes.Clientset, policyName string) (*unstructured.Unstructured, string, error)

FindNativeNetworkPolicyByName searches for a specific native network policy by name across all non-system namespaces.

func GatherNamespacesWithPolicies 

func GatherNamespacesWithPolicies(clientset kubernetes.Interface) ([]string, error)

gatherNamespacesWithPolicies returns a list of all namespaces that contain network policies.

func GetAllNonSystemNamespaces 

func GetAllNonSystemNamespaces(dynamicClient dynamic.Interface) ([]string, error)

GetAllNonSystemNamespaces returns a list of all non-system namespaces using a dynamic client.

func GetCiliumDynamicClient 

func GetCiliumDynamicClient(kubeconfigPath string) (dynamic.Interface, error)

GetCiliumDynamicClient returns a dynamic interface to query for Cilium policies

func GetClientset 

func GetClientset(kubeconfigPath string) (*kubernetes.Clientset, error)

GetClientset creates a new Kubernetes clientset

func HandleAddPolicyRequest 

func HandleAddPolicyRequest(kubeconfigPath string) http.HandlerFunc

func HandleClusterVisualizationRequest 

func HandleClusterVisualizationRequest(kubeconfigPath string) http.HandlerFunc

HandleClusterVisualizationRequest handles the HTTP request for serving cluster-wide visualization data.

func HandleCreatePolicyRequest 

func HandleCreatePolicyRequest(kubeconfigPath string) http.HandlerFunc

HandleCreatePolicyRequest handles the HTTP request to create a network policy from YAML.

func HandleNamespaceListRequest 

func HandleNamespaceListRequest(kubeconfigPath string) http.HandlerFunc

HandleNamespaceListRequest lists all non-system Kubernetes namespaces

func HandleNamespacePoliciesRequest 

func HandleNamespacePoliciesRequest(kubeconfigPath string) http.HandlerFunc

HandleNamespacePoliciesRequest handles the HTTP request for serving a list of network policies in a namespace.

func HandleNamespacesWithPoliciesRequest 

func HandleNamespacesWithPoliciesRequest(kubeconfigPath string) http.HandlerFunc

HandleNamespacesWithPoliciesRequest handles the HTTP request for serving a list of namespaces with network policies.

func HandlePodInfoRequest 

func HandlePodInfoRequest(kubeconfigPath string) http.HandlerFunc

HandlePodInfoRequest handles the HTTP request for serving pod information.

func HandlePolicyYAMLRequest 

func HandlePolicyYAMLRequest(kubeconfigPath string) http.HandlerFunc

HandlePolicyYAMLRequest handles the HTTP request for serving the YAML of a network policy.

func HandleScanRequest 

func HandleScanRequest(kubeconfigPath string) http.HandlerFunc

HandleScanRequest handles the HTTP request for scanning network policies

func HandleVisualizationRequest 

func HandleVisualizationRequest(kubeconfigPath string) http.HandlerFunc

func HasDefaultDenyAllCiliumPolicy 

func HasDefaultDenyAllCiliumPolicy(policies []*unstructured.Unstructured) bool

HasDefaultDenyAllCiliumPolicy checks if the list of CiliumNetworkPolicies includes a default deny all policy

func InitializeClient 

func InitializeClient(kubeconfigPath string) (*kubernetes.Clientset, error)

Initialize client

func IsDefaultDenyAllCiliumClusterwidePolicy 

func IsDefaultDenyAllCiliumClusterwidePolicy(policyUnstructured unstructured.Unstructured) (bool, bool)

IsDefaultDenyAllCiliumClusterwidePolicy checks if a single CiliumClusterwideNetworkPolicy is a default deny-all policy

func IsDefaultDenyAllCiliumPolicy 

func IsDefaultDenyAllCiliumPolicy(policyUnstructured unstructured.Unstructured) bool

IsDefaultDenyAllCiliumPolicy checks if a single Cilium policy is a default deny-all policy

func IsEmptyOrOnlyContainsEmptyObjects 

func IsEmptyOrOnlyContainsEmptyObjects(slice []interface{}) bool

Helper function to check if the ingress/egress slice is empty or only contains empty objects

func IsPodProtected 

func IsPodProtected(writer *bufio.Writer, clientset *kubernetes.Clientset, pod corev1.Pod, policies []*unstructured.Unstructured, defaultDenyAllExists bool, globallyProtectedPods map[string]struct{}) bool

func IsSpecificallyEmpty 

func IsSpecificallyEmpty(slice []interface{}) bool

Check specifically for a slice that only contains a single empty map ({}), representing a default deny.

func IsSystemNamespace 

func IsSystemNamespace(namespace string) bool

isSystemNamespace checks if the given namespace is a system namespace

func ListPodsTargetedByCiliumClusterWideNetworkPolicy 

func ListPodsTargetedByCiliumClusterWideNetworkPolicy(clientset *kubernetes.Clientset, dynamicClient dynamic.Interface, policy *unstructured.Unstructured) ([][]string, error)

ListPodsTargetedByCiliumClusterWideNetworkPolicy lists all pods targeted by the given Cilium cluster wide network policy.

func ListPodsTargetedByCiliumNetworkPolicy 

func ListPodsTargetedByCiliumNetworkPolicy(dynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([][]string, error)

ListPodsTargetedByCiliumNetworkPolicy lists all pods targeted by the given Cilium network policy in the specified namespace.

func ListPodsTargetedByNetworkPolicy 

func ListPodsTargetedByNetworkPolicy(dynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([][]string, error)

ListPodsTargetedByNetworkPolicy lists all pods targeted by the given network policy in the specified namespace.

func MatchesLabels 

func MatchesLabels(podLabels map[string]string, policySelector map[string]interface{}) bool

MatchesLabels checks if the pod's labels match the policy's endpointSelector

func SelectCiliumNamespaces 

func SelectCiliumNamespaces(clientset *kubernetes.Clientset, specificNamespace string) ([]string, error)

SelectCiliumNamespaces selects namespaces for scanning based on the input criteria

func SelectNamespaces 

func SelectNamespaces(clientset *kubernetes.Clientset, specificNamespace string) ([]string, error)

Select which namespace to scan

func StripANSICodes 

func StripANSICodes(str string) string

StripANSICodes removes ANSI escape codes from a string

func YAMLToNetworkPolicy 

func YAMLToNetworkPolicy(yamlContent string) (*networkingv1.NetworkPolicy, error)

YAMLToNetworkPolicy converts a YAML string to a NetworkPolicy object.

Types

type ContainerPortInfo 

type ContainerPortInfo struct {
	Name          string
	ContainerPort int32
	Protocol      v1.Protocol
}

Hold the desired info from a Pods ports

type PodInfo 

type PodInfo struct {
	Name      string
	Namespace string
	Labels    map[string]string
	Ports     []v1.ContainerPort
}

PodInfo holds the desired information from a Pods YAML.

func GetPodInfo 

func GetPodInfo(clientset kubernetes.Interface, namespace string) ([]PodInfo, error)

type PolicyVisualization 

type PolicyVisualization struct {
	Name       string   `json:"name"`
	Namespace  string   `json:"namespace"`
	TargetPods []string `json:"targetPods"`
}

PolicyVisualization represents a network policy and the pods it affects for visualization purposes.

type ScanResult 

type ScanResult struct {
	NamespacesScanned  []string
	DeniedNamespaces   []string
	UnprotectedPods    []string
	PolicyChangesMade  bool
	UserDeniedPolicies bool
	HasDenyAll         []string
	Score              int
	AllPodsProtected   bool
}

Struct to represent scan results in dashboard

func ScanCiliumClusterwideNetworkPolicies 

func ScanCiliumClusterwideNetworkPolicies(dynamicClient dynamic.Interface, printMessages bool, dryRun bool, isCLI bool, kubeconfigPath string) (*ScanResult, error)

ScanCiliumClusterwideNetworkPolicies scans the cluster for Cilium Clusterwide Network Policies

func ScanCiliumNetworkPolicies 

func ScanCiliumNetworkPolicies(specificNamespace string, dryRun bool, returnResult bool, isCLI bool, printScore bool, printMessages bool, kubeconfigPath string) (*ScanResult, error)

ScanCiliumNetworkPolicies scans namespaces for Cilium network policies

func ScanNetworkPolicies 

func ScanNetworkPolicies(specificNamespace string, dryRun bool, returnResult bool, isCLI bool, printScore bool, printMessages bool, kubeconfigPath string) (*ScanResult, error)

ScanNetworkPolicies scans namespaces for network policies

type VisualizationData 

type VisualizationData struct {
	Policies []PolicyVisualization `json:"policies"`
}

VisualizationData represents the structure of network policy and pod data for visualization.

func GatherClusterVisualizationData 

func GatherClusterVisualizationData(clientset kubernetes.Interface) ([]VisualizationData, error)

gatherClusterVisualizationData retrieves visualization data for all namespaces with network policies.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.