A tool for auditing Kubernetes clusters for misconfigurations, security issues, and best practices.
Project description
KubeSleuth
KubeSleuth is a simple tool for auditing your Kubernetes clusters. It scans your cluster configurations for misconfigurations, best practices, security issues, and resource allocations, providing detailed reports to help you maintain a healthy and secure environment.
It's still in early development, so expect some rough edges.
Table of Contents
How to Use
-
Clone the repository:
git clone https://github.com/yourusername/kubesleuth.git cd kubesleuth
-
Install dependencies:
pip install -r requirements.txt
-
Run KubeSleuth:
python3 kubesleuth.py --output markdown
-
Optional arguments:
--kubeconfig
: Path to the kubeconfig file (default:$HOME/.kube/config
)--context
: Kubernetes context to use
Example:
python3 kubesleuth.py --output json --kubeconfig /path/to/kubeconfig --context my-context
Overview
KubeSleuth is designed to help you maintain a secure and well-configured Kubernetes cluster. It performs a variety of checks on your cluster, including:
- RBAC (Role-Based Access Control): Ensures role bindings are secure and correctly configured.
- Authentication: Checks for basic authentication and password policies.
- Custom Roles: Identifies and reviews custom roles and cluster roles.
- Network Policies: Ensures network policies are defined and enforced.
- Namespace Isolation: Checks if resources are properly isolated by namespaces.
- Privileged Containers: Detects containers running with privileged access.
By running KubeSleuth, you can quickly identify potential issues and areas for improvement in your cluster's configuration.
Installation
To install KubeSleuth, follow these steps:
-
Clone the repository:
git clone https://github.com/thevanguardian/kubesleuth.git cd kubesleuth
-
Install dependencies:
pip install -r requirements.txt
Features
- RBAC Audit: Identifies insecure role bindings and missing subjects.
- Authentication Checks: Verifies if basic authentication is enabled.
- Custom Roles Review: Lists and reviews custom roles and cluster roles.
- Network Policies Audit: Ensures network policies are present and enforced.
- Namespace Isolation Checks: Detects resources placed in the default namespace.
- Privileged Containers Detection: Finds containers running with privileged access.
- Flexible Configuration: Supports custom kubeconfig files and contexts.
Configuration
KubeSleuth can be configured using command-line arguments:
--kubeconfig
: Path to the kubeconfig file (default:$HOME/.kube/config
)--context
: Kubernetes context to use--output
: Output format (json
ormarkdown
)
Example:
python3 kubesleuth.py --output markdown --kubeconfig /path/to/kubeconfig --context my-context
Contributing
Contributions are welcome! If you have suggestions for improvements or new features, please create an issue or submit a pull request.
Fork the repository Create your feature branch (git checkout -b feature/your-feature) Commit your changes (git commit -m 'Add your feature') Push to the branch (git push origin feature/your-feature) Open a pull request
License
This project is licensed under the GNU General Public License v3 (GPLv3).
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for kubesleuth-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a00e76d842adde9d9836fef8119478334eba1c918f1e8bc382636aaf3d7a28fe |
|
MD5 | 8576eb8dfdd7efccc62ad37ce5e0daa4 |
|
BLAKE2b-256 | e5953430d1b2446dfe63c2a4e2803e60c7855bcfa68221c581a44e5edd718039 |