k8s

package
v0.0.0-...-c4b1407 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 24, 2024 License: MIT Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	HeaderStyle  = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("6")).Align(lipgloss.Center)
	EvenRowStyle = lipgloss.NewStyle().Foreground(lipgloss.Color("6"))
	OddRowStyle  = lipgloss.NewStyle().Foreground(lipgloss.Color("6"))
)
View Source 
var FoundPolicyStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("10")).
	Align(lipgloss.Center).
	PaddingLeft(0).
	PaddingRight(4).
	MarginTop(1).
	MarginBottom(1)
View Source 
var HeaderAboveTableStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("10")).
	PaddingLeft(0).
	PaddingRight(0).
	MarginBottom(1)

Use lipgloss for neat tables in CLI

View Source 
var PoliciesNotApplyingHeaderStyle = lipgloss.NewStyle().
	Bold(true).
	Foreground(lipgloss.Color("6")).
	Align(lipgloss.Center).
	PaddingLeft(4).
	PaddingRight(4).
	MarginTop(1).
	MarginBottom(1)

Functions

func CalculateScore 

func CalculateScore(hasPolicies bool, hasDenyAll bool, unprotectedPodsCount int) int

Scoring logic

func ConvertEndpointToSelector 

func ConvertEndpointToSelector(endpointSelector map[string]interface{}) (string, error)

ConvertEndpointToSelector converts the endpointSelector from a CiliumNetworkPolicy to a label selector string.

func CreateAndApplyDefaultDenyCiliumClusterwidePolicy 

func CreateAndApplyDefaultDenyCiliumClusterwidePolicy(dynamicClient dynamic.Interface) error

CreateAndApplyDefaultDenyCiliumClusterwidePolicy creates and applies a default deny all network policy for Cilium at the cluster level.

func CreateAndApplyDefaultDenyCiliumPolicy 

func CreateAndApplyDefaultDenyCiliumPolicy(namespace string, dynamicClient dynamic.Interface) error

CreateAndApplyDefaultDenyCiliumPolicy creates and applies a default deny all network policy for Cilium in the specified namespace.

func GatherNamespacesWithPolicies 

func GatherNamespacesWithPolicies(clientset kubernetes.Interface) ([]string, error)

gatherNamespacesWithPolicies returns a list of all namespaces that contain network policies.

func GetCiliumDynamicClient 

func GetCiliumDynamicClient() (dynamic.Interface, error)

GetCiliumDynamicClient returns a dynamic interface to query for Cilium policies

func GetClientset 

func GetClientset() (*kubernetes.Clientset, error)

GetClientset creates a new Kubernetes clientset

func HandleAddPolicyRequest 

func HandleAddPolicyRequest(w http.ResponseWriter, r *http.Request)

func HandleNamespaceListRequest 

func HandleNamespaceListRequest(w http.ResponseWriter, r *http.Request)

HandleNamespaceListRequest lists all non-system Kubernetes namespaces

func HandlePolicyYAMLRequest 

func HandlePolicyYAMLRequest(w http.ResponseWriter, r *http.Request)

HandlePolicyYAMLRequest handles the HTTP request for serving the YAML of a network policy.

func HandleScanRequest 

func HandleScanRequest(w http.ResponseWriter, r *http.Request)

handleScanRequest handles the HTTP request for scanning network policies

func HandleVisualizationRequest 

func HandleVisualizationRequest(w http.ResponseWriter, r *http.Request)

HandleVisualizationRequest handles the HTTP request for serving visualization data.

func HasDefaultDenyAllCiliumPolicy 

func HasDefaultDenyAllCiliumPolicy(policies []*unstructured.Unstructured) bool

HasDefaultDenyAllCiliumPolicy checks if the list of CiliumNetworkPolicies includes a default deny all policy

func IsDefaultDenyAllCiliumClusterwidePolicy 

func IsDefaultDenyAllCiliumClusterwidePolicy(policyUnstructured unstructured.Unstructured) (bool, bool)

IsDefaultDenyAllCiliumClusterwidePolicy checks if a single CiliumClusterwideNetworkPolicy is a default deny-all policy

func IsDefaultDenyAllCiliumPolicy 

func IsDefaultDenyAllCiliumPolicy(policyUnstructured unstructured.Unstructured) bool

IsDefaultDenyAllCiliumPolicy checks if a single Cilium policy is a default deny-all policy

func IsEmptyOrOnlyContainsEmptyObjects 

func IsEmptyOrOnlyContainsEmptyObjects(slice []interface{}) bool

Helper function to check if the ingress/egress slice is empty or only contains empty objects

func IsPodProtected 

func IsPodProtected(writer *bufio.Writer, clientset *kubernetes.Clientset, pod corev1.Pod, policies []*unstructured.Unstructured, defaultDenyAllExists bool, globallyProtectedPods map[string]struct{}) bool

func IsSpecificallyEmpty 

func IsSpecificallyEmpty(slice []interface{}) bool

Check specifically for a slice that only contains a single empty map ({}), representing a default deny.

func IsSystemNamespace 

func IsSystemNamespace(namespace string) bool

isSystemNamespace checks if the given namespace is a system namespace

func MatchesLabels 

func MatchesLabels(podLabels map[string]string, policySelector map[string]interface{}) bool

MatchesLabels checks if the pod's labels match the policy's endpointSelector

func StripANSICodes 

func StripANSICodes(str string) string

StripANSICodes removes ANSI escape codes from a string

func YAMLToNetworkPolicy 

func YAMLToNetworkPolicy(yamlContent string) (*networkingv1.NetworkPolicy, error)

YAMLToNetworkPolicy converts a YAML string to a NetworkPolicy object.

Types

type ContainerPortInfo 

type ContainerPortInfo struct {
	Name          string
	ContainerPort int32
	Protocol      v1.Protocol
}

Hold the desired info from a Pods ports

type PodInfo 

type PodInfo struct {
	Name      string
	Namespace string
	Labels    map[string]string
	Ports     []v1.ContainerPort
}

PodInfo holds the desired information from a Pods YAML.

func GetPodInfo 

func GetPodInfo(clientset kubernetes.Interface, namespace string) ([]PodInfo, error)

type PolicyVisualization 

type PolicyVisualization struct {
	Name       string   `json:"name"`
	Namespace  string   `json:"namespace"`
	TargetPods []string `json:"targetPods"`
}

PolicyVisualization represents a network policy and the pods it affects for visualization purposes.

type ScanResult 

type ScanResult struct {
	NamespacesScanned  []string
	DeniedNamespaces   []string
	UnprotectedPods    []string
	PolicyChangesMade  bool
	UserDeniedPolicies bool
	HasDenyAll         []string
	Score              int
	AllPodsProtected   bool
}

Struct to represent scan results in dashboard

func ScanCiliumClusterwideNetworkPolicies 

func ScanCiliumClusterwideNetworkPolicies(dynamicClient dynamic.Interface, printMessages bool, dryRun bool, isCLI bool) (*ScanResult, error)

ScanCiliumClusterwideNetworkPolicies scans the cluster for Cilium Clusterwide Network Policies

func ScanCiliumNetworkPolicies 

func ScanCiliumNetworkPolicies(specificNamespace string, dryRun bool, returnResult bool, isCLI bool, printScore bool, printMessages bool) (*ScanResult, error)

ScanCiliumNetworkPolicies scans namespaces for Cilium network policies

func ScanNetworkPolicies 

func ScanNetworkPolicies(specificNamespace string, dryRun bool, returnResult bool, isCLI bool, printScore bool, printMessages bool) (*ScanResult, error)

ScanNetworkPolicies scans namespaces for network policies

type VisualizationData 

type VisualizationData struct {
	Policies []PolicyVisualization `json:"policies"`
}

VisualizationData represents the structure of network policy and pod data for visualization.

func GatherClusterVisualizationData 

func GatherClusterVisualizationData(clientset kubernetes.Interface) ([]VisualizationData, error)

gatherClusterVisualizationData retrieves visualization data for all namespaces with network policies.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.