Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

observability and policy discovery helper tool #613

Closed
nyrahul opened this issue Feb 10, 2022 · 4 comments
Closed

observability and policy discovery helper tool #613

nyrahul opened this issue Feb 10, 2022 · 4 comments
Assignees
@nthnieljson
Labels
enhancement New feature or request help wanted Extra attention is needed roadmap Roadmap feature for KubeArmor

Comments

@nyrahul
Copy link
Contributor

nyrahul commented Feb 10, 2022

Feature Request

Short Description

KubeArmor, apart from been a policy enforcement engine also emits pod/container visibility data that can be used for observability use-cases. This observability information could in turn be used for kubearmor policy generation.
The aim of this feature is to:

  1. show observability data in context to pod/container. Observability data includes
    • process spawned in the pod/container
    • file system accesses made use of
    • capabilities accessed by the pods/containers
    • network primitives used by the pod/container
  2. show the information at namespace level, pod level or at container level, across multi-node deployments

Some of the requirements/use-cases are documented in the slides here.

Describe the solution you'd like

A kubearmor coach service is deployed in the cluster. This service connects to the kubearmor relay and gets the events from the daemonsets. The events contain all the information required to show the observability information.

We would need command line tool to access observability information. karmor (kubearmor-client) tool could support karmor observe option.
We can further have a TUI tool built on top of these APIs using bubbletea.

The tasks can be divided into following phases:

  • Phase 1: Design the expected sample output. KubeArmor Coach k8s-deployment+service ... keep the logs and records in the DB. Aggregate the logs and keep summarized information in the DB. Provide GRPC APIs to access the information. Extend karmor to support the observe option with filtering options.
  • Phase 2: Work on TUI to show the output in easily consumable way.
@nyrahul nyrahul added enhancement New feature or request help wanted Extra attention is needed roadmap Roadmap feature for KubeArmor labels Feb 10, 2022
@nthnieljson
Copy link
Contributor

Hello, I have provided a design document draft regarding this feature
https://docs.google.com/document/d/177jR8CpC6OgqTA8sMyqXfaJitAvreN5XyO-NDm5UKcY/edit?usp=sharing

@Shubhf
Copy link

Shubhf commented Aug 8, 2024

Hey @nyrahul Can I contribute on this issue?

@nyrahul
Copy link
Contributor Author

nyrahul commented Aug 8, 2024

Hey @Shubhf , I do not think this issue is relevant anymore since now have karmor profile that provides this view.
I think we can close this issue.

@nyrahul nyrahul closed this as completed Aug 8, 2024
@Shubhf
Copy link

Shubhf commented Aug 8, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nthnieljson nthnieljson

Labels
enhancement New feature or request help wanted Extra attention is needed roadmap Roadmap feature for KubeArmor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nyrahul @nthnieljson @Shubhf