Skip to content

Commit

Permalink
feat: Add Fluent-Bit to K8tls
Browse files Browse the repository at this point in the history
Signed-off-by: Jones Jefferson <jones@accuknox.com>
  • Loading branch information
Jones Jefferson committed Aug 2, 2024
1 parent 10af489 commit 2825a6e
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 6 deletions.
91 changes: 87 additions & 4 deletions k8s/job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -131,27 +131,110 @@ data:
]
}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-config
namespace: k8tls
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Log_Level info
Parsers_File parsers.conf
[INPUT]
Name tail
Path /tmp/minified_report.json
Parser json
Tag json.data
DB /tmp/minified_report.db
Read_from_Head true
Exit_On_Eof true
[OUTPUT]
Name es
Match *
Host localhost
Port 9200
Index findings
HTTP_User elastic
HTTP_Passwd ${ES_PASSWORD}
tls On
tls.verify On
tls.ca_file /fluent-bit/http_ca.crt
Suppress_Type_Name On
Replace_Dots On
---
apiVersion: v1
kind: Secret
metadata:
name: es-password
namespace: k8tls
type: Opaque
data:
es_password: aXUyQzk1ZDYtVjktamtPVUdOdWM=
---
apiVersion: v1
kind: Secret
metadata:
name: http-ca-secret
namespace: k8tls
type: Opaque
data:
http_ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXVENDQTBHZ0F3SUJBZ0lVQ05HamlKVkdEODEyc3FvZE9kcDFpMm5tWVNZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BERTZNRGdHQTFVRUF4TXhSV3hoYzNScFkzTmxZWEpqYUNCelpXTjFjbWwwZVNCaGRYUnZMV052Ym1acApaM1Z5WVhScGIyNGdTRlJVVUNCRFFUQWVGdzB5TkRBM016QXdNelUxTXpKYUZ3MHlOekEzTXpBd016VTFNekphCk1Ed3hPakE0QmdOVkJBTVRNVVZzWVhOMGFXTnpaV0Z5WTJnZ2MyVmpkWEpwZEhrZ1lYVjBieTFqYjI1bWFXZDEKY21GMGFXOXVJRWhVVkZBZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEawpnS214Z0ptZW8yc3orTUhGcXhJNzdreG1iUEhCUWJNc3F0T1V6SGFaYkJFeTV3MXIwYTdGUXFqN3BpQXpFa2FPCjhFZm5NYjRKTW00SkZ1dGNUTitiNTRuS2NsVEpyZkM3YXRBMGh6dHlQand2R1k1dXJpK2JmWXZsRHFKR0ZtUU8KVVlRVStvTTFlSmZQdVR5YTlndHZMbktPK0cyNTg3NzBOb0c3Y2VHUmhNSXFGNGx1KzBVQVo5VHU5bVE2WUpMQQo5TW01d0xBTVkxemtnNW96RUNnV0dXOVByRVlsaG9VcjJiM1cwNTlmUHcraTJTMk9kZlpZSkw4Wmkyc1FoM25tClFIeHVMQ3AyWmlrUDFwZm9UZTVLeWptdDByZGFCb3h3UC90VVpHS1hhdzFFeVhFU0FVMDc4MUZHb2lIS1MzNEUKNEROaXJjc1BpdTJqbTBFOWxwanNHNWF5QUErOWxYWFhtcmhNWnNSdGEzVXR2dW9va0NwUEk3WjNWbTZRdlFCNApVbkNIeldld3ptTmZXTVQ5TTJXRnBUNmdLUEpBanNEOHRCQ3lEd1FZV1p3LzI3cEhnb3RVUGZ3WE9JUTVJdGV2CnprRlozNUhIdzBtbWtiNUZ3Vnp1Q3NGcnlrN0FRUHd5aTVsK0pPUzdENVNLWXpSZjE1QURTZUdKVHRQLzArMFIKaWFKRm0rWThnR1FDdWdIL2VwZ0ljMjBjWHdTeUR3RWI0bWxkaGkraUt5ODBCTDIyQS95MnpKRWtCQkxqK2JPMwpWelFqVjNDTlpDbEQwNHk3U3BUSk1RNEtISUxvYURaSGdqd1ZaRTVnZ0loYzNGSlV3SE9SajF5UExnb0lUYkY2Ck0veGFvZVBWZzR3Mis0L3RVSEVheXp0WEtUdkhDLzNVTExyM21kZ3FZd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEUKRmdRVTZHS2E3cGRyQzVkZE1GajVsSXZjc09VbWZ3a3dId1lEVlIwakJCZ3dGb0FVNkdLYTdwZHJDNWRkTUZqNQpsSXZjc09VbWZ3a3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFXV3ZPCkwzdFlZUWVYcEhEMmUrOEpXTm9aTDE1Qnl6LzJOWlJoVUhvaHpTeWx4NnNMNjFYRWF0ZWJ6czhUVjFsc1J6Q08KZytCYzlrZjZCQVFSUEt4Sm0xdUwxeThYaWZERlRpclArS1NnYnRQNVlpTWgxZ0NlSUZydjBLaW9DNjhMZTR5aApQNHBiek9yOWJTbEJqeWs2SHdHUDBpTnFSRW1wcEJNazltcEprNzZwVUZDalRtYTNkd1NnOGcyZ2pCRDN1MEJzCnhYazlQQ1pYQmptcFR5M0lOOFJOWDZTTVRGZWo0TEdMVnljcVJUOThhZnMxNlNjcVJZenlUTGhBVXFXSnRWQTYKb2s2YjZCVlR0MDNBTk5ndm9Vb0hLWHJmZWRzTEQydFZoZjVvcFVuaHBlV1R1ZkRMZ2h2dWVxUk16bWZQUGlFYQo4WUVYaHBIdTNkSmJvcGhOT2RSMFM3c2VLU3ZvUTN6U2pXeWJ0V01QS0xNczZNQ0djMkxzMlFMc2Yxbkkyb2dGCllvc0hjN2hKUlpzeGRHME1tcFVldUR6Z2xHa2FuL3ZaSzRhMHhJYlpCVmlFTlJqc2kyOVJrbEh4M3pvVCs0MUUKZndoRlYzSUdFaUd2QkE4SjFGenFQNkRZajJoelZKL3JjMXdDT2dkZzFwTnVXbWl1TDNabTdCTlhtcGRFWWpZUApBdk9QdmFRZVFNZjh6NDcvZjVTSHlBQzEweDNmQkJOcXBiNXplMFNoTUwyTm94WUV4UmkzZ1ZrL09OcEhDK2dFCkhkOWRUSVpWY2lxT0VUY1FuWmF5NmhtSDczaGJsa0RkRm54ZXNVMWNDOEM5eTZiZVBSdmVGVndzTUZ3S2h2UDIKNFFaVTVGbHBBV2RyR1YvcU1pUEpqMEkzOW5IYXNZM054V3Q5TUM0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
---
apiVersion: batch/v1
kind: Job
metadata:
name: k8tls
namespace: k8tls
spec:
ttlSecondsAfterFinished: 3600 # Retain the job (and its pods) for 1 hour after completion
template:
spec:
serviceAccountName: k8tls-serviceact
containers:
- name: k8tls
image: kubearmor/k8tls:latest
initContainers:
- name: init-k8tls
image: kubearmor/k8tls:latest
command: ["./k8s_tlsscan"]
volumeMounts:
- mountPath: /home/k8tls/config/
name: config
readOnly: true
- mountPath: /tmp/
name: shared-volume
containers:
- name: fluent-bit
image: fluent/fluent-bit:latest
env:
- name: ES_PASSWORD
valueFrom:
secretKeyRef:
name: es-password
key: es_password
volumeMounts:
- mountPath: /tmp/
name: shared-volume
- mountPath: /fluent-bit/etc/fluent-bit.conf
name: fluent-config
subPath: fluent-bit.conf
- mountPath: /fluent-bit/http_ca.crt
name: http-ca-secret
subPath: http_ca.crt
restartPolicy: Never
volumes:
- name: config
configMap:
name: k8tls-cm
- name: shared-volume
emptyDir: {}
- name: fluent-config
configMap:
name: fluent-config
- name: http-ca-secret
secret:
secretName: http-ca-secret

backoffLimit: 4
---
---
2 changes: 1 addition & 1 deletion src/k8s_tlsscan
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,4 @@ while read -r line; do
IFS=' '
done < <(kubectl get svc --no-headers -A -o=custom-columns='NS:.metadata.namespace,NAME:.metadata.name,ClusterIP:.spec.clusterIP,PORTNAME:.spec.ports[*].name,PORT:.spec.ports[*].port,PROTOCOL:.spec.ports[*].protocol,TGTPORT:.spec.ports[*].targetPort')

$BDIR/tlsscan -f $ADDRLIST
$BDIR/tlsscan --infile $ADDRLIST --minified-json
7 changes: 6 additions & 1 deletion src/tlsscan
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,23 @@ Options:
-f | --infile input file containing list of addresses (mandatory)
--json output json file
--csv output csv file
--minified-json output minified json file
-h | --help
EOF
exit 1
}

parse_cmdargs()
{
OPTS=`getopt -o f:h --long csv:,infile:,json:,help -n 'parse-options' -- "$@"`
OPTS=`getopt -o f:h --long csv:,infile:,json:,minified-json,help -n 'parse-options' -- "$@"`
[[ $? -ne 0 ]] && usage
eval set -- "$OPTS"
while true; do
case "$1" in
-f | --infile ) infile="$2"; [[ ! -f $infile ]] && echo "$infile file not found" && exit 2; shift 2;;
--json ) jsonout="$2"; [[ -f $jsonout ]] && rm -f $jsonout; shift 2;;
--csv ) csvout="$2"; shift 2;;
--minified-json ) minified_json_out="/tmp/minified_report.json"; shift 1;;
-h | --help ) usage; shift 1;;
-- ) shift; break ;;
* ) break ;;
Expand Down Expand Up @@ -192,6 +194,9 @@ main()
done < $infile
jsonfooter
[[ -f "$csvout" ]] && tabled --in $csvout --config ${TABLED_YAML-tabled.yaml}
if [[ -n "$minified_json_out" && -f "$jsonout" ]]; then
jq -c . $jsonout > $minified_json_out
fi
echo ;
getsummary
}
Expand Down

0 comments on commit 2825a6e

Please sign in to comment.