From 2825a6eaca178ba01306985507c13bfc1065b845 Mon Sep 17 00:00:00 2001 From: Jones Jefferson Date: Thu, 1 Aug 2024 20:14:40 +0530 Subject: [PATCH] feat: Add Fluent-Bit to K8tls Signed-off-by: Jones Jefferson --- k8s/job.yaml | 91 ++++++++++++++++++++++++++++++++++++++++++++++--- src/k8s_tlsscan | 2 +- src/tlsscan | 7 +++- 3 files changed, 94 insertions(+), 6 deletions(-) diff --git a/k8s/job.yaml b/k8s/job.yaml index 65b08bc..01e90b0 100755 --- a/k8s/job.yaml +++ b/k8s/job.yaml @@ -131,27 +131,110 @@ data: ] } --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: fluent-config + namespace: k8tls +data: + fluent-bit.conf: | + [SERVICE] + Flush 1 + Log_Level info + Parsers_File parsers.conf + + [INPUT] + Name tail + Path /tmp/minified_report.json + Parser json + Tag json.data + DB /tmp/minified_report.db + Read_from_Head true + Exit_On_Eof true + + [OUTPUT] + Name es + Match * + Host localhost + Port 9200 + Index findings + HTTP_User elastic + HTTP_Passwd ${ES_PASSWORD} + tls On + tls.verify On + tls.ca_file /fluent-bit/http_ca.crt + Suppress_Type_Name On + Replace_Dots On +--- +apiVersion: v1 +kind: Secret +metadata: + name: es-password + namespace: k8tls +type: Opaque +data: + es_password: aXUyQzk1ZDYtVjktamtPVUdOdWM= +--- +apiVersion: v1 +kind: Secret +metadata: + name: http-ca-secret + namespace: k8tls +type: Opaque +data: + http_ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZXVENDQTBHZ0F3SUJBZ0lVQ05HamlKVkdEODEyc3FvZE9kcDFpMm5tWVNZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BERTZNRGdHQTFVRUF4TXhSV3hoYzNScFkzTmxZWEpqYUNCelpXTjFjbWwwZVNCaGRYUnZMV052Ym1acApaM1Z5WVhScGIyNGdTRlJVVUNCRFFUQWVGdzB5TkRBM016QXdNelUxTXpKYUZ3MHlOekEzTXpBd016VTFNekphCk1Ed3hPakE0QmdOVkJBTVRNVVZzWVhOMGFXTnpaV0Z5WTJnZ2MyVmpkWEpwZEhrZ1lYVjBieTFqYjI1bWFXZDEKY21GMGFXOXVJRWhVVkZBZ1EwRXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFEawpnS214Z0ptZW8yc3orTUhGcXhJNzdreG1iUEhCUWJNc3F0T1V6SGFaYkJFeTV3MXIwYTdGUXFqN3BpQXpFa2FPCjhFZm5NYjRKTW00SkZ1dGNUTitiNTRuS2NsVEpyZkM3YXRBMGh6dHlQand2R1k1dXJpK2JmWXZsRHFKR0ZtUU8KVVlRVStvTTFlSmZQdVR5YTlndHZMbktPK0cyNTg3NzBOb0c3Y2VHUmhNSXFGNGx1KzBVQVo5VHU5bVE2WUpMQQo5TW01d0xBTVkxemtnNW96RUNnV0dXOVByRVlsaG9VcjJiM1cwNTlmUHcraTJTMk9kZlpZSkw4Wmkyc1FoM25tClFIeHVMQ3AyWmlrUDFwZm9UZTVLeWptdDByZGFCb3h3UC90VVpHS1hhdzFFeVhFU0FVMDc4MUZHb2lIS1MzNEUKNEROaXJjc1BpdTJqbTBFOWxwanNHNWF5QUErOWxYWFhtcmhNWnNSdGEzVXR2dW9va0NwUEk3WjNWbTZRdlFCNApVbkNIeldld3ptTmZXTVQ5TTJXRnBUNmdLUEpBanNEOHRCQ3lEd1FZV1p3LzI3cEhnb3RVUGZ3WE9JUTVJdGV2CnprRlozNUhIdzBtbWtiNUZ3Vnp1Q3NGcnlrN0FRUHd5aTVsK0pPUzdENVNLWXpSZjE1QURTZUdKVHRQLzArMFIKaWFKRm0rWThnR1FDdWdIL2VwZ0ljMjBjWHdTeUR3RWI0bWxkaGkraUt5ODBCTDIyQS95MnpKRWtCQkxqK2JPMwpWelFqVjNDTlpDbEQwNHk3U3BUSk1RNEtISUxvYURaSGdqd1ZaRTVnZ0loYzNGSlV3SE9SajF5UExnb0lUYkY2Ck0veGFvZVBWZzR3Mis0L3RVSEVheXp0WEtUdkhDLzNVTExyM21kZ3FZd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEUKRmdRVTZHS2E3cGRyQzVkZE1GajVsSXZjc09VbWZ3a3dId1lEVlIwakJCZ3dGb0FVNkdLYTdwZHJDNWRkTUZqNQpsSXZjc09VbWZ3a3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFXV3ZPCkwzdFlZUWVYcEhEMmUrOEpXTm9aTDE1Qnl6LzJOWlJoVUhvaHpTeWx4NnNMNjFYRWF0ZWJ6czhUVjFsc1J6Q08KZytCYzlrZjZCQVFSUEt4Sm0xdUwxeThYaWZERlRpclArS1NnYnRQNVlpTWgxZ0NlSUZydjBLaW9DNjhMZTR5aApQNHBiek9yOWJTbEJqeWs2SHdHUDBpTnFSRW1wcEJNazltcEprNzZwVUZDalRtYTNkd1NnOGcyZ2pCRDN1MEJzCnhYazlQQ1pYQmptcFR5M0lOOFJOWDZTTVRGZWo0TEdMVnljcVJUOThhZnMxNlNjcVJZenlUTGhBVXFXSnRWQTYKb2s2YjZCVlR0MDNBTk5ndm9Vb0hLWHJmZWRzTEQydFZoZjVvcFVuaHBlV1R1ZkRMZ2h2dWVxUk16bWZQUGlFYQo4WUVYaHBIdTNkSmJvcGhOT2RSMFM3c2VLU3ZvUTN6U2pXeWJ0V01QS0xNczZNQ0djMkxzMlFMc2Yxbkkyb2dGCllvc0hjN2hKUlpzeGRHME1tcFVldUR6Z2xHa2FuL3ZaSzRhMHhJYlpCVmlFTlJqc2kyOVJrbEh4M3pvVCs0MUUKZndoRlYzSUdFaUd2QkE4SjFGenFQNkRZajJoelZKL3JjMXdDT2dkZzFwTnVXbWl1TDNabTdCTlhtcGRFWWpZUApBdk9QdmFRZVFNZjh6NDcvZjVTSHlBQzEweDNmQkJOcXBiNXplMFNoTUwyTm94WUV4UmkzZ1ZrL09OcEhDK2dFCkhkOWRUSVpWY2lxT0VUY1FuWmF5NmhtSDczaGJsa0RkRm54ZXNVMWNDOEM5eTZiZVBSdmVGVndzTUZ3S2h2UDIKNFFaVTVGbHBBV2RyR1YvcU1pUEpqMEkzOW5IYXNZM054V3Q5TUM0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== +--- apiVersion: batch/v1 kind: Job metadata: name: k8tls namespace: k8tls spec: + ttlSecondsAfterFinished: 3600 # Retain the job (and its pods) for 1 hour after completion template: spec: serviceAccountName: k8tls-serviceact - containers: - - name: k8tls - image: kubearmor/k8tls:latest + initContainers: + - name: init-k8tls + image: kubearmor/k8tls:latest command: ["./k8s_tlsscan"] volumeMounts: - mountPath: /home/k8tls/config/ name: config readOnly: true + - mountPath: /tmp/ + name: shared-volume + containers: + - name: fluent-bit + image: fluent/fluent-bit:latest + env: + - name: ES_PASSWORD + valueFrom: + secretKeyRef: + name: es-password + key: es_password + volumeMounts: + - mountPath: /tmp/ + name: shared-volume + - mountPath: /fluent-bit/etc/fluent-bit.conf + name: fluent-config + subPath: fluent-bit.conf + - mountPath: /fluent-bit/http_ca.crt + name: http-ca-secret + subPath: http_ca.crt restartPolicy: Never volumes: - name: config configMap: name: k8tls-cm + - name: shared-volume + emptyDir: {} + - name: fluent-config + configMap: + name: fluent-config + - name: http-ca-secret + secret: + secretName: http-ca-secret + backoffLimit: 4 ---- +--- \ No newline at end of file diff --git a/src/k8s_tlsscan b/src/k8s_tlsscan index 7de3250..1a68721 100755 --- a/src/k8s_tlsscan +++ b/src/k8s_tlsscan @@ -42,4 +42,4 @@ while read -r line; do IFS=' ' done < <(kubectl get svc --no-headers -A -o=custom-columns='NS:.metadata.namespace,NAME:.metadata.name,ClusterIP:.spec.clusterIP,PORTNAME:.spec.ports[*].name,PORT:.spec.ports[*].port,PROTOCOL:.spec.ports[*].protocol,TGTPORT:.spec.ports[*].targetPort') -$BDIR/tlsscan -f $ADDRLIST +$BDIR/tlsscan --infile $ADDRLIST --minified-json diff --git a/src/tlsscan b/src/tlsscan index 7c47e51..24d118b 100755 --- a/src/tlsscan +++ b/src/tlsscan @@ -25,6 +25,7 @@ Options: -f | --infile input file containing list of addresses (mandatory) --json output json file --csv output csv file +--minified-json output minified json file -h | --help EOF exit 1 @@ -32,7 +33,7 @@ EOF parse_cmdargs() { - OPTS=`getopt -o f:h --long csv:,infile:,json:,help -n 'parse-options' -- "$@"` + OPTS=`getopt -o f:h --long csv:,infile:,json:,minified-json,help -n 'parse-options' -- "$@"` [[ $? -ne 0 ]] && usage eval set -- "$OPTS" while true; do @@ -40,6 +41,7 @@ parse_cmdargs() -f | --infile ) infile="$2"; [[ ! -f $infile ]] && echo "$infile file not found" && exit 2; shift 2;; --json ) jsonout="$2"; [[ -f $jsonout ]] && rm -f $jsonout; shift 2;; --csv ) csvout="$2"; shift 2;; + --minified-json ) minified_json_out="/tmp/minified_report.json"; shift 1;; -h | --help ) usage; shift 1;; -- ) shift; break ;; * ) break ;; @@ -192,6 +194,9 @@ main() done < $infile jsonfooter [[ -f "$csvout" ]] && tabled --in $csvout --config ${TABLED_YAML-tabled.yaml} + if [[ -n "$minified_json_out" && -f "$jsonout" ]]; then + jq -c . $jsonout > $minified_json_out + fi echo ; getsummary }