Code Monkey home page Code Monkey logo

klustair-frontend's Introduction

KlustAIR Scanner

The Klustair scanner scanns your Kubernetes namespaces for the used images and submits them to Anchore. This is the scanner part.

INFORMATION This runner is deprecated in favor of the new klustair-cli. For Klustair newer than v0.6.0 please use the klustair-cli written in GO.


Related Klustair projects:

Related opensource projects

  • trivy A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts
  • (DEPRECATED) anchore-engine A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
  • kubeaudit kubeaudit helps you audit your Kubernetes clusters against common security controls

Requirements

  • Python 3
  • Running Anchore (See docker-compose-anchore.yaml)

Usage

usage: runner.py [-h] [-v] [-n NAMESPACES] [-N NAMESPACESBLACKLIST]
                 [-k KUBEAUDIT] [-l LABEL] [-a] [-t] [-c TRIVYCREDENTIALS]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         increase output verbosity
  -n NAMESPACES, --namespaces NAMESPACES
                        Coma separated whitelist of Namespaces to check
  -N NAMESPACESBLACKLIST, --namespacesblacklist NAMESPACESBLACKLIST
                        Coma separated blacklist of Namespaces to skip
  -k KUBEAUDIT, --kubeaudit KUBEAUDIT
                        Coma separated list of audits to run. default: 'all',
                        disable: 'none'
  -l LABEL, --label LABEL
                        A optional title for your run
  -a, --anchore         Run Anchore vulnerability checks
  -t, --trivy           Run Trivy vulnerability checks
  -c TRIVYCREDENTIALSPATH, --trivycredentialspath TRIVYCREDENTIALSPATH
                        Path to repo credentials for trivy
  -ld LIMITDATE, --limitDate LIMITDATE
                        Remove reports older than X days
  -ln LIMITNR, --limitNr LIMITNR
                        Keep only X reports
  -C CONFIGKEY, --limitNr CONFIGKEY
                        Load remote configuration from frontend
  -H APIHOST, --limitNr APIHOST
                        Remote API-host address [example: https://localhost:8443]

ENV vars

export KLUSTAIR_NAMESPACES=
export KLUSTAIR_NAMESPACEBLACKLIST=
export KLUSTAIR_KUBEAUDIT=
export KLUSTAIR_TRIVYCREDENTIALSPATH=

Run in Docker

cp .env.example .env
vim .env
docker-compose up -d

or

docker-compose up -d -e PATH_LOCAL_KUBECONFIG=~/.kube/config

Start Anchore locally

curl https://docs.anchore.com/current/docs/engine/quickstart/docker-compose.yaml > docker-compose-anchore.yaml
docker-compose -f docker-compose-anchore.yaml up -d

develop

python3 -m venv env
source env/bin/activate
pip install -r requirements.txt

deactivate

build

cp .env.example .env
vim .env
docker compose build

or

docker compose build

klustair-frontend's People

Contributors

claudio-walser avatar dependabot[bot] avatar gavinelder avatar mms-gianni avatar snyk-bot avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

gavinelder ashkanrafiee

klustair-frontend's Issues

Grafana Dashboard from Klustair DB data

I started to build a Grafana Dashboard from Klustair DB data

Link: https://grafana.com/grafana/dashboards/13414
Scrennshot: https://i.imgur.com/w5idjyi.png

Is it an "improvement"? I could not find another way to categorize it, only posting here to let you aware of it :)

It's an additional option to visualize data on the same place as I have all other monitoring metrics.
Klustair Frontend UI still holds much more details, then the idea is using the dashboard side by side with the Klustair Frontend

Upgrade php Version to 7.4

7.3 is not the state of the art. And instead of building from 7.3-apache-buster i will try to use 7.4-apache

FrontEnd errors / Framework The only supported ciphers are AES-128-CBC and AES-256-CBC

๐Ÿ‘‹ Hey first of all thanks for this project, I was wishing to give it a spin however running into some issues with both the docker-compose & Kubernetes helm deployment.

So far I have tried the following.

Numerous stack over flow and laveral threads such as the following https://stackoverflow.com/questions/39693312/the-only-supported-ciphers-are-aes-128-cbc-and-aes-256-cbc-with-the-correct-key

The process used to deploy.

Generate a random string.

date +%s | md5 | base64 | head -c 64 ; echo

helm install  --set klustairfrontend.url=your.klustair.domain.com \
--set klustairfrontend.appkey=base64:ZDYwN2Q1ZmQzZDExZjM1YTBjNjZiYjVjZDM3ZTc4OTkK 
my-klustair klustair/klustair

Any advice or pointers appreciated.

Error log.

2021-04-12 13:18:51] locallocal.ERROR: The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. {"exception":"[object] (RuntimeException(code: 0): The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths. at /var/www/vendor/laravel/framework/src/Illuminate/Encryption/Encrypter.php:43)
[stacktrace]
#0 /var/www/vendor/laravel/framework/src/Illuminate/Encryption/EncryptionServiceProvider.php(32): Illuminate\\Encryption\\Encrypter->__construct('d607d5fd3d11f35...', 'AES-256-CBC')
#1 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(826): Illuminate\\Encryption\\EncryptionServiceProvider->Illuminate\\Encryption\\{closure}(Object(Illuminate\\Foundation\\Application), Array)
#2 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(712): Illuminate\\Container\\Container->build(Object(Closure))
#3 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(841): Illuminate\\Container\\Container->resolve('encrypter', Array, true)
#4 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(651): Illuminate\\Foundation\\Application->resolve('encrypter', Array)
#5 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(826): Illuminate\\Container\\Container->make('encrypter', Array)
#6 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(980): Illuminate\\Foundation\\Application->make('encrypter')
#7 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(900): Illuminate\\Container\\Container->resolveClass(Object(ReflectionParameter))
#8 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(861): Illuminate\\Container\\Container->resolveDependencies(Array)
#9 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(712): Illuminate\\Container\\Container->build('App\\\\Http\\\\Middle...')
#10 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(841): Illuminate\\Container\\Container->resolve('App\\\\Http\\\\Middle...', Array, true)
#11 /var/www/vendor/laravel/framework/src/Illuminate/Container/Container.php(651): Illuminate\\Foundation\\Application->resolve('App\\\\Http\\\\Middle...', Array)
#12 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(826): Illuminate\\Container\\Container->make('App\\\\Http\\\\Middle...', Array)
#13 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(156): Illuminate\\Foundation\\Application->make('App\\\\Http\\\\Middle...')
#14 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#15 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(695): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#16 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(670): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(Illuminate\\Http\\Request))
#17 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(636): Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), Object(Illuminate\\Routing\\Route))
#18 /var/www/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
#19 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(166): Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
#20 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
#21 /var/www/vendor/barryvdh/laravel-debugbar/src/Middleware/InjectDebugbar.php(60): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#22 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Barryvdh\\Debugbar\\Middleware\\InjectDebugbar->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#23 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#24 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#25 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#26 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#27 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#28 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#29 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#30 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#31 /var/www/vendor/fruitcake/laravel-cors/src/HandleCors.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#32 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fruitcake\\Cors\\HandleCors->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#33 /var/www/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#34 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), Object(Closure))
#35 /var/www/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#36 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(141): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#37 /var/www/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#38 /var/www/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#39 {main}
"}

Frontend error using helm chart to deploy

Illuminate\Database\QueryException
SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "k_reports" does not exist LINE 1: select count(distinct "uid") as aggregate from "k_reports" ^ (SQL: select count(distinct "uid") as aggregate from "k_reports")

Illuminate\Database\Connection::runQueryCallback
vendor/laravel/framework/src/Illuminate/Database/Connection.php:671

I shared also here:
https://flareapp.io/share/VP6K1V07

It happens once I port forward and open the Frontend. Have never worked. I hope the details provided help!

FR - Klustair report per k8s cluster.

This is mainly for consensus and discussion around adding information around what Kubernetes cluster the vulnerabilities originated from.

The use case I imagine is a single klustair instance reporting for multiple k8s clusters where those reports can be filtered down to a per-cluster level.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.