{"id":13720496,"url":"https://github.com/alcideio/kaudit","last_synced_at":"2025-12-30T02:05:40.532Z","repository":{"id":48927737,"uuid":"248258164","full_name":"alcideio/kaudit","owner":"alcideio","description":"Alcide Kubernetes Audit Log Analyzer - Alcide kAudit","archived":false,"fork":false,"pushed_at":"2021-07-08T12:32:41.000Z","size":312,"stargazers_count":36,"open_issues_count":2,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-14T09:39:16.260Z","etag":null,"topics":["alcide-kaudit","audit-log","forensic-analysis","forensics","kubernetes","security","security-tools","vault"],"latest_commit_sha":null,"homepage":"https://www.alcide.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alcideio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-18T14:43:55.000Z","updated_at":"2023-11-01T08:37:11.000Z","dependencies_parsed_at":"2022-09-24T00:23:59.783Z","dependency_job_id":null,"html_url":"https://github.com/alcideio/kaudit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alcideio%2Fkaudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alcideio%2Fkaudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alcideio%2Fkaudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alcideio%2Fkaudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alcideio","download_url":"https://codeload.github.com/alcideio/kaudit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252876408,"owners_count":21818176,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alcide-kaudit","audit-log","forensic-analysis","forensics","kubernetes","security","security-tools","vault"],"created_at":"2024-08-03T01:01:04.481Z","updated_at":"2025-12-30T02:05:40.495Z","avatar_url":"https://github.com/alcideio.png","language":"Shell","funding_links":[],"categories":["Audit","Shell"],"sub_categories":[],"readme":"![Test Alcide kAudit Chart](https://github.com/alcideio/kaudit/workflows/Test%20Alcide%20kAudit%20Chart/badge.svg)\n\n\u003cimg src=\"https://www.alcide.io/wp-content/themes/alcide/images/kaudit/ALCID%20KAUDIT@2x.png\" alt=\"Alcide Code-to-production secutiry\" width=\"400\" \n/\u003e\n\n- [Installation](#installation)\n- [Create local test environment (Dynamic Auditing)](#create-local-test-environment--dynamic-auditing-)\n- [Before Installing Alcide kAudit](#before-installing-alcide-kaudit)\n- [Installation Examples](#installation-examples)\n- [Access Alcide kAudit From Outside The Cluster](#access-alcide-kaudit-from-outside-the-cluster)\n- [Integration with Hashicorp Vault](#integration-with-hashicorp-vault)\n\n## Installation\n\n* EKS\n* GKE\n* AKS\n* Kubernetes Webhook\n* Kubernetes Dynamic Auditing (AuditSink)\n\n### In the Makefile\n\n```bash\nUsage: make [options] [target] ...\n\nGenerate:\n  generate-aks                  Generate AKS installation\n  generate-all                  Generate All Deployment targets\n  generate-eks                  Generate EKS installation\n  generate-gke                  Generate GKE installation\n  generate-k8s                  Generate Audit Sink installation\n  generate-k8s-webhook          Generate Audit Sink installation\n\nInstall:\n  get-linux-deps                Dependencies Linux\n\nMisc:\n  help                          Show this help\n\nTest:\n  create-kind-cluster           KIND\n  create-minikube-cluster       Minikube\n\n```\n\n# Create local test environment (Dynamic Auditing)\n\n**Kubernetes [KIND](https://kind.sigs.k8s.io/)**\n\n```bash\nkind create cluster --config hack/kind-config.yaml --image kindest/node:v1.16.4 --name kaudit-v1.16\n```\n\n**[Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/)**\n\n```bash\n\tminikube start --memory=6g --cpus=4 \\\n        --extra-config=apiserver.audit-dynamic-configuration=true \\\n        --extra-config=apiserver.feature-gates=DynamicAuditing=true \\\n        --extra-config=apiserver.runtime-config=auditregistration.k8s.io/v1alpha1=true  \n```\n\n\n# Before Installing Alcide kAudit\n\n- [Download helm 3](https://helm.sh/docs/intro/install/)\n    ```bash\n   curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 \u0026\u0026 \\\n   chmod 700 get_helm.sh \u0026\u0026 \\\n   ./get_helm.sh\n    ```\n- Make sure you have the Image registry pull secret key from Alcide\n\n# Installation Examples\n\n### Kubernetes Webhook\n\n```bash\nhelm upgrade -i kaudit deploy/charts/kaudit --set clusterName=\"mycluster\" --set k8s.mode=\"webhook\" --set image.pullSecretToken=\"YourAlcideToken\"\n```\n\n### Kubernetes AuditSink\n\n```bash\nhelm upgrade -i kaudit deploy/charts/kaudit --set clusterName=\"mycluster\" --set image.pullSecretToken=\"YourAlcideToken\"\n```\n\nor use the interactive wizard to generate a YAML:\n\n```bash\ndeploy/install/kaudit-deployment-wizard.sh\n```\n\nAnd than run:\n\n```bash\nkubectl port-forward -n alcide-kaudit svc/kaudit-mycluster  7000:443\n```\n\nPoint your browser to https://localhost:7000\n\n# Access Alcide kAudit From Outside The Cluster\n\n## Kubernetes Ingress Controller\n\nNotes:\n- You should have a DNS entry that points to the cluster\n- By default self-signed certificates are generated\n- See chart [values.yaml](deploy/charts/kaudit/values.yaml) on how to use external certificates\n- The default domain in this example: *secops.mycompany.com*\n- Use `--set ingress.subDomain=\"yourdomain.com\"` to customise the sub-domain used to expose your Alcide kAudit analyzer(s).\n\n\n### *Create KIND Cluster*\n```bash\nkind create cluster --config hack/kind-config.yaml --image kindest/node:v1.16.4 --name kaudit-v1.16\n```\n\n### *Install Kubernetes Ingress Controller*\n\n  ```bash\n  helm upgrade -i kaudit-ingress stable/nginx-ingress --namespace alcide-kaudit --set controller.daemonset.useHostPort=true --set controller.service.enabled=false --set controller.kind=\"DaemonSet\" --set controller.ingressClass=\"kaudit-ingress\"\n  ```\n\n### *Install Alcide kAudit*\n\n   ```bash \n   helm upgrade -i kaudit deploy/charts/kaudit --set clusterName=\"mycluster\" --set ingress.enable=true\n   ```\n\nTest that Alcide kAudit is exposed through \n\n```bash\ncurl  -D-  -k https://localhost:443/  -H 'Host: kaudit-mycluster.secops.mycompany.com'\n```\n\n\n# Integration with Hashicorp Vault\n\n\u003e**See Vault Agent Injector guide [here]( https://www.hashicorp.com/blog/injecting-vault-secrets-into-kubernetes-pods-via-a-sidecar/)**\n\n\n#### Create kAudit Vault Policy\n\n```bash\nkubectl -n demo exec -ti vault-0 /bin/sh\ncat \u003c\u003cEOF \u003e /home/vault/kaudit-policy.hcl\npath \"secret/data/alcide/kaudit-*\" {\n  capabilities = [\"read\"]\n}\nEOF\n```\n\n```bash\nvault policy write kaudit /home/vault/kaudit-policy.hcl\n```\n\n### Vault Kubernetes Integration\n\n\u003e ```kubectl -n demo exec -ti vault-0 /bin/sh```\n\n```bash\nvault auth enable kubernetes\n\nvault write auth/kubernetes/config \\\n   token_reviewer_jwt=\"$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" \\\n   kubernetes_host=https://${KUBERNETES_PORT_443_TCP_ADDR}:443 \\\n   kubernetes_ca_cert=@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt\n```\n\n### Configure kAudit in Vault\n\nNote how kAudit is installed into the cluster:\n* namespace \n* service account \n\n```bash\nvault write auth/kubernetes/role/kaudit-mycluster \\\n   bound_service_account_names=alcide-k8s-kaudit-mycluster \\\n   bound_service_account_namespaces=alcide-kaudit \\\n   policies=kaudit \\\n   ttl=1h\n```\n\nCreate a vault secret for the kAudit instance being deployed:\n\n```bash\n vault kv put secret/alcide/kaudit-mycluster \\\n    token=''  \\\n    prometheusToken=''  \\\n    gkeToken='' \\\n    aksConnectionString=''  \\\n    awsSecretAccessKey='somesecret'\n```\n\n### Install Alcide kAudit\n\n\u003e * Download helm 3\n\u003e * Make sure you have the Image registry key from Alcide\n\nInteractive wizard:\n```bash\ndeploy/install/kaudit-deployment-wizard.sh\n```\n\n#### Helm (v3 and onward)\n\n**Vault Agent Injector**\n\n```bash\nhelm upgrade -i kaudit deploy/charts/kaudit --set clusterName=\"mycluster\" --set vault.mode=\"agent-inject\"\n```\n**Vault**\n\n```bash\nhelm upgrade -i kaudit deploy/charts/kaudit --set clusterName=\"mycluster\" --set vault.mode=\"vault\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falcideio%2Fkaudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falcideio%2Fkaudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falcideio%2Fkaudit/lists"}