{"id":19838524,"url":"https://github.com/metal-stack/droptailer","last_synced_at":"2025-05-01T18:31:24.159Z","repository":{"id":44662623,"uuid":"212775177","full_name":"metal-stack/droptailer","owner":"metal-stack","description":"droptailer visualize iptables/nftables drops in a kubernetes environment","archived":false,"fork":false,"pushed_at":"2024-08-01T09:24:21.000Z","size":156,"stargazers_count":5,"open_issues_count":3,"forks_count":1,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-08-02T07:51:01.528Z","etag":null,"topics":["iptables","kubernetes","nftables"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/metal-stack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-04T09:01:22.000Z","updated_at":"2024-08-02T07:51:01.528Z","dependencies_parsed_at":"2024-04-09T13:42:39.045Z","dependency_job_id":"cdc94bdc-d14e-4946-adcf-44be5487746e","html_url":"https://github.com/metal-stack/droptailer","commit_stats":{"total_commits":79,"total_committers":6,"mean_commits":"13.166666666666666","dds":0.3924050632911392,"last_synced_commit":"c06f5f1bf677edf43582c62ab7222b7a2f3c4c22"},"previous_names":["metal-pod/droptailer"],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fdroptailer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fdroptailer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fdroptailer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fdroptailer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/metal-stack","download_url":"https://codeload.github.com/metal-stack/droptailer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224270179,"owners_count":17283701,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iptables","kubernetes","nftables"],"created_at":"2024-11-12T12:18:02.914Z","updated_at":"2024-11-12T12:18:02.986Z","avatar_url":"https://github.com/metal-stack.png","language":"Go","readme":"# Droptailer\n\nDroptailer gathers firewall drop or accept logs from different machines, enriches them with data from kubernetes api resources and makes them accessible by kubernetes means.\n\n## Client\n\n- reads the systemd journal for kernel log messages about packet drops or accepts\n- pushes them with gRPC to the `droptail` server\n\nenvironment variables:\n\n- `DROPTAILER_SERVER_ADDRESS`: endpoint for the server\n- `DROPTAILER_PREFIXES_OF_DROPS`: prefixes that identify drop messages in the journal\n- `DROPTAILER_PREFIXES_OF_ACCEPTS`: prefixes that identify drop messages in the journal\n\n## Generating certificates\n\n```bash\n# Install cfssl tool\ncurl -s -L -o ~/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64\ncurl -s -L -o ~/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64\nchmod +x ~/bin/{cfssl,cfssljson}\n\n# Create certificates for client and server\necho '{\"CN\":\"CA\",\"key\":{\"algo\":\"rsa\",\"size\":2048}}' | cfssl gencert -initca - | cfssljson -bare ca -\necho '{\"signing\":{\"default\":{\"expiry\":\"43800h\",\"usages\":[\"signing\",\"key encipherment\",\"server auth\",\"client auth\"]}}}' \u003e ca-config.json\nexport ADDRESS=droptailer\nexport NAME=droptailer-server\necho '{\"CN\":\"'$NAME'\",\"hosts\":[\"\"],\"key\":{\"algo\":\"rsa\",\"size\":2048}}' \\\n    | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname=\"$ADDRESS\" - \\\n    | cfssljson -bare $NAME\n\nexport ADDRESS=\nexport NAME=droptailer-client\necho '{\"CN\":\"'$NAME'\",\"hosts\":[\"\"],\"key\":{\"algo\":\"rsa\",\"size\":2048}}' \\\n    | cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname=\"$ADDRESS\" - \\\n    | cfssljson -bare $NAME\n```\n\n## Testing droptailer\n\n```bash\n# install kind 0.6.0 or higher !\nKIND_VERSION=v0.7.0\nwget https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64\nmv kind-linux-amd64 ~/bin/kind\nchmod +x ~/bin/kind\n\n# Create a k8s cluster\nkind create cluster\n\n# Deploy droptailer-server\nkubectl apply -f ./test/manifests/droptailer.yaml\n\n# Expose droptailer-server port to host\npodName=$(kubectl get pods -n firewall -o=jsonpath='{.items[0].metadata.name}')\necho $podName\nkubectl port-forward -n firewall --address 0.0.0.0 pod/$podName 50051:50051 \u0026\n\n# Run droptailer-client\ndocker run -it \\\n  --privileged \\\n  --add-host droptailer:172.17.0.1 \\\n  --env DROPTAILER_SERVER_ADDRESS=droptailer:50051 \\\n  --volume $(pwd)/test/certs:/etc/droptailer-client:ro \\\n  --volume /run/systemd/private:/run/systemd/private \\\n  --volume /var/log/journal:/var/log/journal \\\n  --volume /run/log/journal:/run/log/journal \\\n  --volume /etc/machine-id:/etc/machine-id \\\nmetalstack/droptailer-client\n\n# Watch for drops\nstern -n firewall drop\n\n# Generate sample messages for the systemd journal that is caught by the droptailer-client\nsudo logger -t kernel \"nftables-metal-dropped: IN=vrf09 OUT= MAC=12:99:fd:3b:ce:f8:1a:ae:e9:a7:95:50:08:00 SRC=1.2.3.4 DST=4.3.2.1 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46474 PROTO=TCP SPT=59265 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0\"\nsudo logger -t kernel \"nftables-metal-accepted: IN=vrf10 OUT=vrf11 MAC=12:99:fd:3b:ce:f8:1a:ae:e9:a7:95:50:08:00 SRC=5.6.7.8 DST=8.7.6.5 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46474 PROTO=TCP SPT=59265 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ItIs=OnlyText\"\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetal-stack%2Fdroptailer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetal-stack%2Fdroptailer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetal-stack%2Fdroptailer/lists"}