Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/darkbitio/k8s-mirror

Creates a local mirror of a Kubernetes cluster in a docker container to support offline reviewing
https://github.com/darkbitio/k8s-mirror

Last synced: 4 months ago
JSON representation

Creates a local mirror of a Kubernetes cluster in a docker container to support offline reviewing

Host: GitHub
URL: https://github.com/darkbitio/k8s-mirror
Owner: darkbitio
License: mit
Archived: true
Created: 2021-01-30T21:52:28.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2021-01-30T21:57:20.000Z (about 4 years ago)
Last Synced: 2024-08-01T12:19:39.740Z (7 months ago)
Language: Ruby
Size: 5.86 KB
Stars: 338
Watchers: 32
Forks: 23
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# K8s-mirror

## Why?

To enable high-fidelity, offline review of Kubernetes clusters as a part of Darkbit's cloud and Kubernetes security [consulting services offerings](https://darkbit.io/services/), a simple script to export all K8s resources from a cluster was developed. A modified version of this script is included in this repository as `kube-exporter.sh`.

The original goal of this export format was to support ingestion by the [OpenCSPM](https://github.com/opencspm/opencspm) analysis platform. However, there are instances where analysis is best performed with a quick run of `kubectl`. Without having direct access to a client's cluster, a "mirror" cluster is needed.

## What?

Using the `kube-exporter.sh` in this repo, all the resources in a target cluster are exported to a local, new-line delimited json format. To view, this data, another instance of etcd and the kube-apiserver are needed, so that's what is baked into the container specified by this Dockerfile. The idea is that a local docker container running just the barebones components needed can be populated with the raw exported data directly into etcd.

## How?

* Clone the repository
* Run `kube-exporter.sh` against the target cluster. It's output file should be named `.json`.
* Copy `.json` to `data/import.json`
* Modify the `Dockerfile` to use the correct `K8S_VERSION`
* Run `make build` to build the docker container.
* Run `make run` to launch the "mirror" cluster container. This container runs etcd, loads the data from `/data/import.json` into etcd, and then launches an _insecure_ API server. That is, it runs without TLS, listens on `localhost:31337` and requires a simple token for authentication as `cluster-admin`.
* Run `export KUBECONFIG=kubeconfig.honk`
* Run `kubectl get pods -A` to query for pods in the "mirror" cluster container.
* When done, kill the container to clean up.

## Warning!

This is a working proof of concept and "pre-alpha" quality. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.