Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/metal-stack/droptailer
droptailer visualize iptables/nftables drops in a kubernetes environment
https://github.com/metal-stack/droptailer
iptables kubernetes nftables
Last synced: about 2 months ago
JSON representation
droptailer visualize iptables/nftables drops in a kubernetes environment
- Host: GitHub
- URL: https://github.com/metal-stack/droptailer
- Owner: metal-stack
- License: mit
- Created: 2019-10-04T09:01:22.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2024-08-01T09:24:21.000Z (5 months ago)
- Last Synced: 2024-08-02T07:51:01.528Z (5 months ago)
- Topics: iptables, kubernetes, nftables
- Language: Go
- Size: 152 KB
- Stars: 5
- Watchers: 8
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# Droptailer
Droptailer gathers firewall drop or accept logs from different machines, enriches them with data from kubernetes api resources and makes them accessible by kubernetes means.
## Client
- reads the systemd journal for kernel log messages about packet drops or accepts
- pushes them with gRPC to the `droptail` serverenvironment variables:
- `DROPTAILER_SERVER_ADDRESS`: endpoint for the server
- `DROPTAILER_PREFIXES_OF_DROPS`: prefixes that identify drop messages in the journal
- `DROPTAILER_PREFIXES_OF_ACCEPTS`: prefixes that identify drop messages in the journal## Generating certificates
```bash
# Install cfssl tool
curl -s -L -o ~/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
curl -s -L -o ~/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x ~/bin/{cfssl,cfssljson}# Create certificates for client and server
echo '{"CN":"CA","key":{"algo":"rsa","size":2048}}' | cfssl gencert -initca - | cfssljson -bare ca -
echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","server auth","client auth"]}}}' > ca-config.json
export ADDRESS=droptailer
export NAME=droptailer-server
echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' \
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - \
| cfssljson -bare $NAMEexport ADDRESS=
export NAME=droptailer-client
echo '{"CN":"'$NAME'","hosts":[""],"key":{"algo":"rsa","size":2048}}' \
| cfssl gencert -config=ca-config.json -ca=ca.pem -ca-key=ca-key.pem -hostname="$ADDRESS" - \
| cfssljson -bare $NAME
```## Testing droptailer
```bash
# install kind 0.6.0 or higher !
KIND_VERSION=v0.7.0
wget https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64
mv kind-linux-amd64 ~/bin/kind
chmod +x ~/bin/kind# Create a k8s cluster
kind create cluster# Deploy droptailer-server
kubectl apply -f ./test/manifests/droptailer.yaml# Expose droptailer-server port to host
podName=$(kubectl get pods -n firewall -o=jsonpath='{.items[0].metadata.name}')
echo $podName
kubectl port-forward -n firewall --address 0.0.0.0 pod/$podName 50051:50051 &# Run droptailer-client
docker run -it \
--privileged \
--add-host droptailer:172.17.0.1 \
--env DROPTAILER_SERVER_ADDRESS=droptailer:50051 \
--volume $(pwd)/test/certs:/etc/droptailer-client:ro \
--volume /run/systemd/private:/run/systemd/private \
--volume /var/log/journal:/var/log/journal \
--volume /run/log/journal:/run/log/journal \
--volume /etc/machine-id:/etc/machine-id \
metalstack/droptailer-client# Watch for drops
stern -n firewall drop# Generate sample messages for the systemd journal that is caught by the droptailer-client
sudo logger -t kernel "nftables-metal-dropped: IN=vrf09 OUT= MAC=12:99:fd:3b:ce:f8:1a:ae:e9:a7:95:50:08:00 SRC=1.2.3.4 DST=4.3.2.1 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46474 PROTO=TCP SPT=59265 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0"
sudo logger -t kernel "nftables-metal-accepted: IN=vrf10 OUT=vrf11 MAC=12:99:fd:3b:ce:f8:1a:ae:e9:a7:95:50:08:00 SRC=5.6.7.8 DST=8.7.6.5 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46474 PROTO=TCP SPT=59265 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ItIs=OnlyText"
```