https://github.com/np-guard/baseline-rules-verifier
Verifying that a cluster connectivity satisfies a given set of baseline rules
https://github.com/np-guard/baseline-rules-verifier
kubernetes network-analysis policies security
Last synced: 5 months ago
JSON representation
Verifying that a cluster connectivity satisfies a given set of baseline rules
- Host: GitHub
- URL: https://github.com/np-guard/baseline-rules-verifier
- Owner: np-guard
- License: apache-2.0
- Created: 2021-06-02T05:57:04.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-03-18T04:51:20.000Z (over 1 year ago)
- Last Synced: 2025-05-07T06:46:55.722Z (5 months ago)
- Topics: kubernetes, network-analysis, policies, security
- Language: Python
- Size: 91.8 KB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# baseline-rules-verifier
This application verifies the connectivity in a given Kubernetes cluster
(as defined by its NetworkPolicy resources) against a set of baseline rules.
### Requirements:
* Python 3.8 or above
### Run from a docker image
```commandline
docker run ghcr.io/np-guard/baseline-rules-verifier:1.3.0 -b /baseline-rules-verifier/baseline-rules/examples/allow_access_to_google.yaml -r https://github.com/GoogleCloudPlatform/microservices-demo/tree/main/release https://github.com/np-guard/baseline-rules-verifier/blob/master/tests/netpols/microservices-netpols.yaml
```
### Local Installation:
```commandline
git clone --recurse-submodules https://github.com/np-guard/baseline-rules-verifier.git
cd baseline-rules-verifier
python3 -m venv venv
source venv/bin/activate # the exact script may depend on the shell you are using
pip install -r requirements.txt
```
### Usage:
```
python src/baseline_verify.py -r -b [-b ...]
```
* `repo` is a path or url to the repository where deployments are defined
* `baseline_rules_file` is a yaml file containing a list of baseline rules. See [file format definition](https://github.com/np-guard/baseline-rules#baseline-rules) and [these examples](https://github.com/np-guard/baseline-rules/tree/master/examples)
* `networkpolicy_file` is a yaml file with Kubernetes NetworkPolicies to verify
**For example:**
```commandline
python src/baseline_verify.py -b baseline-rules/examples/allow_access_to_google.yaml -r https://github.com/GoogleCloudPlatform/microservices-demo/tree/main/release tests/netpols/microservices-netpols.yaml
```
**More command-line switches:**
* `--out_file ` - dump all output to `out_file`
* `--pr_url ` - add a PR comment with verification output, using the given API url
* `--format ` - Use the given text_format to format output. Supported formats are "txt" and "md"
* `--ghe_token ` - Use the given token to access GitHub repos