netfetch
netfetch copied to clipboard
deggja
Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.
Hello, it would be great to have some relevant metrics exposed running netfetch in dashboard mode.
Add support for antrea network policy CRD's, NetworkPolicy and ClusterNetworkPolicy https://antrea.io/docs/v2.0.0/docs/antrea-network-policy/ What do you think @deggja?
Description: Currently, a pod will be marked as covered if it is targeted by a policy. We dont do much as far as analysing the ingress and egress rules inside...
Will be updated with more information later. Network policy suggestions end up setting the name to unknown on certain occassions. The suggestNetworkPolicy function expects the recommended kubernetes.io/name label on applications,...
The dashboard should expose relevant prometheus compatible metrics related to the scan results. - [ ] Expose relevant metrics - [ ] Implement prometheus endpoint - [ ] Expose metrics...
- [x] Support for installing on Linux via `brew` (current tap installs the macOS binary onto an amd64 Linux machine instead of failing) - [ ] Add support for installing...
Description: The app should be checking whether a default deny all policy applies to both ingress and egress rules within the network policy - and not just if one of...
Description: if there is a cluster wide default deny policy in place - the scan will stop, and all pods in the cluster are deemed covered by that policy. It...
Description: Currently, all pods in a non-system namespace will be scanned. That includes pods in a completed or a failing state. I cant think of any scenarios where this would...
Can you please consider adding support for scanning `Ingress` resources in the `netfetch`tool. This will help users identify potential security gaps related to external access and traffic routing in their...
