k9s icon indicating copy to clipboard operation
k9s copied to clipboard

Published 20 hours ago verified publisher icon derailed

Aqua Starboard Integration

Open tks98 opened this issue 3 years ago • 5 comments




Is your feature request related to a problem? Please describe.

I use Aqua Starboard for automating several types of security scans on Kubernetes. These scan reports are saved as CRDs and the starboard cli tool can generate html reports for these CRDs.

There are only two tools to visualize/summarize the report crds, Lens and Octant (as far as I know). Currently, I use the starboard cli for report generation, and the Lens extension for viewing a summary of the CRDs. I felt an implementation consolidating these in k9s could be beneficial.

Describe the solution you'd like

I already added this functionality to k9s in my fork, and I have found it to be very useful for personal use. I am opening this issue to see if this would be something useful to be added k9s officially. If so, I can submit a PR for review.

Additional context

This is what I brainstormed and eventually added to my k9s fork

  • views for each of the starboard report crds (vulnerability, config audit, kube-bench, and kube-hunter)
  • hitting x on a starboard report crd opens a summary view
  • created a starboard plugin where a user can hit g when viewing a k8s workload to generate a html report using the starboard cli, hit Shift-S to initiate scans for the selected workload, Shift-H to initiate a kube-hunter scan, and Shift-B to initiate a kube-bench scan for all nodes.

I have attached a few screenshots showing some of this functionality. Please let me know if this is something to submit a PR for, or any feedback/suggestions. Thanks!!

Vulnerability report crd summary k9s (summaries also added for the other starboard crd report types)

k9s view

Vulnerability report crd summary Lens extension

lens view

HTML report generation plugin

k9s generate-report

Initiate scans for a selected Kubernetes workload

k9s scan workload

tks98 avatar Feb 15 '22 04:02 tks98

Kindly bumping this issue again. Is this something which could warrant a PR/review? My co-workers and I use this very often and have found it to be useful for working with Aqua starboard.

If its integrated we could even open a PR with the starboard folks to add k9s as another UI/Dashboard for starboard crds, and another method for running scans, which could bring more users to use k9s overall.

If we feel its too niche, please let me know and I will close. Thanks!

tks98 avatar May 04 '22 22:05 tks98

Sounds interesting @tks98, did you open a PR for it?

I can give a shot to test and maybe review it.

bryanasdev000 avatar Jun 29 '22 05:06 bryanasdev000

Sounds interesting @tks98, did you open a PR for it?

I can give a shot to test and maybe review it.

Thanks for the reply. Since I opened this starboard has added a few more report CRD types. I'll add those to my changes and open a PR.

tks98 avatar Jun 29 '22 22:06 tks98

@tks98 Thank you for this Travis!! I think it totally makes sense. Could this report be run using k9s plugins as it seems it just execs in and we would not have to maintain this dependency in code?

derailed avatar May 21 '23 14:05 derailed

How does this differ from the vulnerability score system? I understand that there are more details here, but are they also overlapping?

alexanderkjeldaas avatar Mar 23 '24 19:03 alexanderkjeldaas