reporting for ingress and virtual services

[nyrahul]

Currently k8tls reports mostly for east-west traffic based on k8s services.

However, the external traffic is delivered through virtualservices, gateways, and ingress controllers. It should be possible to scan these endpoints using k8tls and will be more valuable.

❯ k get virtualservices.networking.istio.io -A
NAMESPACE                NAME                               GATEWAYS                                 HOSTS                             AGE
accuknox-dev-divy        divy-virtual-service               ["istio-system/divy-gateway"]            ["cspm.dev.accuknox.com"]         132d
accuknox-dev-divy        divy-wildcard-virtual-service      ["istio-system/divy-wildcard-gateway"]   ["*.cspm.dev.accuknox.com"]       57d
accuknox-dev-saltstack   saltmaster-virtual-service         ["saltmaster-gateway"]                   ["*"]                             110d
accuknox-dev-soarcast    redis-virtual-service              ["redis-gateway"]                        ["redis.dev.accuknox.com"]        132d
istio-system             api-dev-accuknox-com-virtual-svc   ["dev-gateway"]                          ["cwpp.dev.accuknox.com"]         132d
wildcard-test            nginx-virtual-service              ["istio-system/nginx-gateway"]           ["test.wild-test.accuknox.com"]   63d

❯ k get gw -A
NAMESPACE                NAME                    AGE
accuknox-dev-saltstack   saltmaster-gateway      110d
accuknox-dev-soarcast    redis-gateway           132d
istio-system             dev-gateway             132d
istio-system             divy-gateway            62d
istio-system             divy-wildcard-gateway   57d
wildcard-test            nginx-gateway           63d


❯ k get gw -n istio-system             divy-wildcard-gateway -o yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"divy-wildcard-gateway","namespace":"istio-system"},"spec":{"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.cspm.dev.accuknox.com"],"port":{"name":"https","number":443,"protocol":"HTTPS"},"tls":{"credentialName":"dev-cspm-wildcard","mode":"SIMPLE"}}]}}
  creationTimestamp: "2023-11-21T10:55:58Z"
  generation: 1
  name: divy-wildcard-gateway
  namespace: istio-system
  resourceVersion: "223430089"
  uid: 7ca6f02a-b95a-4822-91fa-adaa0beb1a06
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - hosts:
    - '*.cspm.dev.accuknox.com'
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: dev-cspm-wildcard
      mode: SIMPLE