Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reporting for ingress and virtual services #25

Open
nyrahul opened this issue Jan 17, 2024 · 0 comments
Open

reporting for ingress and virtual services #25

nyrahul opened this issue Jan 17, 2024 · 0 comments

Comments

@nyrahul
Copy link
Contributor

nyrahul commented Jan 17, 2024

Currently k8tls reports mostly for east-west traffic based on k8s services.

However, the external traffic is delivered through virtualservices, gateways, and ingress controllers. It should be possible to scan these endpoints using k8tls and will be more valuable.

❯ k get virtualservices.networking.istio.io -A
NAMESPACE                NAME                               GATEWAYS                                 HOSTS                             AGE
accuknox-dev-divy        divy-virtual-service               ["istio-system/divy-gateway"]            ["cspm.dev.accuknox.com"]         132d
accuknox-dev-divy        divy-wildcard-virtual-service      ["istio-system/divy-wildcard-gateway"]   ["*.cspm.dev.accuknox.com"]       57d
accuknox-dev-saltstack   saltmaster-virtual-service         ["saltmaster-gateway"]                   ["*"]                             110d
accuknox-dev-soarcast    redis-virtual-service              ["redis-gateway"]                        ["redis.dev.accuknox.com"]        132d
istio-system             api-dev-accuknox-com-virtual-svc   ["dev-gateway"]                          ["cwpp.dev.accuknox.com"]         132d
wildcard-test            nginx-virtual-service              ["istio-system/nginx-gateway"]           ["test.wild-test.accuknox.com"]   63d

❯ k get gw -A
NAMESPACE                NAME                    AGE
accuknox-dev-saltstack   saltmaster-gateway      110d
accuknox-dev-soarcast    redis-gateway           132d
istio-system             dev-gateway             132d
istio-system             divy-gateway            62d
istio-system             divy-wildcard-gateway   57d
wildcard-test            nginx-gateway           63d


❯ k get gw -n istio-system             divy-wildcard-gateway -o yaml
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"networking.istio.io/v1beta1","kind":"Gateway","metadata":{"annotations":{},"name":"divy-wildcard-gateway","namespace":"istio-system"},"spec":{"selector":{"app":"istio-ingressgateway"},"servers":[{"hosts":["*.cspm.dev.accuknox.com"],"port":{"name":"https","number":443,"protocol":"HTTPS"},"tls":{"credentialName":"dev-cspm-wildcard","mode":"SIMPLE"}}]}}
  creationTimestamp: "2023-11-21T10:55:58Z"
  generation: 1
  name: divy-wildcard-gateway
  namespace: istio-system
  resourceVersion: "223430089"
  uid: 7ca6f02a-b95a-4822-91fa-adaa0beb1a06
spec:
  selector:
    app: istio-ingressgateway
  servers:
  - hosts:
    - '*.cspm.dev.accuknox.com'
    port:
      name: https
      number: 443
      protocol: HTTPS
    tls:
      credentialName: dev-cspm-wildcard
      mode: SIMPLE
@anurag-rajawat anurag-rajawat mentioned this issue May 20, 2024
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nyrahul