search

cyberark / KubiScan

A tool to scan Kubernetes cluster for risky permissions
GNU General Public License v3.0
1.31k stars 130 forks source link

New Feature: Adding support on contexts #8

Closed g3rzi closed 5 years ago

g3rzi commented 5 years ago

Currently KubiScan is running on the current context (kubectl config current-context) but sometimes there are more contexts.
For example, when using minishift: 

root@ubuntu:~/KubiScan# kubectl config get-contexts
CURRENT   NAME                                         CLUSTER               AUTHINFO                           NAMESPACE
          minikube                                     minikube              minikube                           
*         minishift                                    192-168-42-132:8443   developer/192-168-42-132:8443      myproject
          myproject/192-168-42-132:8443/developer      192-168-42-132:8443   developer/192-168-42-132:8443      myproject
          myproject/192-168-42-132:8443/system:admin   192-168-42-132:8443   system:admin/192-168-42-132:8443   myproject

The current workaround is to set a new current context with use-context:
kubectl config use-context minikube

We want to give kubiscan an option to do it without changed the current context.

g3rzi commented 5 years ago

Tested the changes, works fine. Example: root@ubuntu:~/KubiScan# python3 KubiScan.py -ctx myproject/192-168-42-132:8443/system:admin -rs