szuecs
commented
7 years ago @alexkops you can see all the calls zkubectl (kubectl) does, if you pass --v=9.
API to query to get the information from the default namespace: https://
Open alexkops opened 7 years ago
szuecs
commented
7 years ago @alexkops you can see all the calls zkubectl (kubectl) does, if you pass --v=9.
API to query to get the information from the default namespace: https://
harti2006
commented
7 years ago Thanks for raising the issue. Currently Fullstop has no dedicated K8S support, but just applies its normal rule set to the AWS accounts where the clusters are hosted. We need to improve here.
harti2006
commented
6 years ago PR #520 ignores the Kubernetes ELBs for now. We need to rework a good part of that check anyway, since it does not cover ELBv2 at the moment :-/
Expected behavior
When I see a UNSECURED_PUBLIC_ENDPOINT violation I want to see the offending applications. In terms of a Kubernetes deployment I only see the ELB with an autogenerated ID, but I would like to see the offending application id.
Step needed
From there you need to know how to resolve the application, e.g. with
zkubectl get svc -o wideor by looking up the security group in the AWS console. It would be nice if this could be done in fullstop already.Dependencies
K8s apis?