github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-03-03 02:00:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.0.223
kubescape/httphandler
History
dwertent d0e2730518 add cautils to core
2022-03-13 18:14:48 +02:00
..
handlerequests/v1
add cautils to core
2022-03-13 18:14:48 +02:00
listener
add cautils to core
2022-03-13 18:14:48 +02:00
go.mod
add cautils to core
2022-03-13 18:14:48 +02:00
go.sum
add cautils to core
2022-03-13 18:14:48 +02:00
ks-prometheus-support.yaml
Adding readme and yaml
2022-02-10 20:41:28 +02:00
main.go
add cautils to core
2022-03-13 18:14:48 +02:00
README.md
add cautils to core
2022-03-13 18:14:48 +02:00

README.md

Kubescape HTTP Handler Package

This is a beta version, we might make some changes before publishing the official Prometheus support

Running kubescape will start up a webserver on port 8080 which will serve the following paths:

  • POST /v1/scan - Trigger a kubescape scan. The server will return an ID and will execute the scanning asynchronously
    • synchronously: scan synchronously (return results and not ID). Use only in small clusters are with an increased timeout
  • GET /v1/results - Request kubescape scan results
    • query id=<string> -> ID returned when triggering the scan action. If empty will return latest results
    • query remove -> Remove results from storage after reading the results
  • DELETE /v1/results - Delete kubescape scan results from storage If empty will delete latest results
    • query id=<string>: Delete ID of specific results
    • query all: Delete all cached results
  • GET/POST /v1/metrics - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
  • /livez - will respond 200 is server is alive
  • /readyz - will respond 200 if server can receive requests

Trigger Kubescape scan

POST /v1/results body:

{
    "format": "",               // results format [default: json] (same as 'kubescape scan --format')
    "excludedNamespaces": null, // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
    "includeNamespaces": null,  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
    "submit": false,            // submit results to Kubescape cloud (same as 'kubescape scan --submit')
    "hostScanner": false,       // deploy kubescape K8s host-scanner DaemonSet in the scanned cluster (same as 'kubescape scan --enable-host-scan')
    "keepLocal": false,         // do not submit results to Kubescape cloud (same as 'kubescape scan --keep-local')
    "account": ""               // account ID (same as 'kubescape scan --account')
}

e.g.:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"account":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX","hostScanner":true, "submit":true}' \
  http://127.0.0.1:8080/v1/scan

Installation into kubernetes

The yaml file will deploy one instance of kubescape (with all relevant dependencies) to run on your cluster

NOTE Make sure the configurations suit your cluster (e.g. serviceType, namespace, etc.)

Reference in New Issue View Git Blame Copy Permalink