github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-01 16:29:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
v2.0.261
kubescape/httphandler
History
David Wertenteil 93574736cd update http handler
2022-04-14 11:05:45 +03:00
..
examples
remove v1 format
2022-04-10 16:26:59 +03:00
handlerequests/v1
update http handler
2022-04-14 11:05:45 +03:00
listener
update pkg struct
2022-04-10 18:06:28 +03:00
build.py
update pkg struct
2022-04-10 18:06:28 +03:00
go.mod
update go mod
2022-04-13 15:47:26 +03:00
go.sum
update go mod
2022-04-13 15:47:26 +03:00
main.go
update pkg struct
2022-04-10 18:06:28 +03:00
README.md
update http handler
2022-04-14 11:05:45 +03:00

README.md

Kubescape HTTP Handler Package

This is a beta version, we might make some changes before publishing the official Prometheus support

Running kubescape will start up a webserver on port 8080 which will serve the following paths:

  • POST /v1/scan - Trigger a kubescape scan. The server will return an ID and will execute the scanning asynchronously
    • wait: scan synchronously (return results and not ID). Use only in small clusters are with an increased timeout
  • GET /v1/results - Request kubescape scan results
    • query id=<string> -> ID returned when triggering the scan action. If empty will return latest results (not supported)
    • query remove -> Remove results from storage after reading the results
  • DELETE /v1/results - Delete kubescape scan results from storage. If empty will delete latest results (not supported)
    • query id=<string>: Delete ID of specific results
    • query all: Delete all cached results
  • GET/POST /v1/metrics - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
  • /livez - will respond 200 is server is alive
  • /readyz - will respond 200 if server can receive requests

Trigger Kubescape scan

POST /v1/results body:

{
    "format": <str>,               // results format [default: json] (same as 'kubescape scan --format')
    "excludedNamespaces": [<str>], // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
    "includeNamespaces": [<str>],  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
    "useCachedArtifacts"`: <bool>, // use the cached artifacts instead of downloading (offline support)
    "submit": <bool>,              // submit results to Kubescape cloud (same as 'kubescape scan --submit')
    "hostScanner": <bool>,         // deploy kubescape K8s host-scanner DaemonSet in the scanned cluster (same as 'kubescape scan --enable-host-scan')
    "keepLocal": <bool>,           // do not submit results to Kubescape cloud (same as 'kubescape scan --keep-local')
    "account": <str>,              // account ID (same as 'kubescape scan --account')
    "targetType": <str>,           // framework/control
    "targetNames": [<str>]         // names. e.g. when targetType==framework, targetNames=["nsa", "mitre"]
}

Default scan

  1. Trigger kubescape scan
curl --header "Content-Type: application/json" --request POST --data '{}' http://127.0.0.1:8080/v1/scan -o scan_id
  1. Get kubescape scan results
curl --request GET http://127.0.0.1:8080/v1/results?id=$(cat scan_id)

Scan single namespace with specific framework

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"hostScanner":true, "submit":true}' \
  http://127.0.0.1:8080/v1/scan

Scan single namespace with specific framework

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"hostScanner":true, "submit":true, "includeNamespaces": ["ks-scanner"], "targetType": "framework", "targetNames": ["nsa"] }' \
  http://127.0.0.1:8080/v1/scan

Examples

Reference in New Issue View Git Blame Copy Permalink