To enable high-fidelity, offline review of Kubernetes clusters as a part of Darkbit's cloud and Kubernetes security consulting services offerings, a simple script to export all K8s resources from a cluster was developed. A modified version of this script is included in this repository as
The original goal of this export format was to support ingestion by the OpenCSPM analysis platform. However, there are instances where analysis is best performed with a quick run of
kubectl. Without having direct access to a client's cluster, a "mirror" cluster is needed.
kube-exporter.sh in this repo, all the resources in a target cluster are exported to a local, new-line delimited json format. To view, this data, another instance of etcd and the kube-apiserver are needed, so that's what is baked into the container specified by this Dockerfile. The idea is that a local docker container running just the barebones components needed can be populated with the raw exported data directly into etcd.
kube-exporter.shagainst the target cluster. It's output file should be named
Dockerfileto use the correct
make buildto build the docker container.
make runto launch the "mirror" cluster container. This container runs etcd, loads the data from
/data/import.jsoninto etcd, and then launches an insecure API server. That is, it runs without TLS, listens on
localhost:31337and requires a simple token for authentication as
kubectl get pods -Ato query for pods in the "mirror" cluster container.
This is a working proof of concept and "pre-alpha" quality. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.