KubeEye - Kubernetes Inspection & Security Tool for Risk Detection

KubeEye - Kubernetes Inspection & Security Tool for Risk Detection

KubeEye is a cloud-native inspection tool designed for Kubernetes clusters. It helps identify and resolve risks, misconfigurations, and other issues using predefined and custom rules.

This guide provides step-by-step instructions for installation, configuration, and usage of KubeEye.

Quick Start

Installation
Download the Installation Package

VERSION=v1.0.3
wget https://github.com/kubesphere/kubeeye/releases/download/${VERSION}/kubeeye-offline-${VERSION}.tar.gz
tar -zxvf kubeeye-offline-${VERSION}.tar.gz
cd kubeeye-offline-${VERSION}

Offline Installation

  • Import the images in the images folder into your local container repository.
  • Modify the image repository in chart/kubeeye/values.yaml as required.

Install Using Helm

helm upgrade --install kubeeye chart/kubeeye -n kubeeye-system --create-namespace

Usage

Import Inspect Rules

  • The installation package includes demo rules in the rules directory.

  • Customize these rules as needed and apply them:

kubectl apply -f rules

Create an Inspection Plan

Define an inspection plan using a YAML file:

cat > plan.yaml << EOF
apiVersion: kubeeye.kubesphere.io/v1alpha2
kind: InspectPlan
metadata:
  name: inspectplan
spec:
  schedule: "* */12 * * ?" # Run every 12 hours
  maxTasks: 10             # Retain up to 10 results
  suspend: false           # Do not pause periodic inspections
  timeout: 10m             # Timeout after 10 minutes
  ruleNames:
    - name: configmap-inspect-rules
    - name: deployment-inspect-rules
    - name: pod-inspect-rules
    # Add more rules as needed
EOF

kubectl apply -f plan.yaml

Obtain Inspection Reports

1.View inspection results:

kubectl get inspectresult

2.Download the report:

curl http://<svc-ip>:9090/kapis/kubeeye.kubesphere.io/v1alpha2/inspectresults/<result-name>?type=html -o inspectReport.html

3.Open the report in a browser for detailed analysis.

Web Console Access

1.Expose the KubeEye API server as a NodePort service:

kubectl -n kubeeye-system expose deploy kubeeye-apiserver --port=9090 --type=NodePort --name=ke-apiserver-node-port

2.Access the inspection report in your browser:

http://<node-address>:<node-port>/kapis/kubeeye.kubesphere.io/v1alpha2/inspectresults/<result-name>?type=html

Supported Rules

KubeEye supports various inspection rules, including:

  • OPA (Open Policy Agent) Rules

  • PromQL (Prometheus Query Language) Rules

  • File Change Detection

  • Kernel Parameter Configuration Checks

  • Systemd Service Status Monitoring

  • Node Basic Information Analysis

  • File Content Inspection

  • Service Connectivity Tests

By following this guide, you can efficiently install, configure, and utilize KubeEye to maintain optimal health and performance of your Kubernetes clusters. You can learn more and Download KubeEye in GitHub.

Upgrade Your Cybersecurity Skills EHA: Learn 150+ Practical Cyber Security Courses Online With Life Time Access - Enroll Here

 

Back to blog