Skip to content

Latest commit

 

History

History
99 lines (79 loc) · 5.27 KB

README.md

File metadata and controls

99 lines (79 loc) · 5.27 KB
Raw

GitHub contributors GitHub last commit GitHub GitHub issues GitHub forks

Go Kubernetes Postgres GitHub

k8s-container-integrity-monitor

This program provides integrity monitoring that checks the container's file system to determine if they have been maliciously modified. If the program detects that files have been modified, updated, added, or compromised, it rolls back the deployment to the previous version. This application consists of two repositories: the integrity-sum and the integrity-mutator .

Repository integrity-sum injects hasher-sidecar into your modules as a sidecar container. sidecar integrity is a golang implementation of a hasher that calculates the checksum of files using various algorithms in kubernetes:

  • MD5
  • SHA256
  • SHA1
  • SHA224
  • SHA384
  • SHA512
  • BEE2 (optional)

Repository integrity-mutator implements sidecar container for monitoring.

Architecture

Component diagram

File location: docs/diagrams/projectStructure.png

Activity diagram

File location: docs/diagrams/deployDiagram.png

Statechart diagram

File location: docs/diagrams/appStatechartDiagram.png

Sequence diagram

File location: docs/diagrams/appSequenceDiagram.png

Getting Started

Clone repository and install dependencies

$ cd path/to/install
$ git clone https://github.com/ScienceSoft-Inc/k8s-container-integrity-monitor.git

Initialize and update submodules

$ git submodule init
$ git submodule update --remote

🔨 Installing components

Install minikube

The code only works running inside a pod in Kubernetes. You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using minikube.
Example https://minikube.sigs.k8s.io/docs/start/

Install Docker

To deploy app you need to install docker.
Example https://docs.docker.com/engine/install/

Install Helm

Before using helm charts you need to install helm on your local machine.
You can find the necessary installation information at this link https://helm.sh/docs/intro/install/

Configuration

To work properly, you first need to set the configuration files:

  • values in the file helm-charts/database-to-integrity-sum/values.yaml
  • values in the file helm-charts/demo-apps-to-monitor/values.yaml
  • values in the file helm-charts/mutator/values.yaml

Manual start

  1. You should go to the README.md in the ./integrity-mutator project, set all the configurations and deploy.

  2. You should go to the README.md in the ./integrity-sumproject project, set all the configurations and deploy. However, you need to go to the "Run application" section and configure the dependencies that are indicated by "Need to install dependencies".

Install helm chart from the project root, for example:

helm install app helm-charts/demo-apps-to-monitor

Quick start

Using Makefile

You can use make function.

make all

Troubleshooting

Sometimes you may find that pod is injected with sidecar container as expected, check the following items:

  1. The pod is in running state with integrity sidecar container injected and no error logs.
  2. Check if the application pod has the correct annotations as described above.

License

This project uses the MIT software license. See full license file