Jetstack Secure manages your machine identities across Cloud Native Kubernetes and OpenShift environments and builds a detailed view of the enterprise security posture.
This repo contains the open source in-cluster agent of Jetstack Secure, that sends data to the Jetstack Secure SaaS.
Wondering about Preflight? Preflight was the name for the project that was the foundation for the Jetstack Secure platform. It was a tool to perform configuration checks on a Kubernetes cluster using OPA's REGO policy. We decided to incorporate that functionality as part of the Jetstack Secure SaaS service, making this component a basic agent. You can find the old Preflight Check functionality in the git history ( tagged as
preflight-local-checkand you also check this documentation.
Installation
Please review the documentation for the agent before getting started.
The released container images are cryptographically signed by
cosign, with
SLSA provenance and a
CycloneDX SBOM attached. For instructions on how to
verify those signatures and attachments, refer to
this guide.
Local Execution
To build and run a version from master:
go run main.go agent --agent-config-file ./path/to/agent/config/file.yaml -p 0h1m0sYou can find the example agent file here.
You might also want to run a local echo server to monitor requests the agent sends:
go run main.go echoMetrics
The Jetstack-Secure agent exposes its metrics through a Prometheus server, on port 8081.
The Prometheus server is disabled by default but can be enabled by passing the --enable-metrics flag to the agent binary.