Need help with preflight?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

jetstack
207 Stars 19 Forks Apache License 2.0 285 Commits 6 Opened issues

Description

Automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA)

Services available

!
?

Need anything else?

Contributors list

Build Status Go Report Card

Jetstack Preflight

Preflight is a tool to automatically perform Kubernetes cluster configuration checks using Open Policy Agent (OPA).

This repository hosts the agent part of Preflight. It sends data to the Preflight SaaS platform.

Table of Contents

Project Background

Preflight was originally designed to automate Jetstack's production readiness assessments. These are consulting sessions in which a Jetstack engineer inspects a customer's cluster to suggest improvements and identify configuration issues. The product of this assessment is a report which describes any problems and offers remediation advice.

While these assessments have provided a lot of value to many customers, with a complex system like Kubernetes it's hard to thoroughly check everything. Automating the checks allows them to be more comprehensive and much faster.

The automation also allows the checks to be run repeatedly, meaning they can be deployed in-cluster to provide continuous configuration checking. This enables new interesting use cases as policy compliance audits.

Agent

The Preflight agent uses data gatherers to collect required data from Kubernetes and cloud provider APIs before formatting it as JSON for analysis. Once data has been collected, it is sent to the configured backend.

To run the Agent locally you can run:

preflight agent --agent-config-file ./path/to/agent/config/file.yaml

Or, to build and run a version from master:

go run main.go agent --agent-config-file ./path/to/agent/config/file.yaml

You can find the example agent file here.

You might also want to run a local echo server to monitor requests the agent sends:

go run main.go echo

Packages

Policies for cluster configuration are encoded into Preflight packages. Each package focuses on a different infrastructure component, for example the

gke
package provides rules for the configuration of a GKE cluster.

Preflight packages are implemented using Open Policy Agent with evaluation taking place in the SaaS backend.

Installation

Please follow the instructions at platform.jetstack.io for the latest installation instructions.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.