A privacy-focused, local-only security dashboard for monitoring Kubernetes cluster security using eBPF and Cilium. All metrics and data stay within your infrastructure.
- Local-Only Monitoring: All metrics and data remain within your infrastructure
- No External Dependencies: Monitoring stack runs entirely on your cluster
- Zero Data Export: No metrics or logs leave your environment
- Self-Contained: Similar architecture to Kafka + Grafana setups
-
Network Security:
- Layer 7 policy enforcement
- Network encryption
- Service mesh integration
- Traffic monitoring
-
Threat Detection:
- Anomaly detection
- Behavioral analysis
- Policy violation alerts
- Real-time monitoring
-
Access Control:
- RBAC integration
- Policy enforcement
- Audit logging
- Authentication tracking
- Kubernetes cluster (local or remote)
- Helm 3.x
- kubectl
- Node.js 18+
- Install Kind (Kubernetes in Docker):
# On Linux
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
# Create cluster
kind create cluster --name security-cluster- Install Cilium:
# Add Helm repository
helm repo add cilium https://helm.cilium.io/
helm repo update
# Install Cilium
helm install cilium cilium/cilium --namespace kube-system \
--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true \
--set monitoring.enabled=true
# Enable Hubble
cilium hubble enable- Install Prometheus Stack:
# Add Helm repository
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# Install Prometheus
helm install prometheus prometheus-community/kube-prometheus-stack \
--namespace monitoring \
--create-namespace- Clone and install dependencies:
git clone https://github.com/AdityaSeth777/ShieldK8s
cd ShieldK8s
npm install- Configure environment variables:
cp .env.example .envEdit .env with your configuration:
VITE_SUPABASE_URL=your-project-url
VITE_SUPABASE_ANON_KEY=your-anon-key- Start the development server:
npm run dev- CPU and Memory usage
- Network traffic analysis
- Pod security status
- Policy compliance
- Real-time connection tracking
- Traffic visualization
- Policy violations
- Protocol analysis
- Real-time security alerts
- Severity classification
- Custom alert rules
- Notification system
Apply basic network policies:
kubectl apply -f k8s/policies/default-deny.yaml
kubectl apply -f k8s/policies/allowed-namespaces.yaml- Access Prometheus:
kubectl port-forward svc/prometheus-server 9090:9090 -n monitoring- Access Grafana:
kubectl port-forward svc/grafana 3000:3000 -n monitoringDefault Grafana credentials:
- Username: admin
- Password: prom-operator
Access Hubble UI:
kubectl port-forward svc/hubble-ui 12000:80 -n kube-systemβββ src/
β βββ components/ # React components
β βββ hooks/ # Custom React hooks
β βββ pages/ # Page components
β βββ store/ # State management
β βββ types/ # TypeScript types
β βββ utils/ # Utility functions
βββ k8s/ # Kubernetes manifests
β βββ policies/ # Network policies
βββ api/ # Backend API
- Create new components in
src/components/ - Add routes in
src/App.tsx - Update types in
src/types/ - Add network policies in
k8s/policies/
Comprehensive documentation is available at /docs in the application, covering:
- Kubernetes setup
- Cilium & eBPF configuration
- Monitoring setup
- CLI tools
- Security policies
- Troubleshooting
- Fork the repository
- Create a feature branch
- Submit a pull request
I will be improving this project.
Contact: [email protected]
π If you like this project, give it a β and share it with friends!
