From 7c13552c73f555764f8f3f56c7282efd8a90a23a Mon Sep 17 00:00:00 2001 From: shaneboulden Date: Tue, 30 Jan 2024 13:27:24 +1000 Subject: [PATCH] docs: document verbose commands --- README.md | 2 -- docs/kacti/docs/kacti-trials/kacti-trials.md | 32 +++++++++++++++++-- .../docs/kacti-trials/trials-from-file.md | 4 +-- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index db65b5d..6982c2b 100644 --- a/README.md +++ b/README.md @@ -23,8 +23,6 @@ yes Run `kacti`: ``` $ kacti trials --deploy --namespace kacti --image quay.io/smileyfritz/log4shell-app:v0.5 log4shell -Setting up kubeconfig from: /home/user/.kube/config -Running trial: log4shell { ns: kacti / img: quay.io/smileyfritz/log4shell-app:v0.5 } -> Success, Deployment scaled to zero replicas ``` You can find more `kacti` guides in the [docs](https://kacti.dev/docs/intro). diff --git a/docs/kacti/docs/kacti-trials/kacti-trials.md b/docs/kacti/docs/kacti-trials/kacti-trials.md index 466363f..5ccb049 100644 --- a/docs/kacti/docs/kacti-trials/kacti-trials.md +++ b/docs/kacti/docs/kacti-trials/kacti-trials.md @@ -8,10 +8,11 @@ When a ship is newly constructed or comes out of a significant refit period it w In a similar way, `kacti` uses trials to validate Kubernetes admission control. How does the admission controller perform - does it block workloads containing critical CVEs, or trying to expose SSH? Does it permit valid workloads to be accepted by the cluster? -Each trial represents a distinct test, validating whether the container image / configuration is blocked, or accepted by the Kubernetes cluster. +Each trial represents a distinct test, validating whether the container image / configuration is blocked, or accepted by the Kubernetes cluster. Trials consist of a Kubernetes API under test (currently only Deployments are supported), a name and description, a namespace, and an image. +## Running trials You can run trials using the following command: ``` $ kacti trials --deploy --namespace kacti --image quay.io/smileyfritz/log4shell-app:v0.5 log4shell @@ -24,7 +25,34 @@ In this example: `kacti` will display the result of the trial. If the deployment was successfully created and scaled up, the result will be a `failure`. Otherwise, if the deployment creation was blocked, or the number of replicas was scaled to zero, the result will be `success`. ``` $ kacti trials --deploy --namespace kacti --image quay.io/smileyfritz/log4shell-app:v0.5 log4shell + -> Success, Deployment scaled to zero replicas +``` +## Using short-hand +`kacti` also accepts short-hand flags for imperative trials. You can see all of the options using `kacti trials -h`. +``` +Perform functional verification trials against Kubernetes admission controllers. + +Usage: + kacti trials [flags] + +Flags: + -d, --deploy Run a deployment trial + -f, --file Run a set of trials from a file + -h, --help help for trials + -i, --image string Image for the trial + -n, --namespace string Namespace for the trial + -v, --verbose Verbose output +``` +You can see an example here: +``` +$ kacti trials -d -n kacti -i quay.io/smileyfritz/log4shell-app:v0.5 log4shell +``` + +## More trial details +You can get more detail on trial activity using the `--verbose` flag: +``` +$ kacti trials --deploy --namespace kacti --image quay.io/smileyfritz/log4shell-app:v0.5 log4shell --verbose Setting up kubeconfig from: /home/user/.kube/config Running trial: log4shell { ns: kacti / img: quay.io/smileyfritz/log4shell-app:v0.5 } - -> Success, Deployment scaled to zero replicas + -> Success, Deployment creation was blocked ``` \ No newline at end of file diff --git a/docs/kacti/docs/kacti-trials/trials-from-file.md b/docs/kacti/docs/kacti-trials/trials-from-file.md index cab7e26..f5e75b1 100644 --- a/docs/kacti/docs/kacti-trials/trials-from-file.md +++ b/docs/kacti/docs/kacti-trials/trials-from-file.md @@ -40,10 +40,8 @@ $ cat << EOF > kacti.yaml EOF $ kacti trials --file kacti.yaml -Setting up kubeconfig from: /home/user/.kube/config -Using trials from: kacti.yaml Running trial: log4shell { ns: kacti / img: quay.io/smileyfritz/log4shell-app:v0.5 } Results: log4shell { ns: kacti / img:quay.io/smileyfritz/log4shell-app:v0.5 } -> Success, Deployment scaled to zero replicas -``` +``` \ No newline at end of file