kubectl-sgmap is a custom kubectl plugin that displays the mapping of ENIs (Elastic Network Interfaces) and security groups assigned to pods in an EKS (Elastic Kubernetes Service) environment with Security Groups for Pods enabled. This plugin helps in auditing and managing pod-to-network associations to ensure security and compliance in Kubernetes clusters.
- Lists ENIs and security groups assigned to each pod.
- Works specifically in EKS environments with Security Groups for Pods enabled.
- Provides an easy-to-read output for network security auditing.
- Kubernetes version: >= 1.30
- EKS environment with Security Groups for Pods enabled
- kubectl: >= 1.30
- AWS CLI configured with necessary permissions
To install kubectl-sgmap, follow these steps:
git clone https://github.com/naka-gawa/kubectl-sgmap.git
cd kubectl-sgmap
make installOnce installed, you can use the plugin with the following command: This command will display a list of ENIs and security groups associated with each pod running in your EKS cluster.
kubectl sgmap pod -n [NameSpace]╰─ k sgmap pod -n test
POD NAME IP ADDRESS ENI ID SECURITY GROUP IDS
xxxxx-123455678-12345 192.168.1.1 eni-123456789abcdefgh [sg-0123456789abcdefg]
xxxxx-123455678-12346 192.168.10.9 eni-123456789abcdefgh [sg-0123456789abcdefg]
~snip~Contributions are welcome! Please open an issue or submit a pull request with any improvements, bug fixes, or new features.
This project is licensed under the MIT License. See the LICENSE file for more details.