NetSentinel is a Kubernetes-native network security monitoring and policy enforcement tool that provides real-time visibility into network traffic, detects policy violations, and identifies potential security threats.
- 🔒 Network Policy Compliance: Monitor and enforce Kubernetes NetworkPolicy compliance
- 📊 Policy Drift Detection: Detect deviations from defined network policies
- 🚨 Anomaly Detection: Identify suspicious network patterns and traffic anomalies
- 🔄 Lateral Movement Detection: Track and analyze pod-to-pod communication
- 📈 Metrics & Monitoring: Prometheus metrics and Grafana dashboards
- ⚡ Alerting: Configurable alerts for security events
- 🐳 Kubernetes cluster (v1.19+)
- 🔧 eBPF support in the kernel
- 📦 Helm 3.x
- 🛠️ kubectl configured
-
Add the NetSentinel Helm repository:
helm repo add netsentinel https://netsentinel.github.io/charts helm repo update
-
Install NetSentinel:
helm install netsentinel netsentinel/netsentinel \ --namespace monitoring \ --create-namespace
-
Access the dashboards:
- 📊 Grafana:
http://localhost:3000 - 📈 Prometheus:
http://localhost:9090 - ⚡ Alertmanager:
http://localhost:9093
- 📊 Grafana:
metrics:
enabled: true
port: 9090
policy:
drift:
max_age: 24h
cleanup_interval: 1h
anomaly:
detector:
window: 1h
min_samples: 100
thresholds:
traffic_volume: 2.0
connection_rate: 2.0
lateral:
min_connections: 5
analysis_window: 1h
rate_threshold: 10Configure alert receivers in alertmanager.yml:
receivers:
- name: 'slack-notifications'
slack_configs:
- api_url: 'YOUR_SLACK_WEBHOOK'
channel: '#network-alerts'
- name: 'pagerduty-critical'
pagerduty_configs:
- service_key: 'YOUR_PAGERDUTY_KEY'NetSentinel consists of several components:
-
Core Components:
- ✅ Policy Compliance Checker
- 📊 Drift Detector
- 🚨 Anomaly Detector
- 🔄 Lateral Movement Detector
-
Monitoring Stack:
- 📈 Prometheus for metrics collection
- 📊 Grafana for visualization
- ⚡ Alertmanager for alert routing
-
eBPF Components:
- 🔍 Traffic Monitor
- 📦 Packet Analysis
NetSentinel requires privileged access to the host network for eBPF functionality. The following security measures are implemented:
- 👥 RBAC with least privilege
- 🌐 Network policy isolation
- 🔐 Secure metrics endpoints
- 🔒 Encrypted communication
Common issues and solutions:
-
eBPF Loading Failed:
- ✅ Verify kernel version (4.9+)
- 🔍 Check for eBPF support
- 🔐 Ensure privileged mode is enabled
-
Metrics Not Showing:
- ⚙️ Check Prometheus configuration
- 🔍 Verify service endpoints
- 🌐 Check network policies
-
High Resource Usage:
- ⚡ Adjust sampling rate
- 📊 Modify retention periods
- 📈 Scale resources
- 🍴 Fork the repository
- 🌿 Create a feature branch
- 💾 Commit your changes
- 📤 Push to the branch
- 🔄 Create a Pull Request
Apache License 2.0