Metadata-Version: 2.4
Name: k8s-piper
Version: 0.2.0
Summary: A tool for extracting and analyzing information from kubectl output
Author: tkdpython
License: MIT License
        
        Copyright (c) 2026 tkdpython
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/tkdpython/k8s-piper
Project-URL: Repository, https://github.com/tkdpython/k8s-piper
Project-URL: Issues, https://github.com/tkdpython/k8s-piper/issues
Keywords: kubernetes,k8s,certificates,kubectl,security,tls,x509
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: System :: Systems Administration
Classifier: Topic :: Utilities
Requires-Python: >=3.6
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: cryptography>=2.8
Requires-Dist: PyYAML>=5.1
Requires-Dist: rich<10.0,>=9.0; python_version < "3.7"
Requires-Dist: rich>=9.0; python_version >= "3.7"
Provides-Extra: dev
Requires-Dist: pytest>=6.0; extra == "dev"
Requires-Dist: pytest-cov>=2.0; extra == "dev"
Dynamic: license-file

# k8s-piper

A tool for extracting key information from kubectl commands and displaying it in an easy-to-digest way.

k8s-piper automatically detects the Kubernetes resource type from piped `kubectl` output and runs the appropriate analysis — no flags required.

---

## Supported Resources

| Resource Kind | Analysis |
|---|---|
| `ConfigMap`, `Secret` | X.509 certificate extraction and analysis |
| `Deployment`, `StatefulSet`, `DaemonSet`, `Pod`, `Job`, `CronJob`, `ReplicaSet` | Container images, resource requests/limits, security contexts |
| `Role`, `ClusterRole` | RBAC policy rules with wildcard/danger highlighting |
| `RoleBinding`, `ClusterRoleBinding` | Role reference and subject bindings |

---

## Usage

Pipe any supported `kubectl` resource into k8s-piper — the kind is detected automatically:

```bash
# Certificate analysis (ConfigMap or Secret)
kubectl get cm ca -n mynamespace -o yaml | k8s-piper
kubectl get secret mycerts -n mynamespace -o yaml | k8s-piper

# Workload analysis — images, resources, security (Deployment, Pod, StatefulSet, …)
kubectl get deploy myapp -n mynamespace -o yaml | k8s-piper
kubectl get pod mypod-abc123 -n mynamespace -o yaml | k8s-piper
kubectl get statefulset mydb -n mynamespace -o yaml | k8s-piper

# RBAC analysis (Role, ClusterRole, RoleBinding, ClusterRoleBinding)
kubectl get clusterrole cluster-admin -o yaml | k8s-piper
kubectl get rolebinding myrb -n mynamespace -o yaml | k8s-piper
```

---

## What Each Analysis Shows

### Certificates (`ConfigMap` / `Secret`)
- Subject, Issuer, and Subject Alternative Names
- Validity period with expiry warnings (⚠ < 30 days, 🔴 < 7 days)
- Key type, size, and signature algorithm
- Key Usage and Extended Key Usage
- OCSP / CRL revocation URLs and Must-Staple flag
- SHA-256 and SHA-1 fingerprints
- CA / self-signed status, path length constraint

### Workloads (`Deployment`, `Pod`, `StatefulSet`, etc.)
- **Images** — full image reference, tag or digest, pull policy; flags `latest` and untagged images
- **Resources** — CPU and memory requests/limits per container; flags missing limits
- **Security Contexts** — pod-level and per-container security settings; flags dangerous values such as `privileged: true`, `allowPrivilegeEscalation: true`, and added capabilities

### RBAC (`Role` / `ClusterRole`)
- Policy rules table: API groups × resources × verbs
- Wildcard verbs (`*`) and wildcard resources highlighted in red
- Rules granting full wildcard access flagged as dangerous

### RBAC (`RoleBinding` / `ClusterRoleBinding`)
- Role reference (kind and name)
- Subjects table: service accounts, users, and groups

---

## Installation

```bash
pip install k8s-piper
```

Or install from source:

```bash
git clone https://github.com/tkdpython/k8s-piper.git
cd k8s-piper
pip install -e .
```
