This tool can be used for good or bad things and comes with two use cases dedicated to two of the four houses of Hogwarts:
Like playing with the Marauder's Map a simple spell echo "Mischief managed" && oc delete -l app.kubernetes.io/name=golden-snitch is enough to stop the snitch.
To get started with this tool simply adjust the values in the values.yaml. All required fields are marked. Use the upcoming snippet to render the helm chart and apply it to the cluster. If you haven't installed the oc client, now is a good time to install it:
helm template . | tee snitch.yaml | oc apply -f -To understand the magic, let's take a look inside the spell book:
On OpenShift there is a fancy feature that allows you to serve a certificate as a secret as long as a service is defined. This certificate is trusted and created by your cluster. This helps us to break up the HTTPS connection between the Route and the vicitims application. Either the application nor the muggels who are calling the application will know that you're watching their traffic.
Additional the golden snitch is a proxy we can capture the incoming traffic and redirect it to the victim application. In that way the golden snitch will be less invasive and can be opted in and out with ease.
I'm not responsible for any harm caused by this tool. Also the nginx might leak some headers and info, for a well trained admin it shouldn't be a big deal to silence it. For script kiddies > sorry but it's better to keep it that way then :)
