Skip to main content
Version: 0.1.0

Overview

Kubefuzz is a generative and mutative fuzzer for Kubernetes admission controller chains. It can be used to uncover unexpected behavior in complex admission controller setups. It works by generating and mutating Kubernetes resources according to the schema supplied by the cluster openapi scheme, and a user written constrain configuration that further limits what fields are generated and how.

Modes of operation​

usr@lnx ~> kubefuzz --help
Usage: kubefuzz [OPTIONS] <COMMAND>

Commands:
generate generate manifests with constraints
mutate mutate existing manifests with constraints
fuzz fuzz admission controller chain with constraints
get-schemas get json schemas from k8s api
help Print this message or the help of the given subcommand(s)

Options:
-s, --seed <SEED> seed to use
-h, --help Print help
-V, --version Print version

Kubefuzz can be run in 4 modes. To be able to use fuzzing, understanding the fuzz and the get-schemas mode and constraints is required.