k-rail Logo

k-rail

0
Free
Visit Website

The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities. We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality. k-rail is a workload policy enforcement tool for Kubernetes. It can help you secure a multi tenant cluster with minimal disruption and maximum velocity. Why k-rail? - Suggested usage - Installation - Removal - Viewing policy violations - Violations from realtime feedback - Violations from the Events API - Violations from logs Supported policies: - No ShareProcessNamespace - No Exec - No Bind Mounts - No Docker Sock Mount - EmptyDir size limit Policy configuration: - Mutate Default Seccomp Profile - Immutable Image Reference - No Host Network - No Host PID - No New Capabilities - No Privileged Container - No Helm Tiller Trusted Image Repository Policy configuration - Safe to Evict (DEPRECATED) - Mutate Safe to Evict - Mutate Image Pull Policy Policy configuration: - Require Ingress Exemption - Unique Ingress Host - Service type LoadBalancer annotation check - Istio VirtualService Gateways check - No Persistent

FEATURES

ALTERNATIVES

Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.

Commercial

A tool for pillaging Docker registries to extract image manifests and configurations.

A tool for testing AWS S3 bucket permissions and security

Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable fixes.

A collection of security workshops and hands-on content for AWS security services and techniques

FunctionShield is a Serverless Security Library for Developers to enforce strict security controls on AWS Lambda & Google Cloud Functions runtimes.

A project exploring minimal set of restrictions for running untrusted code using Linux containers in a concise codebase.

Docker's Actuary automates security best-practices checks for Docker containers.