k-rail Logo

k-rail

0
Free
Visit Website

The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities. We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality. k-rail is a workload policy enforcement tool for Kubernetes. It can help you secure a multi tenant cluster with minimal disruption and maximum velocity. Why k-rail? - Suggested usage - Installation - Removal - Viewing policy violations - Violations from realtime feedback - Violations from the Events API - Violations from logs Supported policies: - No ShareProcessNamespace - No Exec - No Bind Mounts - No Docker Sock Mount - EmptyDir size limit Policy configuration: - Mutate Default Seccomp Profile - Immutable Image Reference - No Host Network - No Host PID - No New Capabilities - No Privileged Container - No Helm Tiller Trusted Image Repository Policy configuration - Safe to Evict (DEPRECATED) - Mutate Safe to Evict - Mutate Image Pull Policy Policy configuration: - Require Ingress Exemption - Unique Ingress Host - Service type LoadBalancer annotation check - Istio VirtualService Gateways check - No Persistent

FEATURES

ALTERNATIVES

A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies

Automate AWS security checks and centralize security alerts.

Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.

A dynamic infrastructure framework for efficient multi-cloud security operations and distributed scanning.

Converts the format of various S3 buckets for bug bounty and security testing.

A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance

Discover and understand the Docker Layer 2 ICC Bug and its implications on inter-container communication.

A collection of tools for forensics teams to collect evidence from cloud platforms

PINNED