k-rail Logo

k-rail

0
Free
Visit Website

The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities. We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality. k-rail is a workload policy enforcement tool for Kubernetes. It can help you secure a multi tenant cluster with minimal disruption and maximum velocity. Why k-rail? - Suggested usage - Installation - Removal - Viewing policy violations - Violations from realtime feedback - Violations from the Events API - Violations from logs Supported policies: - No ShareProcessNamespace - No Exec - No Bind Mounts - No Docker Sock Mount - EmptyDir size limit Policy configuration: - Mutate Default Seccomp Profile - Immutable Image Reference - No Host Network - No Host PID - No New Capabilities - No Privileged Container - No Helm Tiller Trusted Image Repository Policy configuration - Safe to Evict (DEPRECATED) - Mutate Safe to Evict - Mutate Image Pull Policy Policy configuration: - Require Ingress Exemption - Unique Ingress Host - Service type LoadBalancer annotation check - Istio VirtualService Gateways check - No Persistent

FEATURES

ALTERNATIVES

AI-Powered Cloud Assistant for building, securing, and operating cloud environments.

Cloud Security Suite (cs-suite) - Version 3.0 Usage for cloud security audits on AWS, GCP, Azure, and DigitalOcean.

A project that sets up partitioned Athena tables for CloudTrail logs and updates partitions nightly.

Create Docker container images for testing and long-term use.

Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.

Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.

A publicly open storage viewer for various storage services.

AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.