k-rail Logo

k-rail

0
Free
Visit Website

The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities. We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality. k-rail is a workload policy enforcement tool for Kubernetes. It can help you secure a multi tenant cluster with minimal disruption and maximum velocity. Why k-rail? - Suggested usage - Installation - Removal - Viewing policy violations - Violations from realtime feedback - Violations from the Events API - Violations from logs Supported policies: - No ShareProcessNamespace - No Exec - No Bind Mounts - No Docker Sock Mount - EmptyDir size limit Policy configuration: - Mutate Default Seccomp Profile - Immutable Image Reference - No Host Network - No Host PID - No New Capabilities - No Privileged Container - No Helm Tiller Trusted Image Repository Policy configuration - Safe to Evict (DEPRECATED) - Mutate Safe to Evict - Mutate Image Pull Policy Policy configuration: - Require Ingress Exemption - Unique Ingress Host - Service type LoadBalancer annotation check - Istio VirtualService Gateways check - No Persistent

FEATURES

ALTERNATIVES

A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.

Commercial

Find exposed AWS cloud assets that you did not know you had.

Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.

Lists Amazon S3 Buckets while browsing

Cloud Custodian (c7n) is a rules engine for managing public cloud accounts and resources with a focus on security, compliance, and cost optimization.

An open-source framework for testing and validating the security of AWS services and resources.

Collection of Kubernetes manifests creating pods with elevated privileges for security testing.

A tool that discovers all AWS resources created in an account