{"id":13839409,"url":"https://github.com/SAP-archive/karydia","last_synced_at":"2025-07-11T03:32:22.562Z","repository":{"id":57500693,"uuid":"154145070","full_name":"SAP-archive/karydia","owner":"SAP-archive","description":"Kubernetes Security Walnut","archived":true,"fork":false,"pushed_at":"2020-07-07T08:54:55.000Z","size":620617,"stargazers_count":77,"open_issues_count":23,"forks_count":10,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-04-14T23:46:53.478Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SAP-archive.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2018-10-22T13:03:09.000Z","updated_at":"2024-03-07T23:02:09.000Z","dependencies_parsed_at":"2022-08-30T21:01:26.122Z","dependency_job_id":null,"html_url":"https://github.com/SAP-archive/karydia","commit_stats":null,"previous_names":["karydia/karydia"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/SAP-archive/karydia","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-archive%2Fkarydia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-archive%2Fkarydia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-archive%2Fkarydia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-archive%2Fkarydia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SAP-archive","download_url":"https://codeload.github.com/SAP-archive/karydia/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SAP-archive%2Fkarydia/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264721361,"owners_count":23653926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:00:22.129Z","updated_at":"2025-07-11T03:32:17.546Z","avatar_url":"https://github.com/SAP-archive.png","language":"Go","funding_links":[],"categories":["Security"],"sub_categories":[],"readme":"# Karydia - A Kubernetes Security Walnut\n\n![Karydia Logo](logo/Karydia@0.5x.png)\n\n**Status: Beta** | **Kubernetes Version \u003e=1.15.x**\n\nKarydia is a security add-on for Kubernetes, which helps you follow good security practices by inverting insecure default settings in Kubernetes. Kubernetes default settings are not optimized for security, but rather on running out-of-the-box without complicated configuration upfront. It's easy to get a pod up and running; in the simplest case it's just one command. Unfortunately, the simple setup does not have a highly secure application in mind. Default settings are not enough!\n\nKarydia inverts the following insecure default settings:\n* Unmount service account token\n* Restrict system calls by adding a seccomp profile\n* Run with minimal privileges by adding a non-root user\n* Disallow privilege escalation\n* Restrict network communication by automatically adding one or multiple network policies to each namespace\n\nA description of each feature can be found [here](docs/features.md) and an overview of the application of these features is described in the [demo section](docs/demos/overview.md).\n\nIf you have any problems while using Karydia, have a look at our [troubleshooting guide](docs/troubleshooting.md). If this does not solve your problem, please open a [GitHub Issue](https://github.com/karydia/karydia/issues/new?assignees=\u0026labels=bug\u0026template=bug_report.md\u0026title=).\n\n## Installing Karydia\nTo install Karydia using Helm run the following commands:\n```\nkubectl create namespace karydia\nhelm install karydia ./install/charts --namespace karydia\n```\n\nA detailed description of the installation process can be found in the [corresponding readme](install/README.md).\n\n## Testing\n\n### Integration Tests\n\n##### Install Karydia Dev\n```\nkubectl create namespace karydia\nhelm install karydia ./install/charts --namespace karydia --set dev.active=true\n```\n\n##### Build, Swap and Test\n\n```\nmake build deploy-dev\nmake e2e-test\n```\n\n### Unit Tests\n\n```\nmake test\n```\n\n### Debug Karydia\n\nTo debug (for example Visual Studio Code), change the following line in the debug configuration:\n\n```\n\"args\": [\"--kubeconfig\",\"\u003cPATH\u003e/.kube/config\"]\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSAP-archive%2Fkarydia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FSAP-archive%2Fkarydia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FSAP-archive%2Fkarydia/lists"}