Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/karydia/karydia

Kubernetes Security Walnut
https://github.com/karydia/karydia

Last synced: 3 months ago
JSON representation

Kubernetes Security Walnut

Host: GitHub
URL: https://github.com/karydia/karydia
Owner: SAP-archive
License: other
Archived: true
Created: 2018-10-22T13:03:09.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2020-07-07T08:54:55.000Z (over 4 years ago)
Last Synced: 2024-04-14T23:46:53.478Z (7 months ago)
Language: Go
Homepage:
Size: 592 MB
Stars: 77
Watchers: 13
Forks: 10
Open Issues: 23
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md
- Codeowners: CODEOWNERS

Awesome Lists containing this project

awesome-cloud-native - Karydia - Kubernetes Security Walnut. (Security)

README

        # Karydia - A Kubernetes Security Walnut

![Karydia Logo](logo/[email protected])

**Status: Beta** | **Kubernetes Version >=1.15.x**

Karydia is a security add-on for Kubernetes, which helps you follow good security practices by inverting insecure default settings in Kubernetes. Kubernetes default settings are not optimized for security, but rather on running out-of-the-box without complicated configuration upfront. It's easy to get a pod up and running; in the simplest case it's just one command. Unfortunately, the simple setup does not have a highly secure application in mind. Default settings are not enough!

Karydia inverts the following insecure default settings:

* Unmount service account token

* Restrict system calls by adding a seccomp profile

* Run with minimal privileges by adding a non-root user

* Disallow privilege escalation

* Restrict network communication by automatically adding one or multiple network policies to each namespace

A description of each feature can be found [here](docs/features.md) and an overview of the application of these features is described in the [demo section](docs/demos/overview.md).

If you have any problems while using Karydia, have a look at our [troubleshooting guide](docs/troubleshooting.md). If this does not solve your problem, please open a [GitHub Issue](https://github.com/karydia/karydia/issues/new?assignees=&labels=bug&template=bug_report.md&title=).

## Installing Karydia

To install Karydia using Helm run the following commands:

```

kubectl create namespace karydia

helm install karydia ./install/charts --namespace karydia

```

A detailed description of the installation process can be found in the [corresponding readme](install/README.md).

## Testing

### Integration Tests

##### Install Karydia Dev

```

kubectl create namespace karydia

helm install karydia ./install/charts --namespace karydia --set dev.active=true

```

##### Build, Swap and Test

```

make build deploy-dev

make e2e-test

```

### Unit Tests

```

make test

```

### Debug Karydia

To debug (for example Visual Studio Code), change the following line in the debug configuration:

```

"args": ["--kubeconfig","/.kube/config"]

```