gke-policy-automation
policy-enforcer
gke-policy-automation | policy-enforcer | |
---|---|---|
8 | 1 | |
508 | 23 | |
0.2% | - | |
6.9 | 8.0 | |
15 days ago | about 2 years ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gke-policy-automation
-
Google Kubernetes clusters config checker tool
https://github.com/google/gke-policy-automation/blob/main/gk...
What's the point of requiring the control plane to be locked down to authorized networks (IP address ranges)? Isn't Google responsible for DDoS protection, enforcing authentication controls (i.e. logging in with a Google account in the right Google group), patching the control plane ASAP for any security vulnerabilities?
If you have a VPN, if you have heavy-duty network monitoring on your VPN endpoint, sure, limit it to the VPN. For the rest of us? Is every startup running GKE without heavy-duty VPN / network monitoring fundamentally insecure? That doesn't sound right to me. Security is supposed to be a spectrum, and it seems like black-and-white automated config checkers like these are more likely to provoke arguments internally ("but the tool said it's bad!!") than to help reach a nuanced understanding of why tradeoffs are made. No?
-
GKE Policy Automation: validate your cluster configurations
GKE Policy Automation is a tool and a policy library for validating Google Kubernetes Engine clusters against set of configuration best practices.
policy-enforcer
What are some alternatives?
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
pycasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Python
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
authz - 🛡️ Authorization backend that comes with a UI for RBAC and ABAC permissions
reposaur - Open source compliance tool for development platforms.
Casbin.NET - An authorization library that supports access control models like ACL, RBAC, ABAC in .NET (C#)
tanka - Flexible, reusable and concise configuration for Kubernetes
casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
popeye - 👀 A Kubernetes cluster resource sanitizer
node-casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Node.js and Browser
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
casbin-server - Casbin as a Service (CaaS)