Auditing container user accounts?

This page summarizes the projects mentioned and recommended in the original post on /r/kubernetes
Kubernetes Sandbox Containers policy-management OCI

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Kyverno

    Kubernetes Native Policy Management

    • You could use something like Kyverno, and then you can use policies like this one: https://kyverno.io/policies/pod-security/baseline/disallow-privileged-containers/disallow-privileged-containers/

  • gvisor

    Application Kernel for Containers

    • At the heart of the issue you really just want to reduce the surface space of access that the container has to the kernel, should there be a kernel vulnerability found. If the workload is pretty generic, you might be able to just use gvisor. It uses ptrace to eliminate many direct system calls to the kernel and wraps the few that it can't actually just replicate: https://gvisor.dev/

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts