<<<<<<< HEAD
This project provides real-time monitoring and best-practice enforcement for Kubernetes pod security, combining:
- Live monitoring of pod security violations (Python backend + web dashboard)
- Automated enforcement of Pod Security Standards and Gatekeeper policies
- Helm chart for easy deployment of security controls
- Real-time alerts for pods violating security best practices (privileged, missing securityContext, etc.)
- Web dashboard for instant visibility
- Enforce Kubernetes Pod Security Admission (PSA) at namespace level
- Gatekeeper policy to block privileged containers
- Helm chart for automated setup
backend/— Python Flask backend for real-time pod monitoringfrontend/— Simple web dashboard for alertshelm-chart/— Helm chart to label namespaces and enforce privileged-block policyk8s_pod_security_enforcement.yaml— Example manifest for PSA enforcementgatekeeper_privileged_block.yaml— Gatekeeper constraint YAML
- Install Python requirements:
pip install -r requirements.txt
- Ensure your kubeconfig is set (access to cluster).
- Run backend:
python backend/main.py
- Open
frontend/index.htmlin your browser.
- Apply PSA enforcement to a namespace:
kubectl apply -f k8s_pod_security_enforcement.yaml
- Install Gatekeeper
- Apply privileged-block constraint:
kubectl apply -f gatekeeper_privileged_block.yaml
- Edit
helm-chart/values.yamlto set your namespace (default:secure-apps). - Deploy with Helm:
helm install pod-security-enforcement ./helm-chart
- Add more constraints in
helm-chart/templates/ - Extend monitoring logic in
backend/main.py - Integrate dashboard with alerting systems (Slack, email, etc.)
For production use, always test policies in audit mode first and review official Kubernetes/Gatekeeper documentation.
Real-time Kubernetes pod security monitoring and enforcement: dashboard, Helm, Gatekeeper, Pod Security Admission.
60e87cbb0d60bd3b6acb262702fc4e4bd9f1a9cf