Skip to main content

kubectl kguardian

The kguardian CLI is a kubectl plugin that generates security policies from observed runtime behavior.

Installation

See the Installation Guide for detailed instructions.

Global Flags

Available for all commands:
FlagDescriptionDefault
--kubeconfigPath to kubeconfig file$KUBECONFIG or ~/.kube/config
--contextKubernetes context to useCurrent context
-n, --namespaceNamespace scopeCurrent namespace
--debugEnable debug loggingfalse

Commands

gen networkpolicy

Generate Network Policies from observed traffic

gen seccomp

Generate Seccomp profiles from syscall usage

Examples

# Generate network policy for a pod
kubectl kguardian gen networkpolicy my-app -n production

# Generate seccomp for all pods in namespace
kubectl kguardian gen seccomp --all -n staging

# Generate Cilium policies cluster-wide
kubectl kguardian gen netpol -A --type cilium