kubectl kguardian
The kguardian CLI is a kubectl plugin that generates security policies from observed runtime behavior.Installation
See the Installation Guide for detailed instructions.Global Flags
Available for all commands:| Flag | Description | Default |
|---|---|---|
--kubeconfig | Path to kubeconfig file | $KUBECONFIG or ~/.kube/config |
--context | Kubernetes context to use | Current context |
-n, --namespace | Namespace scope | Current namespace |
--debug | Enable debug logging | false |
Commands
gen networkpolicy
Generate Network Policies from observed traffic
gen seccomp
Generate Seccomp profiles from syscall usage
audit promote
Convert an AuditNetworkPolicy into an enforced networking.k8s.io/v1 NetworkPolicy ready for kubectl apply.
audit promote-cluster
Convert an AuditClusterNetworkPolicy into one NetworkPolicy per matched namespace (discovery from
namespaceSelector).