> ## Documentation Index > Fetch the complete documentation index at: https://docs.kguardian.dev/llms.txt > Use this file to discover all available pages before exploring further. # kguardian > kguardian watches pod traffic and syscalls with eBPF, then writes Kubernetes NetworkPolicies, CiliumNetworkPolicies, and seccomp profiles from what it sees — no hand-authored rules. # kguardian kguardian watches pod traffic and syscalls with eBPF, then writes Kubernetes NetworkPolicies, CiliumNetworkPolicies, and seccomp profiles from what it sees — no hand-authored rules. ## Docs map * [**Getting Started**](/quickstart) — install, configure, run your first capture. * [**Generating Policies**](/guides/generating-network-policies) — NetworkPolicies and CiliumNetworkPolicies from observed traffic. * [**Generating Seccomp Profiles**](/concepts/seccomp-profiles) — least-privilege syscall profiles from runtime data. * [**Architecture**](/architecture) — Controller, Broker, storage; how data flows. * [**Operations**](/advanced/troubleshooting) — production deployment, retention, performance tuning. * [**AI Assistant**](https://github.com/kguardian-dev/kguardian/tree/main/llm-bridge) — optional LLM bridge for natural-language queries. * [**Reference**](/cli/overview) — CLI, [API](/api-reference/introduction), [helm values](/installation). ## What is kguardian? A Kubernetes runtime-observability tool that turns the network and syscall behavior of your pods into the policy YAML you would otherwise have to write by hand. Generate least-privilege network policies from observed pod communication patterns Create syscall allowlists based on actual container behavior Low-overhead kernel-level visibility without code changes Interactive UI that polls the Broker every few seconds to render pod-to-pod traffic ## Why kguardian? Writing Network Policies and Seccomp profiles by hand is tedious and error-prone. kguardian observes your running applications and generates policies automatically in seconds. Start with a default-deny posture and allow only the exact network paths and syscalls your applications actually use. No guesswork, no over-permissioning. See exactly how your pods communicate and what system calls they make. The UI polls the Broker every few seconds and renders the latest observed traffic and syscall data. Export policies as YAML files for review and version control. Perfect for Infrastructure as Code workflows and compliance audits. ## How it Works kguardian consists of four components working together: The **Controller** (Rust + eBPF) runs as a DaemonSet on your nodes, using kernel-level eBPF programs to capture network traffic and syscall activity with minimal overhead. The **Broker** (Rust + Actix-web) receives telemetry from controllers and stores it in PostgreSQL, providing a historical view of your workload behavior. The **CLI** (`kubectl kguardian`) queries the broker, analyzes traffic patterns, and generates ready-to-apply Network Policies and Seccomp profiles. The **UI** (React + TypeScript) provides an interactive graph showing pod communication, making it easy to understand complex network topologies. ## Quick Example Generate a Network Policy for a pod in seconds: ```bash theme={null} # Install the controller (one-time setup) helm install kguardian oci://ghcr.io/kguardian-dev/charts/kguardian \ --namespace kguardian \ --create-namespace # Let your app run normally for a few minutes... # Generate policy from observed traffic kubectl kguardian gen networkpolicy my-app -n production \ --output-dir ./policies # Review and apply kubectl apply -f ./policies/production-my-app-networkpolicy.yaml ``` **That's it!** You now have a least-privilege network policy based on real runtime behavior. ## Supported Resources Standard K8s resource for ingress/egress rules Enhanced policies with L7 visibility (Cilium CNI) Linux seccomp-bpf syscall filters Coming soon in future releases Planned for future versions Auto-generate PSS labels and policies ## Get Started Get kguardian running in 5 minutes Understand how components work together Learn to generate security policies See generated policies for nginx, Postgres, Prometheus, and more ## Comparison with Other Tools | Feature | kguardian | Inspektor Gadget | Security Profiles Operator | | :----------------------------- | :-------: | :--------------: | :------------------------: | | **Network Policy (K8s)** | ✅ | ✅ | ❌ | | **Network Policy (Cilium)** | ✅ | ❌ | ❌ | | **Seccomp Profile Generation** | ✅ | 📝 | ✅ | | **AppArmor Profile Mgmt** | 🔜 | ❌ | ✅ | | **Live view (polled, \~5s)** | ✅ | ❌ | ❌ | | **GitOps-friendly** | ✅ | ✅ | Partial | | **eBPF-based** | ✅ | ✅ | ✅ | **kguardian's unique strength:** Generate both Network Policies (K8s + Cilium) and Seccomp profiles from a single eBPF data source with visual exploration via the UI. ## Community & Support Ask questions, share ideas, and get help from the community Report bugs or request features on GitHub Learn how to contribute to kguardian View release notes and download binaries ## License kguardian is licensed under the **Business Source License 1.1** (BSL 1.1): * ✅ **Free** for development, testing, evaluation, and non-production use * ✅ **Free** for non-commercial use * ⚠️ Commercial production use requires a commercial license * 🔄 Converts to **Apache License 2.0** on January 1, 2029 See the [LICENSE](https://github.com/kguardian-dev/kguardian/blob/main/LICENSE) for full details. *** Get started with kguardian in just 5 minutes →