Hi everyone, my name is Robert and for the previous months, I've been building a tool called kube-advisor.io. After many months of blood, sweat and tears put into it, https://kube-advisor.io is now available for everyone. So, what can you do with kube-advisor.io? It is a platform that lets you identify misconfigurations and best practice violations in your Kubernetes clusters. The setup is simple: You install a minimal agent on your cluster using a helm command and within seconds you can continuously identify configuration issues existing in your cluster using the UI at app.kube-advisor.io. Checks performed as of today are: → “Naked” Pods: check for pods that do not have an owner like a deployment, statefulset, job, etc. → Privilege escalation allowed: Pods are allowing privilege escalation using the “allowPrivilegeEscalation” flag → Missing probes: a container is missing liveness and/or readiness probes → No labels set / standard labels not set: A resource is missing labels altogether or does not have the Kubernetes standard labels set → Service not hitting pods: A Kubernetes service is having a selector that does not match any pods → Ingress pointing to non-existing service: An ingress is pointing to a service that does not exist → Volumes not mounted: A pod is defining a volume that is not mounted into any of its containers → Kubernetes version: Check if the Kubernetes version is up-to-date → Check if namespaces are used (more than 1 non-standard namespace should be used) → Check if there is more than one node … with many more to come in the future. If you want to write your own custom checks, you can do so using Kyverno “Validate”-type ClusterPolicy resources. Here is a huge list of existing templates. Coming soon: PDF reports, so you can prove progress in cluster hardening to managers and stakeholders. I'd be happy if you give it a try. If you have any questions or feedback, let me know!:) Sign up here: app.kube-advisor.io/register