Question 1

How does Krane compare to kube-bench for Kubernetes security?

Accepted Answer

Krane focuses specifically on RBAC static analysis and visualization using a graph database, while kube-bench checks for CIS benchmark compliance across the entire cluster. Krane is better for deep permission auditing, but kube-bench covers broader security hygiene.

Question 2

How to integrate Krane into a CI/CD pipeline?

Accepted Answer

Use the CLI with the --ci flag on RBAC YAML/JSON files in a directory; it returns a non-zero exit code on risks, making it suitable for pipeline steps. The README recommends running it from the Docker image in CI executors.

Question 3

What kinds of RBAC risks does Krane detect by default?

Accepted Answer

It includes built-in rules for dangers like over-permissive roles (e.g., allowing all verbs on secrets) and misconfigured bindings, with severity levels from info to danger, as detailed in the config/rules.yaml file.

Question 4

Can Krane monitor multiple Kubernetes clusters at once?

Accepted Answer

Yes, you can run reports with different cluster names using the -c flag, and the dashboard can switch between cached data for each cluster, but it requires separate setups or instances per cluster for continuous monitoring.

Question 5

How does Krane handle PodSecurityPolicy deprecation in newer Kubernetes versions?

Accepted Answer

Krane still includes PSP nodes in its graph schema for backward compatibility but notes deprecation; users can bypass it by creating empty PSP files, as mentioned in the report command section for local file analysis.

Question 6

Is Krane suitable for large-scale clusters with thousands of RBAC objects?

Accepted Answer

Its graph-based indexing in RedisGraph should handle scale efficiently, but performance may depend on resource allocation for RedisGraph and the complexity of custom queries, which isn't extensively benchmarked in the README.

krane

What is krane?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions