Kudo is a Kubernetes controller that aims to make the process of privilege escalation secure, auditable and easy for both administrators and users.
Kudo is at the moment in an early stage, under active work and very unstable. Please do not use it on production systems.
One line escalation
Temporarilly getting new permissions in a cloud native context have never been easier!
kubectl kudo escalate [policy-name] [--reason] [--namespace] [--duration]
Flexible Policies
Kudo escalation policies allows administrators to define fine tuned rules regarding who is allowed to escalate, how it should be approved and what an escalation grants.
Cloud Native Privilege Escalation
Kudo supports kubernetes RBAC as a first class citizen, but is designed to integrate with many other systems, for example cloud providers like AWS or GCP.
Escalation Challenges
Some access might require aditional validation, for example having a peer review and approve your escalation. Kudo, based on its escalation challenges system allows to perform additional checks at runtime.
Powerful Auditability
When it comes to privilege escalation, nothing must go unseen. Kudo natively pushes escalation events to Kubernetes events, but also aims to integrate with many external systems to achieve excellent auditability.
Open Source
Want to participate? Have an idea? The code source lives on GitHub. New contributors are always welcome!
Interested in trying Kudo?
Check out the documentation!