Kubernetes Access Controller
QueryPie KAC is a solution for Kubernetes API protection, enabling centralized management of cloud infrastructures like AWS EKS
and on-premises clusters. Administrators can manage access, monitor API requests, and replay container command executions.
Key Features of KAC
QueryPie KAC provides RBAC and ABAC controls for precise access management in Kubernetes, automatically acquiring IAM permissions.
Enjoy real-time visibility with audit logs, session recordings, and streamlined multi-cluster access, all backed by automatic KUBECONFIG configuration.
RBAC/ABAC Access Control
Implement role-based (RBAC) access for Kubernetes clusters, managing API access with tailored policies. Use attribute-based (ABAC) conditions to ensure permissions align with specific user attributes.
Automatic Access Permission Acquisition
Automatically register admin access permissions for cloud-based Kubernetes clusters like AWS EKS by simply assigning IAM permissions.
Audit Logging Session & Recording
Gain visibility into user actions across multiple clusters in near real-time through audit logs and pod session recordings.
Multi-Cluster Access Centralization
Automatically record sessions when users connect to containers, monitoring their actions. Apply access control rules based on K8S resource names (RegEx) not supported in standard K8S RBAC.
Automatic KUBECONFIG Configuration
Optimize cloud environments by synchronizing distributed resources and managing multiple Kubernetes integrations. Automate resource synchronization and track change history with scheduling functions.
How QueryPie KAC Works
QueryPie integrates seamlessly into existing data environments.
Users can easily connect to servers via the QueryPie Proxy Server, allowing seamless access while maintaining security protocols.
Administrators can integrate identity providers such as Azure Active Directory, OneLogin, and Okta into data access policies.
Users can access the data source using QueryPie’s native SQL editor or any third-party analytics tools without
changing their previous data workflows.
Entirely Protect Your Kubernetes
QueryPie supercharges your Kubernetes protection, keeping your environment secure both inside and outside namespaces.
While QueryPie SAC handles tight access control and audits SSH connections to nodes,
QueryPie KAC shines in managing and monitoring all API interactions with Kubernetes resources, ensuring everything runs smoothly and securely.
Easy & Quick Cloud Synchronization
Sync your cloud resources effortlessly with QueryPie! Designed for seamless cloud environments, it streamlines Kubernetes integrations and automates resource synchronization with smart scheduling, all while tracking changes with ease.
Integrated Management in Multi-K8S Environment
Manage permissions from a single console, eliminating the need to configure RBAC settings for each Kubernetes cluster. Use wildcards to apply the same permission policy across multiple clusters, streamlining access control.
Segmented K8S Resource Unit Policy Management
Simplify access control with wildcard and regular expression support for resources, adapting to variable names while filtering responses based on user permissions. Enjoy detailed policy management for API groups, verbs, resource types, namespaces, and resource names for precise control.
Kubernetes API Execution History Logging
Say goodbye to confusing Kubernetes API audit logs! QueryPie’s Proxy logs all API requests across multiple clusters, focusing on essential actions for efficient tracking while reducing unnecessary load on the master server.
Container Shell Command Execution History Recording
Keep tabs on user activity in containers with session recordings that allow you to replay all actions after connecting to the pod. This feature provides comprehensive oversight and control.
Kubernetes Access Right Auto Setup
Automatically generate kubeconfig files for each user based on assigned roles. Users can easily access these files through QueryPie Agent, allowing them to choose accessible clusters with existing Kubernetes tools like kubectx.
Is QueryPie a SaaS service?
Currently, QueryPie is provided as an installable solution for both cloud and on-premises environments, with plans to launch a SaaS-based service in the future. This will offer customers even greater deployment options, allowing seamless integration with existing infrastructures while supporting a transition to SaaS.
How does QueryPie handle user authentication?
QueryPie supports SAML-based SSO, multi-factor authentication (MFA), and LDAP integration, enabling users to access systems securely. With centralized management, administrators can efficiently handle permissions across systems, strengthening security and enhancing control over user access.
What security standards does QueryPie comply with?
QueryPie is designed to comply with global security standards like ISO 27001, SOC 2, GDPR, and CSA-STAR, ensuring adherence to data security and regulatory requirements. This allows organizations to strengthen access management while also meeting compliance needs and preparing for audits.
Is QueryPie compatible with existing security solutions?
QueryPie is designed to seamlessly integrate with a variety of external security solutions via APIs. This ensures compatibility with existing infrastructure, enhances existing security frameworks, and enables efficient operations without requiring additional security solutions.
3 Minutes to Wow !
Let us show you how QueryPie can transform the way you govern and share your sensitive data.