Ready to Boost Your Startup? Click to Start Up Your Free Subscription!

Kubernetes Access Controller

QueryPie KAC is a solution for Kubernetes API protection, enabling centralized management of cloud infrastructures like AWS EKS
and on-premises clusters. Administrators can manage access, monitor API requests, and replay container command executions.

Key Features of KAC

QueryPie KAC provides RBAC and ABAC controls for precise access management in Kubernetes, automatically acquiring IAM permissions.
Enjoy real-time visibility with audit logs, session recordings, and streamlined multi-cluster access, all backed by automatic KUBECONFIG configuration.

  • RBAC/ABAC Access Control
    RBAC/ABAC Access Control

    Implement role-based (RBAC) access for Kubernetes clusters, managing API access with tailored policies. Use attribute-based (ABAC) conditions to ensure permissions align with specific user attributes.

  • Automatic Access Permission Acquisition
    Automatic Access Permission Acquisition

    Automatically register admin access permissions for cloud-based Kubernetes clusters like AWS EKS by simply assigning IAM permissions.

  • Audit Logging Session & Recording
    Audit Logging Session & Recording

    Gain visibility into user actions across multiple clusters in near real-time through audit logs and pod session recordings.

  • Multi-Cluster Access Centralization
    Multi-Cluster Access Centralization

    Automatically record sessions when users connect to containers, monitoring their actions. Apply access control rules based on K8S resource names (RegEx) not supported in standard K8S RBAC.

  • Automatic KUBECONFIG Configuration
    Automatic KUBECONFIG Configuration

    Optimize cloud environments by synchronizing distributed resources and managing multiple Kubernetes integrations. Automate resource synchronization and track change history with scheduling functions.

How QueryPie KAC Works

QueryPie KAC seamlessly connects users to Kubernetes clusters with powerful access control and auditing capabilities.
The QueryPie Agent generates secure kubeconfig files, allowing users to effortlessly connect to Kubernetes clusters using tools like kubectl, Lens, and more.
Serving as the control hub, QueryPie KAC ensures precise role-based access management and comprehensive auditing of all Kubernetes activities.

How QueryPie KAC Works

Entirely Protect Your Kubernetes

QueryPie supercharges your Kubernetes protection, keeping your environment secure both inside and outside namespaces.
While QueryPie SAC handles tight access control and audits SSH connections to nodes,
QueryPie KAC shines in managing and monitoring all API interactions with Kubernetes resources, ensuring everything runs smoothly and securely.

Entirely Protect Your Kubernetes

Easy & Quick Cloud Synchronization

Sync your cloud resources effortlessly with QueryPie! Designed for seamless cloud environments, it streamlines Kubernetes integrations and automates resource synchronization with smart scheduling, all while tracking changes with ease.

Easy & Quick Cloud Synchronization
Integrated Management in Multi-K8S Environment

Integrated Management in Multi-K8S Environment

Manage permissions from a single console, eliminating the need to configure RBAC settings for each Kubernetes cluster. Use wildcards to apply the same permission policy across multiple clusters, streamlining access control.

Segmented K8S Resource Unit Policy Management

Simplify access control with wildcard and regular expression support for resources, adapting to variable names while filtering responses based on user permissions. Enjoy detailed policy management for API groups, verbs, resource types, namespaces, and resource names for precise control.

Segmented K8S Resource Unit Policy Management
Kubernetes API Execution History Logging

Kubernetes API Execution History Logging

Say goodbye to confusing Kubernetes API audit logs! QueryPie’s Proxy logs all API requests across multiple clusters, focusing on essential actions for efficient tracking while reducing unnecessary load on the master server.

Container Shell Command Execution History Recording

Keep tabs on user activity in containers with session recordings that allow you to replay all actions after connecting to the pod. This feature provides comprehensive oversight and control.

Container Shell Command Execution History Recording
Kubernetes Access Right Auto Setup

Kubernetes Access Right Auto Setup

Automatically generate kubeconfig files for each user based on assigned roles. Users can easily access these files through QueryPie Agent, allowing them to choose accessible clusters with existing Kubernetes tools like kubectx.

  • Is QueryPie a SaaS service?

    Currently, QueryPie is provided as an installable solution for both cloud and on-premises environments, with plans to launch a SaaS-based service in the future. This will offer customers even greater deployment options, allowing seamless integration with existing infrastructures while supporting a transition to SaaS.

  • How does QueryPie handle user authentication?

    QueryPie supports SAML-based SSO, multi-factor authentication (MFA), and LDAP integration, enabling users to access systems securely. With centralized management, administrators can efficiently handle permissions across systems, strengthening security and enhancing control over user access.

  • What security standards does QueryPie comply with?

    QueryPie is designed to comply with global security standards like ISO 27001, SOC 2, GDPR, and CSA-STAR, ensuring adherence to data security and regulatory requirements. This allows organizations to strengthen access management while also meeting compliance needs and preparing for audits.

  • Is QueryPie compatible with existing security solutions?

    QueryPie is designed to seamlessly integrate with a variety of external security solutions via APIs. This ensures compatibility with existing infrastructure, enhances existing security frameworks, and enables efficient operations without requiring additional security solutions.

3 Minutes to Wow !

Let us show you how QueryPie can transform the way you govern and share your sensitive data.

Take a Virtual Tour