Rönd
Rönd is a lightweight container that distributes security policy enforcement throughout your application.
Rönd is based on OpenPolicy Agent and allows you to define security policies to be executed during API invocations. Rönd runs in your Kubernetes cluster as a sidecar container of your Pods. Rönd intercepts the API traffic, applies your policies and, based on the policy result, forwards the request to your application service or rejects the API invocation.
Why Rönd?
Find out more here.
Features
Rönd supports three policy types:
- Allow or reject request
- Query generation during the request flow
- Response body patching
RBAC capabilities
Rönd natively allows you to build an RBAC solution based on Roles and Bindings saved in MongoDB.
Who is using Rönd
Here is a list of awesome people using Rönd, if you're using it but do not appear in this list feel free to open a PR!
Local development
For local development you need to have Go installed locally, checkout the go.mod file to know the currently used language version.
Run tests
make test
Please note that in order to run tests you need Docker to be installed; tests need a local instance of MongoDB to be up and running, the make test
command will take care of it by creating a new mongodb
container. The container is auomatically removed at the end of tests; if it remains leaked simply run make clean
.
Contributing
Please read CONTRIBUTING.md for further details about the process for submitting pull requests.