| We built Sentrilite, a lightweight unified control-plane to observe and secure hybrid multi-cloud fleets (AWS, Azure, GCP, on-prem) from one place. The goal is fast onboarding, live kernel-level telemetry, fleet-wide rule targeting, and an audit-ready PDF—without stitching together 5 tools. What’s in the demo Fleet onboarding in seconds: upload a two-column CSV (ServerIP,Group) and the fleet view auto-populates with tiles, health, recent alerts, and AI insights. One-command deploy to EKS: kubectl apply -f sentrilite.yaml sets a DaemonSet (one agent per node); images are auto-pulled. Click a node to see live process/file/network events enriched with Kubernetes metadata. High-risk rules (hot-reload): target rules by Group (e.g. only aws, azure or prod). We flag nc/netcat, sensitive file reads, etc., and show the alerts immediately. Fleet health signals: detect OOMKilled containers with exact pod/container context for fast triage. Export PDF: one click to generate a chronological report with summaries, tags, and k8s context. Why we built it Hybrid fleets need a single control plane to target rules to subsets and see uniform telemetry across clouds. We wanted eBPF-level visibility with Kubernetes context, but make onboarding dead simple. How it works (high level) Agents run as a DaemonSet per node, stream events to the dashboard, and apply local rules (hot-reloaded). Grouping (Group in CSV) drives selective policy: test rules on a small slice before rolling out fleet-wide. Quick start
# fleet.csv
ServerIP,Group
10.0.12.34,aws
10.1.5.7,azure
10.2.9.11,gcp
192.168.1.20,private # Deploy agents to EKS
kubectl apply -f sentrilite.yaml # Generate a couple signals in a debug pod
nc -l 5000 & # listener gets flagged
cat /etc/passwd >/dev/null # sensitive file read # Simulate OOMKilled
kubectl run oom-demo --restart=Never --image=busybox:1.36 \
--overrides='{"apiVersion":"v1","spec":{"containers":[{"name":"hog","image":"busybox:1.36","command":["/bin/sh","-lc","i=0; while :; do dd if=/dev/zero of=/dev/shm/f$i bs=1M count=64 conv=fsync; i=$((i+1)); done"],"resources":{"requests":{"memory":"32Mi"},"limits":{"memory":"64Mi"}}}]}}' Try it Demo video: https://youtu.be/FmFUs0ZhdIY GitHub quick start (free): https://github.com/sentrilite/sentrilite Notes Runs in your cluster; you control data flow. Looking for feedback on: rule UX, fleet grouping model, and what you’d want in the PDF/alert context. Happy to answer questions and share more internals if folks are interested. |