paralus/paralus

GitHub: paralus/paralus

一款面向 Kubernetes 的统一访问管理工具,解决精细化权限控制与实时审计问题。

Stars: 1193 | Forks: 78

# Paralus ![codeql](https://static.pigsec.cn/wp-content/uploads/repos/2026/04/1407ef9a9a225221.svg) ![helm](https://img.shields.io/github/v/tag/paralus/helm-charts?label=Helm%20Chart%20Version&logo=helm&color=%230F1689&logoColor=%23f0f0f0) ![go](https://img.shields.io/github/go-mod/go-version/paralus/paralus?color=%2300ADD8&logo=go&logoColor=%2300ADD8) ![license](https://img.shields.io/github/license/paralus/paralus?color=%23D22128&label=License&logo=apache&logoColor=%23D22128) [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6823/badge)](https://bestpractices.coreinfrastructure.org/projects/6823) [Paralus](https://paralus.io) is a free, open source tool that enables controlled, audited access to Kubernetes infrastructure for your users, user groups, and services. Ships as a GUI, API, and CLI. We are a [**CNCF Sandbox project**](https://www.cncf.io/projects/paralus/) Paralus can be easily integrated with your pre-existing RBAC configuration and your SSO providers, or Identity Providers (IdP) that support OIDC (OpenID Connect). Through just-in-time service account creation and fine-grained user credential management, Paralus provides teams with an adaptable system for guaranteeing secure access to resources when necessary, along with the ability to rapidly identify and respond to threats through dynamic permission revocation and real time audit logs.

Kubernetes Goat

## Features - Creation of custom [roles, users, and groups](https://www.paralus.io/docs/usage/roles). - Dynamic and immediate changing and revoking of permissions. - Ability to control access via [pre-configured roles](https://www.paralus.io/docs/usage/) across clusters, namespaces, projects, and more. - Seamless integration with [Identity Providers (IdPs)](https://www.paralus.io/docs/single-sign-on/) allowing the use of external authentication engines for users and group definitions, such as GitHub, Google, Azure AD, Okta, and others. - [Automatic logging](https://www.paralus.io/docs/usage/audit-logs) of all user actions performed for audit and compliance purposes. - Interact with Paralus either with a modern web GUI (default), a CLI tool called [pctl](https://www.paralus.io/docs/usage/cli), or [Paralus API](https://www.paralus.io/docs/references/api-reference).

Kubernetes Goat

## Getting Started Installing and setting up Paralus takes less time than it takes to brew a (good) cup of coffee! You'll find the instructions here: - [Docs](https://www.paralus.io/docs/) - [Installation](https://www.paralus.io/docs/Installation/) ## Authors This project is maintained & supported by [Rafay](https://rafay.co). Meet the [maintainers](MAINTAINERS.md) of Paralus.
标签:API, CLI, CNCF, EVTX分析, GUI, PB级数据处理, RBAC, SSO, Web截图, web渗透, WiFi技术, 动态权限, 单点登录, 安全运维, 实时审计, 审计日志, 容器安全, 开源, 文档结构分析, 日志审计, 权限控制, 用户凭证, 访问管理