Infrastructure●●Solid
Kubeclaw – Scale agents to be your assistant and run K8s
AI agents as K8s primitives with ephemeral RBAC per skill, not in-process monoliths.
WizardryNiche Gem
axjns
213mo ago
Back to browse
Audicia – Generate least-privilege Kubernetes RBAC from audit log
by felixnotka·Mar 4, 2026·1 point·0 comments
AI Analysis
●●●BangerSolve My ProblemBig Brain
Reverse-engineers RBAC from audit logs; solves the 403 cluster-admin doom spiral automatically.
Strengths
- •Flips RBAC from tedious manual craft to audit-log-driven generation — genuine DevOps pain point
- •Compliance scoring (0–100) flags sensitive overprivilege separately, making audit handoff immediate
- •Operator-native, runs in-cluster with no SaaS or external dependencies
Weaknesses
- •Requires audit logging already enabled (not all clusters have it turned on)
- •Adoption depends on cluster complexity — smaller clusters may not justify the operational overhead
Category
Target Audience
Kubernetes platform engineers, DevSecOps teams, enterprises with RBAC compliance requirements
Similar To
Kubewarden · Kyverno · Falco
Post Description
I built an open-source Kubernetes operator that watches audit logs and generates scoped Role/ClusterRole manifests based on what ServiceAccounts actually access.
The problem: most clusters run with overly permissive RBAC because getting it right manually is tedious.
You end up with cluster-admin bindings everywhere or spend hours crafting policies by hand.
Audicia flips it — ingest audit logs (file or webhook), normalize the access patterns, and output least-privilege RBAC.
It also diffs observed vs. granted permissions to produce a compliance score.
Everything runs as a controller in your cluster via CRDs. No SaaS, no external dependencies.
GitHub: github.com/felixnotka/audicia Website: audicia.io
Happy to answer any questions about the architecture or approach.
Similar Projects
Security●●Solid
Kubesplaining CLI that maps RBAC privilege-escalation paths in K8s
Shows attack paths through RBAC graphs when most scanners just flag misconfigurations.
Big BrainSolve My Problem
0hardik1
201mo ago
Developer Tools●Mid
Next.js internal tools boilerplate – auth, RBAC, audit logs, jobs
Next.js boilerplate claims LLM-friendly components reduce hallucinations, but ShipFast is cheaper.
SlickSolve My Problem
mrholek
1018d ago
Infrastructure●●Solid
Introducing Kite AI Agent: Conversational Operations for Kubernetes
Feature-rich Kite dashboard adds AI agent layer, but Kubernetes dashboards are well-served by Lens, Rancher, Kubeflow.
Niche GemSlick
xdasf
103mo ago
Security●●Solid
Landlook – Interactive Landlock Profiler
Kernel audit interception builds Landlock profiles iteratively when manual policy writing is painful.
Niche GemBig Brain
cnaize
313mo ago
Developer Tools●●Solid
A bunch of Apache2/MIT log generators
uvx one-liners for 10 log formats with Poisson-paced anomaly scenarios.
Solve My ProblemBig Brain
TheIronYuppie
4020h ago