展示HN:Sentrilite:一个用于可观察性和安全性的混合云控制平面
我们构建了 Sentrilite,一个轻量级的统一控制平面,旨在从一个地方观察和保护混合多云环境(AWS、Azure、GCP、本地服务器)的集群。我们的目标是快速入驻、实时内核级遥测、全集群规则定位,以及生成审计准备好的 PDF——而无需整合五个工具。
<p>演示内容</p>
集群入驻只需几秒钟:上传一个包含两列的 CSV 文件(ServerIP, Group),集群视图会自动填充,包括图块、健康状态、最近的警报和 AI 洞察。
<p>一条命令部署到 EKS:kubectl apply -f sentrilite.yaml 设置一个 DaemonSet(每个节点一个代理);镜像会自动拉取。点击节点查看实时进程/文件/网络事件,并附带 Kubernetes 元数据。</p>
<p>高风险规则(热重载):按组(例如,仅 aws、azure 或 prod)定位规则。我们会标记 nc/netcat、敏感文件读取等,并立即显示警报。</p>
<p>集群健康信号:检测 OOMKilled 容器,并提供准确的 pod/container 上下文,以便快速处理。</p>
<p>导出 PDF:一键生成包含摘要、标签和 k8s 上下文的时间顺序报告。</p>
<p>为什么我们构建它</p>
混合集群需要一个单一的控制平面,以便将规则定位到子集,并在不同云之间查看统一的遥测数据。
<p>我们希望在 Kubernetes 上下文中实现 eBPF 级别的可见性,但让入驻过程变得极其简单。</p>
<p>工作原理(高层次)</p>
代理作为每个节点的 DaemonSet 运行,将事件流式传输到仪表板,并应用本地规则(热重载)。
<p>分组(CSV 中的 Group)驱动选择性策略:在小范围内测试规则,然后再推广到全集群。</p>
<p>快速开始</p>
# fleet.csv
ServerIP,Group
10.0.12.34,aws
10.1.5.7,azure
10.2.9.11,gcp
192.168.1.20,private
<p># 部署代理到 EKS</p>
kubectl apply -f sentrilite.yaml
<p># 在调试 pod 中生成几个信号</p>
nc -l 5000 & # 监听器被标记
cat /etc/passwd > /dev/null # 敏感文件读取
<p># 模拟 OOMKilled</p>
kubectl run oom-demo --restart=Never --image=busybox:1.36 \
--overrides='{"apiVersion":"v1","spec":{"containers":[{"name":"hog","image":"busybox:1.36","command":["/bin/sh","-lc","i=0; while :; do dd if=/dev/zero of=/dev/shm/f$i bs=1M count=64 conv=fsync; i=$((i+1)); done"],"resources":{"requests":{"memory":"32Mi"},"limits":{"memory":"64Mi"}}}]}}'
<p>试试吧</p>
演示视频:<a href="https://youtu.be/FmFUs0ZhdIY" rel="nofollow">https://youtu.be/FmFUs0ZhdIY</a>
<p>GitHub 快速开始(免费):<a href="https://github.com/sentrilite/sentrilite" rel="nofollow">https://github.com/sentrilite/sentrilite</a></p>
<p>注意事项</p>
在您的集群中运行;您控制数据流。
<p>我们希望获得关于以下方面的反馈:规则用户体验、集群分组模型,以及您希望在 PDF/警报上下文中看到的内容。</p>
<p>如果大家感兴趣,我很乐意回答问题并分享更多内部信息。</p>
查看原文
We built Sentrilite, a lightweight unified control-plane to observe and secure hybrid multi-cloud fleets (AWS, Azure, GCP, on-prem) from one place. The goal is fast onboarding, live kernel-level telemetry, fleet-wide rule targeting, and an audit-ready PDF—without stitching together 5 tools.<p>What’s in the demo<p>Fleet onboarding in seconds: upload a two-column CSV (ServerIP,Group) and the fleet view auto-populates with tiles, health, recent alerts, and AI insights.<p>One-command deploy to EKS: kubectl apply -f sentrilite.yaml sets a DaemonSet (one agent per node); images are auto-pulled. Click a node to see live process/file/network events enriched with Kubernetes metadata.<p>High-risk rules (hot-reload): target rules by Group (e.g. only aws, azure or prod). We flag nc/netcat, sensitive file reads, etc., and show the alerts immediately.<p>Fleet health signals: detect OOMKilled containers with exact pod/container context for fast triage.<p>Export PDF: one click to generate a chronological report with summaries, tags, and k8s context.<p>Why we built it<p>Hybrid fleets need a single control plane to target rules to subsets and see uniform telemetry across clouds.<p>We wanted eBPF-level visibility with Kubernetes context, but make onboarding dead simple.<p>How it works (high level)<p>Agents run as a DaemonSet per node, stream events to the dashboard, and apply local rules (hot-reloaded).<p>Grouping (Group in CSV) drives selective policy: test rules on a small slice before rolling out fleet-wide.<p>Quick start
# fleet.csv
ServerIP,Group
10.0.12.34,aws
10.1.5.7,azure
10.2.9.11,gcp
192.168.1.20,private<p># Deploy agents to EKS
kubectl apply -f sentrilite.yaml<p># Generate a couple signals in a debug pod
nc -l 5000 & # listener gets flagged
cat /etc/passwd >/dev/null # sensitive file read<p># Simulate OOMKilled
kubectl run oom-demo --restart=Never --image=busybox:1.36 \
--overrides='{"apiVersion":"v1","spec":{"containers":[{"name":"hog","image":"busybox:1.36","command":["/bin/sh","-lc","i=0; while :; do dd if=/dev/zero of=/dev/shm/f$i bs=1M count=64 conv=fsync; i=$((i+1)); done"],"resources":{"requests":{"memory":"32Mi"},"limits":{"memory":"64Mi"}}}]}}'<p>Try it<p>Demo video: <a href="https://youtu.be/FmFUs0ZhdIY" rel="nofollow">https://youtu.be/FmFUs0ZhdIY</a><p>GitHub quick start (free): <a href="https://github.com/sentrilite/sentrilite" rel="nofollow">https://github.com/sentrilite/sentrilite</a><p>Notes<p>Runs in your cluster; you control data flow.<p>Looking for feedback on: rule UX, fleet grouping model, and what you’d want in the PDF/alert context.<p>Happy to answer questions and share more internals if folks are interested.