Skip to main content

rad-sync

Overview

The rad-sync plugin synchronizes Kubernetes resources and configurations with RAD Security, ensuring that your security platform has up-to-date information about your cluster’s state, policies, and configurations.

How It Works

The rad-sync plugin operates as a Kubernetes controller that:
  • Resource Discovery: Automatically discovers Kubernetes resources across namespaces
  • Configuration Sync: Synchronizes RBAC policies, network policies, and security configurations
  • State Monitoring: Tracks changes to cluster state and security posture
  • Data Transmission: Securely transmits data to RAD Security for analysis

Synchronized Resources

The plugin synchronizes the following Kubernetes resources:
  • RBAC Resources: Roles, RoleBindings, ClusterRoles, ClusterRoleBindings
  • Network Policies: NetworkPolicy resources and their configurations
  • Security Contexts: Pod security contexts and security policies
  • Service Accounts: Service account configurations and bindings
  • ConfigMaps: Security-related configuration data
  • Secrets: Security-related secrets (metadata only)

Configuration

The RAD Sync component has configurable parameters:
Environment VariableDefault ValueDescription
SYNC_INTERVAL5mInterval between synchronization cycles
BATCH_SIZE100Number of resources to process per batch
ENABLE_RBAC_SYNCtrueEnable RBAC resource synchronization
ENABLE_NETWORK_SYNCtrueEnable network policy synchronization
ENABLE_SECRET_SYNCfalseEnable secret metadata synchronization

Security Considerations

  • Read-Only Access: The plugin only reads Kubernetes resources, never modifies them
  • Data Privacy: Sensitive data is filtered and only metadata is transmitted
  • Encryption: All data transmission is encrypted in transit
  • RBAC: Uses minimal required permissions for resource access

Troubleshooting

Common Issues

  1. Permission Denied: Ensure the plugin has necessary RBAC permissions
  2. Sync Failures: Check network connectivity to RAD Security API
  3. Resource Limits: Monitor memory usage for large clusters

Monitoring

The plugin exposes metrics for monitoring:
  • rad_sync_resources_total - Total resources synchronized
  • rad_sync_duration_seconds - Synchronization duration
  • rad_sync_errors_total - Number of synchronization errors
For additional configuration options, see the chart values file.