Show HN: Sentrilite: a hybrid-cloud control plane for observability and security

2 points by gaurav1086 14 hours ago

We built Sentrilite, a lightweight unified control-plane to observe and secure hybrid multi-cloud fleets (AWS, Azure, GCP, on-prem) from one place. The goal is fast onboarding, live kernel-level telemetry, fleet-wide rule targeting, and an audit-ready PDF—without stitching together 5 tools.

What’s in the demo

Fleet onboarding in seconds: upload a two-column CSV (ServerIP,Group) and the fleet view auto-populates with tiles, health, recent alerts, and AI insights.

One-command deploy to EKS: kubectl apply -f sentrilite.yaml sets a DaemonSet (one agent per node); images are auto-pulled. Click a node to see live process/file/network events enriched with Kubernetes metadata.

High-risk rules (hot-reload): target rules by Group (e.g. only aws, azure or prod). We flag nc/netcat, sensitive file reads, etc., and show the alerts immediately.

Fleet health signals: detect OOMKilled containers with exact pod/container context for fast triage.

Export PDF: one click to generate a chronological report with summaries, tags, and k8s context.

Why we built it

Hybrid fleets need a single control plane to target rules to subsets and see uniform telemetry across clouds.

We wanted eBPF-level visibility with Kubernetes context, but make onboarding dead simple.

How it works (high level)

Agents run as a DaemonSet per node, stream events to the dashboard, and apply local rules (hot-reloaded).

Grouping (Group in CSV) drives selective policy: test rules on a small slice before rolling out fleet-wide.

Quick start # fleet.csv ServerIP,Group 10.0.12.34,aws 10.1.5.7,azure 10.2.9.11,gcp 192.168.1.20,private

# Deploy agents to EKS kubectl apply -f sentrilite.yaml

# Generate a couple signals in a debug pod nc -l 5000 & # listener gets flagged cat /etc/passwd >/dev/null # sensitive file read

# Simulate OOMKilled kubectl run oom-demo --restart=Never --image=busybox:1.36 \ --overrides='{"apiVersion":"v1","spec":{"containers":[{"name":"hog","image":"busybox:1.36","command":["/bin/sh","-lc","i=0; while :; do dd if=/dev/zero of=/dev/shm/f$i bs=1M count=64 conv=fsync; i=$((i+1)); done"],"resources":{"requests":{"memory":"32Mi"},"limits":{"memory":"64Mi"}}}]}}'

Try it

Demo video: https://youtu.be/FmFUs0ZhdIY

GitHub quick start (free): https://github.com/sentrilite/sentrilite

Notes

Runs in your cluster; you control data flow.

Looking for feedback on: rule UX, fleet grouping model, and what you’d want in the PDF/alert context.

Happy to answer questions and share more internals if folks are interested.