pahlevan
eBPF-powered Kubernetes Security Operator
Adaptive runtime protection & policy enforcement
Why Pahlevan?
Kubernetes workloads face runtime attacks that bypass perimeter defenses.
Pahlevan delivers adaptive, kernel-level protection by learning normal workload behavior and enforcing policies proactively.
| Solution | Focus | Learns Behavior | Enforcement | Coverage |
|---|---|---|---|---|
| Pahlevan | Adaptive policy operator | Auto-learning | Proactive blocking | Syscalls • Files • Network • Processes |
| Falco | Threat detection | Manual rules | Alerts only | Runtime monitoring |
| Tetragon | Observability | Manual rules | Partial | Kernel tracing |
| Cilium | Network security | Static rules | Network only | L3–L7 traffic |
Features
- Runtime Monitoring – Syscalls, file I/O, network, processes (via eBPF)
- Adaptive Learning – Automatic workload profiling & policy generation
- Policy Enforcement – CRD-based, monitor or block mode
- Self-Healing – Auto rollback if policies disrupt workloads
- Kubernetes Native – Operator pattern & CRD integration
Quick Start
# Install
kubectl apply -f https://github.com/obsernetics/pahlevan/releases/latest/download/install.yaml
# Create policy
cat <<EOF | kubectl apply -f -
apiVersion: policy.pahlevan.io/v1alpha1
kind: PahlevanPolicy
metadata:
name: nginx-security
spec:
selector:
matchLabels:
app: nginx
learning:
enabled: true
duration: 5m
enforcement:
mode: "monitor"
selfHealing:
enabled: true
EOF
# Deploy workload
kubectl create deployment nginx --image=nginx
kubectl label deployment nginx app=nginx
# Monitor
kubectl get pahlevanpolicy nginx-security -w
Requirements
- Kubernetes v1.24+
- Linux Kernel 4.18+ with eBPF enabled
- Minimum: 256MB memory, 100m CPU
Installation
Helm (recommended):
helm repo add pahlevan https://obsernetics.github.io/pahlevan-charts
helm install pahlevan pahlevan/pahlevan-operator -n pahlevan-system --create-namespace
License
Licensed under the Apache License 2.0.