RealTheory captures Kubernetes-native metadata and resource telemetry for execution and performance assessment and explicitly excludes any user data or payloads. All data is encrypted in transit (TLS 1.2+), with role-based access controls and configurable retention policies.
Broadly, RealTheory collects:
-
Cluster and workload metadata
- Kubernetes object specs and statuses associated with nodes, namespaces, deployments, pods, etc.
- Names, labels, selectors, annotations, and other ancillary data associated with nodes, namespaces, deployments, pods, etc.
- Execution configuration (CPU/memory requests, limits, quotas, replicas, etc.)
-
Resource usage metrics
- Time-series performance metrics (CPU, memory, I/O, etc.)
- Allocation, utilization, and usage data for rightsizing analysis
- Event-driven signals (OOM kills, throttling events, etc.)
-
Cost metadata
- Cloud provider, region, zone, and SKU identifiers
- Aggregated usage metrics for compute, storage, networking, and supporting infrastructure (no raw billing files)
-
Security/vulnerability data (optional)
- Image metadata (names, tags, digests) for scanning only; no container filesystem ingestion
- Registry credentials are encrypted in transit and at rest; vulnerabilities are stored as findings only
What RealTheory does not capture:
- Application payloads or user-generated data
- Network traffic contents
- Secrets, passwords, or personally identifiable information (PII)
- Customer billing files from CSPs