KubeArmor
Search…
Development Guide

Development

  1. 1.
    Vagrant Environment (Recommended)
    • Requirements
      Here is the list of requirements for a Vagrant environment
      1
      Vagrant - v2.2.9
      2
      VirtualBox - v6.1
      Copied!
      Clone the KubeArmor github repository in your system
      1
      $ git clone https://github.com/kubearmor/KubeArmor.git
      Copied!
      Install Vagrant and VirtualBox in your environment, go to the vagrant path and run the setup.sh file
      1
      $ cd KubeArmor/contribution/vagrant
      2
      ~/KubeArmor/contribution/vagrant$ ./setup.sh
      3
      ~/KubeArmor/contribution/vagrant$ sudo reboot
      Copied!
    • VM Setup using Vagrant
      Now, it is time to prepare a VM for development.
      To create a vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-up
      Copied!
      Output will show up as ...
      To get into the vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-ssh
      Copied!
      Output will show up as ...
      To destroy the vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-destroy
      Copied!
    • VM Setup using Vagrant with Ubuntu 21.10 (v5.13)
      To use the recent Linux kernel v5.13 for dev env, you can run make with the NETNEXT flag set to 1 for the respective make option.
      1
      ~/KubeArmor/KubeArmor$ make vagrant-up NETNEXT=1
      Copied!
      You can also make the setting static by changing NETNEXT=0 to NETNEXT=1 in the Makefile.
      1
      ~/KubeArmor/KubeArmor$ vi Makefile
      Copied!
    • Please Note:
      You can skip the steps for the vagrant setup completely if you're directly compiling KubeArmor on any Linux distro.
      Please ensure that the steps to setup K8s are followed so as to resolve any open dependencies.
  2. 2.
    Self-managed Kubernetes
    • Requirements
      Here is the list of minimum requirements for self-managed Kubernetes.
      1
      OS - Ubuntu 18.04
      2
      Kubernetes - v1.19
      3
      Docker - 18.09 or Containerd - 1.3.7
      4
      Linux Kernel - v4.15
      5
      LSM - AppArmor
      Copied!
      KubeArmor is designed for Kubernetes, which means that Kubernetes should be ready in your environment. If Kubernetes is not prepared yet, please refer to Kubernetes installation guide. KubeArmor also requires either Docker or Containerd since it internally uses its APIs. KubeArmor requires LSMs to operate properly; thus, please make sure that your environment supports LSMs (at least, AppArmor). Otherwise, KubeArmor will work as Audit-Mode with no container behavior restriction.
      • Alternative Setup - Minikube
        MiniKube does not support LSMs by default; thus, we provide the custom ISO image for testing KubeArmor on Minikube. Please follow the instructions in Minikube installation guide.
      • Alternative Setup - K3s
        You can also develop and test KubeArmor on K3s instead of the self-managed Kubernetes. Please follow the instructions in K3s installation guide.
      • Alternative Setup - MicroK8s
        You can also develop and test KubeArmor on MicroK8s instead of the self-managed Kubernetes. Please follow the instructions in MicroK8s installation guide.
      • No Support - Docker Desktops
        KubeArmor does not work with Docker Desktops on Windows and macOS because KubeArmor integrates with Linux-kernel native primitives (including LSMs).
    • Development Setup
      In order to install all dependencies, please run the following command.
      1
      $ cd KubeArmor/contribution/self-managed-k8s
      2
      ~/KubeArmor/contribution/self-managed-k8s$ ./setup.sh
      Copied!
      setup.sh will automatically install BCC, Go, Protobuf, and some other dependencies.
      Now, you are ready to develop any code for KubeArmor. Enjoy your journey with KubeArmor.
  3. 3.
    Environment Check
    • Compilation
      Check if KubeArmor can be compiled on your environment without any problems.
      1
      $ cd KubeArmor/KubeArmor
      2
      ~/KubeArmor/KubeArmor$ make
      Copied!
      If you see any error messages, please let us know the issue with the full error messages through KubeArmor's slack.
    • Execution
      In order to directly run KubeArmor in a host (not as a container), you need to run a local proxy in advance.
      1
      $ kubectl proxy &
      Copied!
      Then, run KubeArmor on your environment.
      1
      $ cd KubeArmor/KubeArmor
      2
      ~/KubeArmor/KubeArmor$ make run
      Copied!

Code Directories

Here, we briefly give you an overview of KubeArmor's directories.
  • Source code for KubeArmor (/KubeArmor)
    1
    KubeArmor/
    2
    BPF - eBPF code for system monitor
    3
    common - Libraries internally used
    4
    config - Configuration loader
    5
    core - The main body (start point) of KubeArmor
    6
    enforcer - Runtime policy enforcer (enforcing security policies into LSMs)
    7
    feeder - gRPC-based feeder (sending audit/system logs to a log server)
    8
    kvmAgent - KubeArmor VM agent
    9
    log - Message logger (stdout)
    10
    monitor - eBPF-based system monitor (mapping process IDs to container IDs)
    11
    policy - gRPC service to manage Host Policies for VM environments
    12
    types - Type definitions
    13
    protobuf/ - Protocol buffer
    Copied!
  • Source code for KubeArmor's custom resource definition (CRD)
    1
    pkg/KubeArmorPolicy/ - KubeArmorPolicy CRD generated by Kube-Builder
    2
    pkg/KubeArmorHostPolicy/ - KubeArmorHostPolicy CRD generated by Kube-Builder
    Copied!
  • Files for testing
    1
    examples/ - Example microservices for testing
    2
    tests/ - Automated test framework for KubeArmor
    Copied!
Export as PDF
Copy link