Development Guide

Development
1.Vagrant Environment (Recommended)
Requirements
Here is the list of requirements for a Vagrant environment
1
Vagrant - v2.2.9
2
VirtualBox - v6.1
Copied!
Clone the KubeArmor github repository in your system
1
$ git clone https://github.com/kubearmor/KubeArmor.git
Copied!
Install Vagrant and VirtualBox in your environment, go to the vagrant path and run the setup.sh file
1
$ cd KubeArmor/contribution/vagrant
2
~/KubeArmor/contribution/vagrant$ ./setup.sh
3
~/KubeArmor/contribution/vagrant$ sudo reboot
Copied!
VM Setup using Vagrant
Now, it is time to prepare a VM for development.
To create a vagrant VM
1
~/KubeArmor/KubeArmor$ make vagrant-up
Copied!
Output will show up as ...
To get into the vagrant VM
1
~/KubeArmor/KubeArmor$ make vagrant-ssh
Copied!
Output will show up as ...
To destroy the vagrant VM
1
~/KubeArmor/KubeArmor$ make vagrant-destroy
Copied!
VM Setup using Vagrant with Ubuntu 21.10 (v5.13)
To use the recent Linux kernel v5.13 for dev env, you can run make with the NETNEXT flag set to 1 for the respective make option.
1
~/KubeArmor/KubeArmor$ make vagrant-up NETNEXT=1
Copied!
You can also make the setting static by changing NETNEXT=0 to NETNEXT=1 in the Makefile.
1
~/KubeArmor/KubeArmor$ vi Makefile
Copied!
Please Note:
You can skip the steps for the vagrant setup completely if you're directly compiling KubeArmor on any Linux distro.
Please ensure that the steps to setup K8s are followed so as to resolve any open dependencies.
2.Self-managed Kubernetes
Requirements
Here is the list of minimum requirements for self-managed Kubernetes.
1
OS - Ubuntu 18.04
2
Kubernetes - v1.19
3
Docker - 18.09 or Containerd - 1.3.7
4
Linux Kernel - v4.15
5
LSM - AppArmor
Copied!
KubeArmor is designed for Kubernetes, which means that Kubernetes should be ready in your environment. If Kubernetes is not prepared yet, please refer to Kubernetes installation guide. KubeArmor also requires either Docker or Containerd since it internally uses its APIs. KubeArmor requires LSMs to operate properly; thus, please make sure that your environment supports LSMs (at least, AppArmor). Otherwise, KubeArmor will work as Audit-Mode with no container behavior restriction.
Alternative Setup - Minikube
MiniKube does not support LSMs by default; thus, we provide the custom ISO image for testing KubeArmor on Minikube.
Please follow the instructions in Minikube installation guide.
Alternative Setup - K3s
You can also develop and test KubeArmor on K3s instead of the self-managed Kubernetes.
Please follow the instructions in K3s installation guide.
Alternative Setup - MicroK8s
You can also develop and test KubeArmor on MicroK8s instead of the self-managed Kubernetes.
Please follow the instructions in MicroK8s installation guide.
No Support - Docker Desktops
KubeArmor does not work with Docker Desktops on Windows and macOS because KubeArmor integrates with Linux-kernel native primitives (including LSMs).
Development Setup
In order to install all dependencies, please run the following command.
1
$ cd KubeArmor/contribution/self-managed-k8s
2
~/KubeArmor/contribution/self-managed-k8s$ ./setup.sh
Copied!
​setup.sh will automatically install BCC, Go, Protobuf, and some other dependencies.
Now, you are ready to develop any code for KubeArmor. Enjoy your journey with KubeArmor.
3.Environment Check
Compilation
Check if KubeArmor can be compiled on your environment without any problems.
1
$ cd KubeArmor/KubeArmor
2
~/KubeArmor/KubeArmor$ make
Copied!
If you see any error messages, please let us know the issue with the full error messages through KubeArmor's slack.
Execution
In order to directly run KubeArmor in a host (not as a container), you need to run a local proxy in advance.
1
$ kubectl proxy &
Copied!
Then, run KubeArmor on your environment.
1
$ cd KubeArmor/KubeArmor
2
~/KubeArmor/KubeArmor$ make run
Copied!
Code Directories
Here, we briefly give you an overview of KubeArmor's directories.
Source code for KubeArmor (/KubeArmor)
1
KubeArmor/
2
  BPF                  - eBPF code for system monitor
3
  common               - Libraries internally used
4
  config               - Configuration loader
5
  core                 - The main body (start point) of KubeArmor
6
  enforcer             - Runtime policy enforcer (enforcing security policies into LSMs)
7
  feeder               - gRPC-based feeder (sending audit/system logs to a log server)
8
  kvmAgent             - KubeArmor VM agent
9
  log                  - Message logger (stdout)
10
  monitor              - eBPF-based system monitor (mapping process IDs to container IDs)
11
  policy               - gRPC service to manage Host Policies for VM environments
12
  types                - Type definitions
13
protobuf/              - Protocol buffer
Copied!
Source code for KubeArmor's custom resource definition (CRD)
1
pkg/KubeArmorPolicy/      - KubeArmorPolicy CRD generated by Kube-Builder
2
pkg/KubeArmorHostPolicy/  - KubeArmorHostPolicy CRD generated by Kube-Builder
Copied!
Files for testing
1
examples/     - Example microservices for testing
2
tests/        - Automated test framework for KubeArmor
Copied!

Contribution - Previous

Contribution Guide

Next - Contribution

Testing Guide

Last modified 1mo ago

Export as PDF

Copy link

Contents

Development

Code Directories