KubeArmor
Search…
Multiubuntu
multiubuntu
  1. 1.
    Deployment
    To deploy the multiubuntu microservice, please run the following commands.
    1
    $ cd KubeArmor/examples/multiubuntu
    2
    ~/KubeArmor/examples/multiubuntu$ kubectl apply -f .
    Copied!
  2. 2.
    Use Cases
    To verify KubeArmor's functionalities, we provide sample security policies for the multiubuntu microservice.
    • Example 1 - Block a process execution
      • Deploy a security policy
        1
        $ cd KubeArmor/examples/multiubuntu/security-policies
        2
        .../multiubuntu/security-policies$ kubectl -n multiubuntu apply -f ksp-group-1-proc-path-block.yaml
        Copied!
      • Execute /bin/sleep inside of the ubuntu-1 pod
        1
        $ kubectl -n multiubuntu exec -it {pod name for ubuntu 1} -- bash
        2
        # sleep 1
        3
        (Permission Denied)
        Copied!
      • Check audit logs
        1
        $ kubectl -n kube-system exec -it {KubeArmor in the node where ubuntu 1 is located} -- tail /tmp/kubearmor.log
        Copied!
    • Example 2 - Block a file access
      • Deploy a security policy
        1
        $ cd security-policies
        2
        .../multiubuntu/security-policies$ kubectl -n multiubuntu apply -f ksp-ubuntu-5-file-dir-recursive-block.yaml
        Copied!
      • Access /credentials/password inside of the ubuntu-5 pod
        1
        $ kubectl -n multiubuntu exec -it {pod name for ubuntu 5} -- bash
        2
        # cat cat /credentials/password
        3
        (Permission Denied)
        Copied!
      • Check audit logs
        1
        $ kubectl -n kube-system exec -it {KubeArmor in the node where ubuntu 5 is located} -- tail /tmp/kubearmor.log
        Copied!
Last modified 1mo ago
Export as PDF
Copy link