KubeArmor
Search…
KubeArmor
Getting Started
Deployment Guide
Security Policy Specification for Containers
Security Policy Examples for Containers
Security Policy Specification for Nodes/VMs
Security Policy Examples for Nodes/VMs
Contribution
Contribution Guide
Development Guide
Testing Guide
Reference
Kubernetes Installation for Ubuntu
Kubernetes Installation for Fedora
Supported Capability List
Examples
Multiubuntu
Sock-Shop
Wordpress-MySQL
Powered By GitBook
Deployment Guide
If you do not have a k8s cluster, check the pre-requisites to setup one.
If you want to try KubeArmor directly on the host without k8s, run KubeArmor in systemd mode.
Check the KubeArmor support matrix to verify if your platform is supported.

Deployment Steps

1. Download and install karmor cli-tool

curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin

2. Install KubeArmor

karmor install
Output of karmor install
It is assumed that the k8s cluster is already present/reachable setup with the required prerequisites and the user has rights to create service-accounts and cluster-role-bindings.

3. Deploying sample app and policies

a. Deploy sample multiubuntu app

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/examples/multiubuntu/multiubuntu-deployment.yaml

b. Deploy sample policies

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/examples/multiubuntu/security-policies/ksp-group-1-proc-path-block.yaml
This sample policy blocks execution of sleep command in ubuntu-1 pods.

c. Simulate policy violation

$ POD_NAME=$(kubectl get pods -n multiubuntu -l "group=group-1,container=ubuntu-1" -o jsonpath='{.items[0].metadata.name}') && kubectl -n multiubuntu exec -it $POD_NAME -- bash
# sleep 1
(Permission Denied)

4. Getting Alerts/Telemetry from KubeArmor

a. Enable port-forwarding for KubeArmor relay (if needed)

kubectl port-forward -n kube-system svc/kubearmor 32767:32767

b. Observing logs using karmor cli

karmor log

Manual YAML based KubeArmor deployment

  1. 1.
    generic
  2. 2.
    docker
  3. 3.
    k3s
  4. 4.
    microk8s
  5. 5.
    minikube
  6. 6.
    GKE
  7. 7.
    EKS
  8. 8.
    AKS
NOTE
  • "docker": KubeArmor deployment for self-managed k8s with docker (v18.09 and below).
  • "generic": KubeArmor deployment for self-managed k8s with containerd and docker (v18.09 and above).

K8s platforms tested

  1. 1.
    Self-managed (on-prem) k8s
  2. 2.
    Local k8s engines (k3s, microk8s, and minikube)
  3. 3.
    Google Kubernetes Engine (GKE) with Container Optimized OS (COS)
  4. 4.
    GKE with Ubuntu image
  5. 5.
    Amazon Elastic Kubernetes Service (EKS)
  6. 6.
    Azure Kubernetes Service (AKS)

Prerequisites

Previous
KubeArmor
Next - Getting Started
Security Policy Specification for Containers
Last modified 3mo ago
Export as PDF
Copy link
On this page
Deployment Steps
1. Download and install karmor cli-tool
2. Install KubeArmor
3. Deploying sample app and policies
4. Getting Alerts/Telemetry from KubeArmor
Manual YAML based KubeArmor deployment
K8s platforms tested
Prerequisites