KubeArmor Design
KubeArmor Design
KubeArmor operates with Linux security modules (LSMs), while using eBPF to be able to track the syscalls that are happening. When deployed on a Kubernetes workload, KubeArmor is designed to be able to apply policies to pods or nodes, and additionally automatically apply policies as changes occur to the deployments.
Today KubeArmor natively uses AppArmor, and SELinux for security enforcement.
Addition of Seccomp based policies, eBPF LSM and other run-time protection mechanisms is in the roadmap to enhance runtime protection.
Last modified 1mo ago
Export as PDF
Copy link