KubeArmor
Search…
⌃K

Support Matrix

KubeArmor supports following types of workloads:
  1. 1.
    K8s orchestrated workloads: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
  2. 2.
    VM/Bare-Metals workloads: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host processes. In this case, Kubearmor is deployed in systemd mode.

K8s support matrix

Kubernetes Engine
OS Image
Support
Remarks
Yes
Supported across Stable/Regular/Rapid/ release channels
Ubuntu
Yes
Supported across Stable/Regular/Rapid/ release channels
Ubuntu
Yes
AWS EKS
Amazon Linux 2 (kernel version 5.4)
Partial
Observability/Audit mode is supported, Enforcement mode is supported for nodes/hosts only (not for k8s pods).
AWS EKS
Amazon Linux 2 (kernel version >5.7)
Yes
Support leveraging BPF LSM
AWS EKS
Ubuntu
Yes
AWS EKS
Yes
Support leveraging BPF LSM
RedHat OpenShift
Red Hat Enterprise Linux release 8.4
Partial
Observability/Audit mode is supported, Enforcement mode is not supported. (Kernel Version: 4.18.0-305.45.1.el8_4.x86_64, Openshift Version: 4.10.14)
all
Yes
Partial
Observability/Audit: Supported, Enforcement: Not Supported for k8s pods (Kernel Version 5.4.17-2136.311.6.1.el8uek.x86_64)
VMWare Tanzu
*
TBD
Nutanix
*
TBD

Supported Linux Distributions

Provider
Distro
VM / Bare-metal
Kubernetes
SUSE
SUSE Enterprise 15
Full
Full
Debian
Full
Full
Ubuntu
18.04 / 16.04 / 20.04
Full
Full
RedHat / CentOS
RHEL 8.4 / CentOS 8.4
Full
Partial
RedHat
RHEL 9 / RHEL >= 8.5 / CentOS 8 Steam
Full
Full
Fedora
Fedora 34 / 35
Full
Full
Rocky Linux
Rocky Linux >= 8.5
Full
Full
Note Full: Supports both enforcement and observability Partial: Supports only observability

When will EKS with Amazon Linux 2 be supported?

Amazon Linux 2 currently is shipped with SELinux as the LSM (Linux Security Module). KubeArmor supports SELinux only for host-based policy enforcement. On Amazon Linux 2, Kubearmor currently supports observability/policy audits using ebpf based engine.
The latest versions of Amazon Linux 2 ship with a new LSM type called BPF-LSM and Kubearmor intends to support it soon).

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.
It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR, if possible.

What local K8s platforms are supported?

Minikube, K3s and Microk8s platforms are currently supported.

Why KubeArmor does not work on kind

KubeArmor does not support Kubernetes in Docker.