Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non K8s KubeArmor Enhancements #1815

Open
daemon1024 opened this issue Jul 24, 2024 · 5 comments
Open

Non K8s KubeArmor Enhancements #1815

daemon1024 opened this issue Jul 24, 2024 · 5 comments
Labels
enhancement New feature or request mentorship

Comments

@daemon1024
Copy link
Member

Extending features to non-k8s

  • karmor recommend for host policies and unorchestrated containers
  • Dynamic configuration for default posture, visibility - KubeArmor Unorchestrated Config Watcher #1303
    • Through kubearmor.yaml config file
    • Through new gRPC service
    • karmor commands for the same
  • Improve karmor profile for host logs
  • karmor install for VMs
  • Policy validation for non-k8s
@daemon1024 daemon1024 added enhancement New feature or request mentorship labels Jul 24, 2024
@yp969803
Copy link

/assign

@daemon1024
Copy link
Member Author

This will be part of LFX Mentorship, We will assignees through LFX/CNCF Process.

@yp969803
Copy link

@daemon1024 i am interested in the issue, can i start looking on it. Btw i am also applying for lfx term3

@daemon1024
Copy link
Member Author

@yp969803 thanks for your interest. We won't accept any PRs as of now. Happy to have a discussion, would love to have a proposal included in your cover letter.

@daemon1024
Copy link
Member Author

Hey Folks, Thanks for the interest in the mentorship. We have certain prerequisites which we expect to be included in your application. Please include details or reference to a document for the said prerequisite in your Cover Letter / Mail to the mentors / Submit it in the issue thread / DM Mentors in CNCF Slack by 20 August 11:59PM IST

Following are the details.

Non K8s KubeArmor Enhancements - https://mentorship.lfx.linuxfoundation.org/project/87d64083-e1fa-4aa4-a828-ca24e5ae96b3
Prerequisite:

  1. Setup KubeArmor in Unorchestrated mode on a BPF LSM node - https://docs.kubearmor.io/kubearmor/quick-links/kubearmor_vm
  2. Create a couple of containers using Docker on the same host
  3. Write a script (preferably in Go) to extract list of containers currently running Docker API and replace the container name in the following Policy - https://github.com/kubearmor/KubeArmor/blob/main/examples/kubearmor_containerpolicy.yaml
    Example
  • Docker container named test
  • Generated Policy will have
-  kubearmor.io/container.name: lb
+  kubearmor.io/container.name: test
  1. Apply these policies using karmor vm policy add and check violations
  2. Bonus: Automatically call the function in your script to add all of these policies

Unorchestrated Containers Guide - https://github.com/kubearmor/KubeArmor/wiki/Support-for-non-orchestrated-containers

This was referenced Oct 24, 2024
Draft
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request mentorship
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daemon1024 @yp969803