Getting Started
curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin
karmor install
[email protected]:~$ karmor install
Auto Detected Environment : docker
CRD kubearmorpolicies.security.kubearmor.com ...
CRD kubearmorhostpolicies.security.kubearmor.com ...
Service Account ...
Cluster Role Bindings ...
KubeArmor Relay Service ...
KubeArmor Relay Deployment ...
KubeArmor DaemonSet ...
KubeArmor Policy Manager Service ...
KubeArmor Policy Manager Deployment ...
KubeArmor Host Policy Manager Service ...
KubeArmor Host Policy Manager Deployment ...
It is assumed that the k8s cluster is already present/reachable setup with the required prerequisites and the user has rights to create service-accounts and cluster-role-bindings.
kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/examples/multiubuntu/multiubuntu-deployment.yaml
kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/examples/multiubuntu/security-policies/ksp-group-1-proc-path-block.yaml
This sample policy blocks execution of
sleep
command in ubuntu-1 pods.$ POD_NAME=$(kubectl get pods -n multiubuntu -l "group=group-1,container=ubuntu-1" -o jsonpath='{.items[0].metadata.name}') && kubectl -n multiubuntu exec -it $POD_NAME -- bash
# sleep 1
(Permission Denied)
karmor logs
- 1.Self-managed (on-prem) k8s
- 2.Local k8s engines (k3s, microk8s, and minikube)
- 3.Google Kubernetes Engine (GKE) with Container Optimized OS (COS)
- 4.GKE with Ubuntu image
- 1.
- 2.
- 3.
- 4.
Last modified 2mo ago