# Support Matrix KubeArmor supports following types of workloads: 1. **K8s orchestrated**: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a [k8s daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/). Note, KubeArmor supports policy enforcement on both k8s-pods ([KubeArmorPolicy](https://docs.kubearmor.io/kubearmor/documentation/security_policy_specification)) as well as k8s-nodes ([KubeArmorHostPolicy](https://docs.kubearmor.io/kubearmor/documentation/host_security_policy_specification)). 2. **Containerized**: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in [systemd mode](https://docs.kubearmor.io/kubearmor/quick-links/kubearmor_vm) can be used to protect such workloads. 3. **VM/Bare-Metals**: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in [systemd mode](https://docs.kubearmor.io/kubearmor/quick-links/kubearmor_vm). ## Kubernetes Support Matrix | Provider | K8s engine | OS Image | Arch | [Observability](https://docs.kubearmor.io/kubearmor/use-cases/workload_visibility) | Audit Rules | Blocking Rules | [Network-Segmentation](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/network_segmentation.md) | LSM Enforcer | Remarks | | :-----------: | :------------------------------------------------------------------------------------------: | :----------------------------------------------------------------------------------------: | :----------: | :--------------------------------------------------------------------------------: | :------------------: | :------------------: | :--------------------------------------------------------------------------------------------------------------: | :-------------------------------------------------------------------: | :-------------------------------------------------------------------------------------------------: | | Onprem | kubeadm, [k0s](https://k0sproject.io), [k3s](https://www.rancher.com/products/k3s), microk8s | [Distros](#Supported-Linux-Distributions) | x86\_64, ARM | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | | | Google | [GKE](https://cloud.google.com/kubernetes-engine) | [COS](https://cloud.google.com/container-optimized-os/docs/concepts/features-and-benefits) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | All [release channels](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels) | | Google | [GKE](https://cloud.google.com/kubernetes-engine) | Ubuntu >= 16.04 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | All [release channels](https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels) | | Microsoft | [AKS](https://azure.microsoft.com/) | Ubuntu >= 18.04 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | | | Oracle | [OKE](https://www.oracle.com/cloud/cloud-native/container-engine-kubernetes/) | [UEK](https://docs.oracle.com/en/operating-systems/uek/) >=7 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | [Oracle Linux Server 8.7](https://docs.oracle.com/en/operating-systems/oracle-linux/8/relnotes8.7/) | | IBM | [IKS](https://www.ibm.com/cloud/kubernetes-service) | Ubuntu | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | | | Talos | [Talos k8s](https://www.siderolabs.com/platform/talos-os-for-kubernetes/) | Talos | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | [1540](https://github.com/kubearmor/KubeArmor/issues/1540) | | AWS | [EKS](https://aws.amazon.com/eks/) | Amazon Linux 2 (kernel >=5.8) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | | | AWS | [EKS](https://aws.amazon.com/eks/) | Ubuntu | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | AppArmor | | | AWS | [EKS](https://aws.amazon.com/eks/) | [Bottlerocket](https://github.com/bottlerocket-os/bottlerocket#bottlerocket-os) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | | | AWS | [EKS-Auto-Mode](https://aws.amazon.com/eks/auto-mode/) | [Bottlerocket](https://github.com/bottlerocket-os/bottlerocket#bottlerocket-os) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | | | AWS | [Graviton](https://aws.amazon.com/ec2/graviton/) | Ubuntu | ARM | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | AppArmor | | | AWS | [Graviton](https://aws.amazon.com/ec2/graviton/) | Amazon Linux 2 | ARM | :heavy\_check\_mark: | :heavy\_check\_mark: | :x: | :heavy\_check\_mark: | SELinux | | | RedHat | [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) | [RHEL](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) <=8.4 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :x: | :heavy\_check\_mark: | SELinux | | | RedHat | [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) | [RHEL](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) >=8.5 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | | | RedHat | [MicroShift](https://microshift.io/) | [RHEL](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) >=9.2 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | | | Rancher | [RKE](https://rancher.com/docs/rke/latest/en/) | [SUSE](https://www.suse.com/) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | | | Rancher | [K3S](https://www.rancher.com/products/k3s) | [Distros](#Supported-Linux-Distributions) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484), AppArmor | | | Oracle | [Ampere](https://www.oracle.com/in/cloud/compute/arm/) | [UEK](https://docs.oracle.com/en/operating-systems/uek/) | ARM | :heavy\_check\_mark: | :heavy\_check\_mark: | :x: | :heavy\_check\_mark: | SELinux | [1084](https://github.com/kubearmor/KubeArmor/issues/1084) | | VMware | [Tanzu](https://tanzu.vmware.com/kubernetes-grid) | TBD | x86\_64 | :construction: | :construction: | :construction: | :construction: | :construction: | [1064](https://github.com/kubearmor/KubeArmor/issues/1064) | | Mirantis | [MKE](https://www.mirantis.com/software/mirantis-kubernetes-engine/) | Ubuntu>=20.04 | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | AppArmor | [1181](https://github.com/kubearmor/KubeArmor/issues/1181) | | Digital Ocean | [DOKS](https://www.digitalocean.com/products/kubernetes/) | Debian GNU/Linux 11 (bullseye) | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | [1120](https://github.com/kubearmor/KubeArmor/issues/1120) | | Alibaba Cloud | [Alibaba](https://www.alibabacloud.com/) | Alibaba Cloud Linux 3.2104 LTS | x86\_64 | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | :heavy\_check\_mark: | [BPFLSM](https://github.com/kubearmor/KubeArmor/issues/484) | [1650](https://github.com/kubearmor/KubeArmor/issues/1650) | ## Supported Linux Distributions Following distributions are tested for VM/Bare-metal based installations: | Provider | Distro | VM / Bare-metal | Kubernetes | | ----------------- | --------------------------------------------------------------------------------------------------------- | --------------- | ---------- | | SUSE | SUSE Enterprise 15 | Full | Full | | Debian | [Buster](https://www.debian.org/releases/buster/) / [Bullseye](https://www.debian.org/releases/bullseye/) | Full | Full | | Ubuntu | 18.04 / 16.04 / 20.04 | Full | Full | | RedHat / CentOS | RHEL / CentOS <= 8.4 | Full | Partial | | RedHat / CentOS | RHEL / CentOS >= 8.5 | Full | Full | | Fedora | Fedora 34 / 35 | Full | Full | | Rocky Linux | Rocky Linux >= 8.5 | Full | Full | | AWS | Amazon Linux 2022 | Full | Full | | AWS | Amazon Linux 2023 | Full | Full | | RaspberryPi (ARM) | Debian | Full | Full | | ArchLinux | ArchLinux-6.2.1 | Full | Full | | Alibaba | Alibaba Cloud Linux 3.2104 LTS 64 bit | Full | Full | > **Note**\ > Full: Supports both enforcement and observability\ > Partial: Supports only observability ### Platform I am interested is not listed here! What can I do? Please approach the Kubearmor community on [slack](https://cloud-native.slack.com/archives/C07EF44HWQM) or [raise](https://github.com/kubearmor/KubeArmor/issues/new/choose) a GitHub issue to express interest in adding the support. It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.