KubeArmor
  • KubeArmor
  • Quick Links
    • Getting Started
    • Support Matrix
    • Differentiation
    • VM/Bare-Metal Deployment
  • Use-Cases
    • Harden Infrastructure
    • Least Permissive Access
    • Application Behavior
    • Advanced
    • ModelArmor Overview
      • Pickle Code Injection PoC
      • Adversarial Attacks on Deep Learning Models
      • Deploy PyTorch App with ModelKnox
  • Documentation
    • KubeArmor Events
    • Control Telemetry/Visibility
    • Security Posture
    • Policy Spec for Containers
    • Policy Examples for Containers
    • Cluster Policy Spec for Containers
    • Cluster Policy Examples for Containers
    • Policy Spec for Nodes/VMs
    • Policy Examples for Nodes/VMs
    • FAQs
  • Contribution
    • Contribution Guide
    • Development Guide
    • Testing Guide
Powered by GitBook
On this page
  • Kubernetes Support Matrix
  • Supported Linux Distributions
  • Platform I am interested is not listed here! What can I do?

Was this helpful?

Edit on GitHub
Export as PDF
  1. Quick Links

Support Matrix

PreviousGetting StartedNextDifferentiation

Last updated 2 months ago

Was this helpful?

KubeArmor supports following types of workloads:

  1. K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a . Note, KubeArmor supports policy enforcement on both k8s-pods () as well as k8s-nodes ().

  2. Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in can be used to protect such workloads.

  3. VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in .

Kubernetes Support Matrix

Provider

K8s engine

OS Image

Arch

Audit Rules

Blocking Rules

LSM Enforcer

Remarks

Onprem

x86_64, ARM

Google

x86_64

Google

Ubuntu >= 16.04

x86_64

Microsoft

Ubuntu >= 18.04

x86_64

Oracle

x86_64

IBM

Ubuntu

x86_64

Talos

Talos

x86_64

AWS

Amazon Linux 2 (kernel >=5.8)

x86_64

AWS

Ubuntu

x86_64

AppArmor

AWS

x86_64

AWS

x86_64

AWS

Ubuntu

ARM

AppArmor

AWS

Amazon Linux 2

ARM

SELinux

RedHat

x86_64

SELinux

RedHat

x86_64

RedHat

x86_64

Rancher

x86_64

Rancher

x86_64

Oracle

ARM

SELinux

VMware

TBD

x86_64

Mirantis

Ubuntu>=20.04

x86_64

AppArmor

Digital Ocean

Debian GNU/Linux 11 (bullseye)

x86_64

Alibaba Cloud

Alibaba Cloud Linux 3.2104 LTS

x86_64

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider
Distro
VM / Bare-metal
Kubernetes

SUSE

SUSE Enterprise 15

Full

Full

Debian

Full

Full

Ubuntu

18.04 / 16.04 / 20.04

Full

Full

RedHat / CentOS

RHEL / CentOS <= 8.4

Full

Partial

RedHat / CentOS

RHEL / CentOS >= 8.5

Full

Full

Fedora

Fedora 34 / 35

Full

Full

Rocky Linux

Rocky Linux >= 8.5

Full

Full

AWS

Amazon Linux 2022

Full

Full

AWS

Amazon Linux 2023

Full

Full

RaspberryPi (ARM)

Debian

Full

Full

ArchLinux

ArchLinux-6.2.1

Full

Full

Alibaba

Alibaba Cloud Linux 3.2104 LTS 64 bit

Full

Full

Note Full: Supports both enforcement and observability Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.

kubeadm, , , microk8s

, AppArmor

, AppArmor

All

, AppArmor

All

, AppArmor

>=7

, AppArmor

<=8.4

>=8.5

>=9.2

, AppArmor

, AppArmor

/

Please approach the Kubearmor community on or a GitHub issue to express interest in adding the support.

k8s daemonset
KubeArmorPolicy
KubeArmorHostPolicy
systemd mode
systemd mode
slack
raise
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
❌
✔️
✔️
✔️
❌
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
❌
✔️
🚧
🚧
🚧
🚧
🚧
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
✔️
Observability
Network-Segmentation
k0s
k3s
BPFLSM
GKE
COS
BPFLSM
release channels
GKE
BPFLSM
release channels
AKS
BPFLSM
OKE
UEK
BPFLSM
Oracle Linux Server 8.7
IKS
BPFLSM
Talos k8s
BPFLSM
1540
EKS
BPFLSM
EKS
EKS
Bottlerocket
BPFLSM
EKS-Auto-Mode
Bottlerocket
BPFLSM
Graviton
Graviton
OpenShift
RHEL
OpenShift
RHEL
BPFLSM
MicroShift
RHEL
BPFLSM
RKE
SUSE
BPFLSM
K3S
BPFLSM
Ampere
UEK
1084
Tanzu
1064
MKE
1181
DOKS
BPFLSM
1120
Alibaba
BPFLSM
1650
Buster
Bullseye
Distros
Distros