Support Matrix
KubeArmor supports following types of workloads:
K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.
Kubernetes Support Matrix
Provider | K8s engine | OS Image | Arch | Audit Rules | Blocking Rules | LSM Enforcer | Remarks | ||
Onprem | x86_64, ARM | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | |||
x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | All release channels | |||
Ubuntu >= 16.04 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | All release channels | ||
Microsoft | Ubuntu >= 18.04 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | ||
Oracle | UEK >=7 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | |||
IBM | Ubuntu | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | ||
AWS | Amazon Linux 2 (kernel >=5.8) | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | |||
AWS | Amazon Linux 2 (kernel <=5.4) | x86_64 | ✔️ | ✔️ | ❌ | ✔️ | SELinux | ||
AWS | Ubuntu | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | AppArmor | ||
AWS | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | ||||
AWS | Ubuntu | ARM | ✔️ | ✔️ | ✔️ | ✔️ | AppArmor | ||
AWS | Amazon Linux 2 | ARM | ✔️ | ✔️ | ❌ | ✔️ | SELinux | ||
RedHat | RHEL <=8.4 | x86_64 | ✔️ | ✔️ | ❌ | ✔️ | SELinux | ||
RedHat | RHEL >=8.5 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | |||
RedHat | RHEL >=9.2 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | |||
Rancher | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | |||
Rancher | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | BPFLSM, AppArmor | |||
Oracle | ARM | ✔️ | ✔️ | ❌ | ✔️ | SELinux | |||
VMware | TBD | x86_64 | 🚧 | 🚧 | 🚧 | 🚧 | 🚧 | ||
Mirantis | Ubuntu>=20.04 | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | AppArmor | ||
Digital Ocean | Debian GNU/Linux 11 (bullseye) | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ | |||
Alibaba Cloud | Alibaba Cloud Linux 3.2104 LTS | x86_64 | ✔️ | ✔️ | ✔️ | ✔️ |
Supported Linux Distributions
Following distributions are tested for VM/Bare-metal based installations:
| Provider | Distro | VM / Bare-metal | Kubernetes |
|---|---|---|---|
SUSE | SUSE Enterprise 15 | Full | Full |
Debian | Full | Full | |
Ubuntu | 18.04 / 16.04 / 20.04 | Full | Full |
RedHat / CentOS | RHEL / CentOS <= 8.4 | Full | Partial |
RedHat / CentOS | RHEL / CentOS >= 8.5 | Full | Full |
Fedora | Fedora 34 / 35 | Full | Full |
Rocky Linux | Rocky Linux >= 8.5 | Full | Full |
AWS | Amazon Linux 2022 | Full | Full |
AWS | Amazon Linux 2023 | Full | Full |
RaspberryPi (ARM) | Debian | Full | Full |
ArchLinux | ArchLinux-6.2.1 | Full | Full |
Alibaba | Alibaba Cloud Linux 3.2104 LTS 64 bit | Full | Full |
Note Full: Supports both enforcement and observability Partial: Supports only observability
Platform I am interested is not listed here! What can I do?
Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.
It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.
Last updated