KubeArmor
Search
K

Support Matrix

KubeArmor supports following types of workloads:
  1. 1.
    K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
  2. 2.
    Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
  3. 3.
    VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider
K8s engine
OS Image
Arch
Audit Rules
Blocking Rules
LSM Enforcer
Remarks
Onprem
kubeadm, k0s, k3s, microk8s
Distros
x86_64, ARM
BPFLSM, AppArmor
Google
GKE
COS
x86_64
BPFLSM, AppArmor
Google
GKE
Ubuntu >= 16.04
x86_64
BPFLSM, AppArmor
Microsoft
AKS
Ubuntu >= 18.04
x86_64
BPFLSM, AppArmor
Oracle
OKE
UEK >=7
x86_64
BPFLSM
IBM
Ubuntu
x86_64
BPFLSM, AppArmor
AWS
EKS
Amazon Linux 2 (kernel >=5.8)
x86_64
BPFLSM
AWS
EKS
Amazon Linux 2 (kernel <=5.4)
x86_64
SELinux
AWS
EKS
Ubuntu
x86_64
AppArmor
AWS
EKS
x86_64
BPFLSM
AWS
Graviton
Ubuntu
ARM
AppArmor
AWS
Graviton
Amazon Linux 2
ARM
SELinux
RedHat
OpenShift
RHEL <=8.4
x86_64
SELinux
RedHat
OpenShift
RHEL >=8.5
x86_64
BPFLSM
RedHat
RHEL >=9.2
x86_64
BPFLSM
Rancher
RKE
SUSE
x86_64
BPFLSM, AppArmor
Rancher
K3S
Distros
x86_64
BPFLSM, AppArmor
Oracle
Ampere
UEK
ARM
SELinux
1084
VMware
Tanzu
TBD
x86_64
🚧
🚧
🚧
🚧
🚧
1064
Mirantis
MKE
Ubuntu>=20.04
x86_64
AppArmor
1181
Digital Ocean
DOKS
Debian GNU/Linux 11 (bullseye)
x86_64
BPFLSM
1120

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:
Provider
Distro
VM / Bare-metal
Kubernetes
SUSE
SUSE Enterprise 15
Full
Full
Debian
Full
Full
Ubuntu
18.04 / 16.04 / 20.04
Full
Full
RedHat / CentOS
RHEL / CentOS <= 8.4
Full
Partial
RedHat / CentOS
RHEL / CentOS >= 8.5
Full
Full
Fedora
Fedora 34 / 35
Full
Full
Rocky Linux
Rocky Linux >= 8.5
Full
Full
AWS
Amazon Linux 2022
Full
Full
AWS
Amazon Linux 2023
Full
Full
RaspberryPi (ARM)
Debian
Full
Full
ArchLinux
ArchLinux-6.2.1
Full
Full
Note Full: Supports both enforcement and observability Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.
It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.