Support Matrix

KubeArmor supports following types of workloads:
1.K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
2.Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
3.VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.
Kubernetes Support Matrix
Provider
K8s engine
OS Image
Arch
​Observability​
Audit Rules
Blocking Rules
​Network-Segmentation​
LSM Enforcer
Remarks
Onprem
kubeadm, k3s, microk8s
​Distros​
x86_64, ARM
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
​
Google
​GKE​
​COS​
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
All release channels​
Google
​GKE​
Ubuntu >= 16.04
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
All release channels​
Microsoft
​AKS​
Ubuntu >= 18.04
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
​
Oracle
​OKE​
​UEK >=7
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM​
​Oracle Linux Server 8.7​
IBM
​IBM k8s Service​
Ubuntu
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
​
AWS
​EKS​
Amazon Linux 2 (kernel >=5.8)
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM​
​
AWS
​EKS​
Amazon Linux 2 (kernel <=5.4)
x86_64
​✔
​
​✔
​
​❌
​
​✔
​
SELinux
​
AWS
​EKS​
Ubuntu
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
AppArmor
​
AWS
​EKS​
​Bottlerocket​
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM​
​
AWS
​Graviton​
Ubuntu
ARM
​✔
​
​✔
​
​✔
​
​✔
​
AppArmor
​
AWS
​Graviton​
Amazon Linux 2
ARM
​✔
​
​✔
​
​❌
​
​✔
​
SELinux
​
RedHat
​OpenShift​
​RHEL <=8.4
x86_64
​✔
​
​✔
​
​❌
​
​✔
​
SELinux
​
RedHat
​OpenShift​
​RHEL >=8.5
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM​
​
Rancher
​RKE​
​SUSE​
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
​
Rancher
​K3S​
​Distros​
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM, AppArmor
​
Oracle
​Ampere​
​UEK​
ARM
​✔
​
​✔
​
​❌
​
​✔
​
SELinux
​1084​
VMWare
​Tanzu​
TBD
x86_64
​🚧
​
​🚧
​
​🚧
​
​🚧
​
​🚧
​
​1064​
Mirantis
​MKE​
Ubuntu>=20.04
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
AppArmor
​1181​
Digital Ocean
​DOKS​
Debian GNU/Linux 11 (bullseye)
x86_64
​✔
​
​✔
​
​✔
​
​✔
​
​BPFLSM​
​1120​
Supported Linux Distributions
Following distributions are tested for VM/Bare-metal based installations:
Provider
Distro
VM / Bare-metal
Kubernetes
SUSE
SUSE Enterprise 15
Full
Full
Debian
​Buster / Bullseye​
Full
Full
Ubuntu
18.04 / 16.04 / 20.04
Full
Full
RedHat / CentOS
RHEL / CentOS <= 8.4
Full
Partial
RedHat / CentOS
RHEL / CentOS >= 8.5
Full
Full
Fedora
Fedora 34 / 35
Full
Full
Rocky Linux
Rocky Linux >= 8.5
Full
Full
AWS
Amazon Linux 2022
Full
Full
AWS
Amazon Linux 2023
Full
Full
RaspberryPi (ARM)
Debian
Full
Full
ArchLinux
ArchLinux-6.2.1
Full
Full
Note Full: Supports both enforcement and observability
Partial: Supports only observability
Platform I am interested is not listed here! What can I do?
Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.
It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.

Provider	Distro	VM / Bare-metal	Kubernetes
SUSE	SUSE Enterprise 15	Full	Full
Debian	Buster / Bullseye	Full	Full
Ubuntu	18.04 / 16.04 / 20.04	Full	Full
RedHat / CentOS	RHEL / CentOS <= 8.4	Full	Partial
RedHat / CentOS	RHEL / CentOS >= 8.5	Full	Full
Fedora	Fedora 34 / 35	Full	Full
Rocky Linux	Rocky Linux >= 8.5	Full	Full
AWS	Amazon Linux 2022	Full	Full
AWS	Amazon Linux 2023	Full	Full
RaspberryPi (ARM)	Debian	Full	Full
ArchLinux	ArchLinux-6.2.1	Full	Full

Last modified 1mo ago

Provider	K8s engine	OS Image	Arch	Observability	Audit Rules	Blocking Rules	Network-Segmentation	LSM Enforcer	Remarks
Onprem	kubeadm, k3s, microk8s	Distros	x86_64, ARM	✔	✔	✔	✔	BPFLSM, AppArmor
Google	GKE	COS	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor	All release channels
Google	GKE	Ubuntu >= 16.04	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor	All release channels
Microsoft	AKS	Ubuntu >= 18.04	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor
Oracle	OKE	UEK >=7	x86_64	✔	✔	✔	✔	BPFLSM	Oracle Linux Server 8.7
IBM	IBM k8s Service	Ubuntu	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor
AWS	EKS	Amazon Linux 2 (kernel >=5.8)	x86_64	✔	✔	✔	✔	BPFLSM
AWS	EKS	Amazon Linux 2 (kernel <=5.4)	x86_64	✔	✔	❌	✔	SELinux
AWS	EKS	Ubuntu	x86_64	✔	✔	✔	✔	AppArmor
AWS	EKS	Bottlerocket	x86_64	✔	✔	✔	✔	BPFLSM
AWS	Graviton	Ubuntu	ARM	✔	✔	✔	✔	AppArmor
AWS	Graviton	Amazon Linux 2	ARM	✔	✔	❌	✔	SELinux
RedHat	OpenShift	RHEL <=8.4	x86_64	✔	✔	❌	✔	SELinux
RedHat	OpenShift	RHEL >=8.5	x86_64	✔	✔	✔	✔	BPFLSM
Rancher	RKE	SUSE	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor
Rancher	K3S	Distros	x86_64	✔	✔	✔	✔	BPFLSM, AppArmor
Oracle	Ampere	UEK	ARM	✔	✔	❌	✔	SELinux	1084
VMWare	Tanzu	TBD	x86_64	🚧	🚧	🚧	🚧	🚧	1064
Mirantis	MKE	Ubuntu>=20.04	x86_64	✔	✔	✔	✔	AppArmor	1181
Digital Ocean	DOKS	Debian GNU/Linux 11 (bullseye)	x86_64	✔	✔	✔	✔	BPFLSM	1120