Support Matrix

KubeArmor supports following types of workloads:

  1. K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).

  2. Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.

  3. VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider

K8s engine

OS Image

Arch

Audit Rules

Blocking Rules

LSM Enforcer

Remarks

Onprem

x86_64, ARM

Google

x86_64

Google

Ubuntu >= 16.04

x86_64

Microsoft

Ubuntu >= 18.04

x86_64

Oracle

x86_64

IBM

Ubuntu

x86_64

AWS

Amazon Linux 2 (kernel >=5.8)

x86_64

AWS

Amazon Linux 2 (kernel <=5.4)

x86_64

SELinux

AWS

Ubuntu

x86_64

AppArmor

AWS

x86_64

AWS

Ubuntu

ARM

AppArmor

AWS

Amazon Linux 2

ARM

SELinux

RedHat

x86_64

SELinux

RedHat

x86_64

RedHat

x86_64

Rancher

x86_64

Rancher

x86_64

Oracle

ARM

SELinux

VMware

TBD

x86_64

Mirantis

Ubuntu>=20.04

x86_64

AppArmor

Digital Ocean

Debian GNU/Linux 11 (bullseye)

x86_64

Alibaba Cloud

Alibaba Cloud Linux 3.2104 LTS

x86_64

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider
Distro
VM / Bare-metal
Kubernetes

SUSE

SUSE Enterprise 15

Full

Full

Debian

Full

Full

Ubuntu

18.04 / 16.04 / 20.04

Full

Full

RedHat / CentOS

RHEL / CentOS <= 8.4

Full

Partial

RedHat / CentOS

RHEL / CentOS >= 8.5

Full

Full

Fedora

Fedora 34 / 35

Full

Full

Rocky Linux

Rocky Linux >= 8.5

Full

Full

AWS

Amazon Linux 2022

Full

Full

AWS

Amazon Linux 2023

Full

Full

RaspberryPi (ARM)

Debian

Full

Full

ArchLinux

ArchLinux-6.2.1

Full

Full

Alibaba

Alibaba Cloud Linux 3.2104 LTS 64 bit

Full

Full

Note Full: Supports both enforcement and observability Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.

PreviousGetting StartedNextDifferentiation

Last updated