1 of 1

Support Matrix

KubeArmor supports following types of workloads:

K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider

K8s engine

OS Image

Arch

Audit Rules

Blocking Rules

LSM Enforcer

Remarks

Onprem

kubeadm, , , microk8s

x86_64, ARM

✔️

, AppArmor

Google

x86_64

✔️

, AppArmor

All

Google

Ubuntu >= 16.04

x86_64

✔️

, AppArmor

All

Microsoft

Ubuntu >= 18.04

x86_64

✔️

, AppArmor

Oracle

>=7

x86_64

✔️

IBM

Ubuntu

x86_64

✔️

, AppArmor

Talos

x86_64

✔️

AWS

Amazon Linux 2 (kernel >=5.8)

x86_64

✔️

AWS

Ubuntu

x86_64

✔️

AppArmor

AWS

x86_64

✔️

AWS

x86_64

✔️

AWS

Ubuntu

ARM

✔️

AppArmor

AWS

Amazon Linux 2

ARM

✔️

❌

✔️

SELinux

RedHat

<=8.4

x86_64

✔️

❌

✔️

SELinux

RedHat

>=8.5

x86_64

✔️

RedHat

>=9.2

x86_64

✔️

Rancher

x86_64

✔️

, AppArmor

Rancher

x86_64

✔️

, AppArmor

Oracle

ARM

✔️

❌

✔️

SELinux

VMware

TBD

x86_64

🚧

Mirantis

Ubuntu>=20.04

x86_64

✔️

AppArmor

Digital Ocean

Debian GNU/Linux 11 (bullseye)

x86_64

✔️

Alibaba Cloud

Alibaba Cloud Linux 3.2104 LTS

x86_64

✔️

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider

Distro

VM / Bare-metal

Kubernetes

SUSE

SUSE Enterprise 15

Full

Debian

Full

Ubuntu

18.04 / 16.04 / 20.04

Full

RedHat / CentOS

RHEL / CentOS <= 8.4

Full

Partial

RedHat / CentOS

RHEL / CentOS >= 8.5

Full

Fedora

Fedora 34 / 35

Full

Rocky Linux

Rocky Linux >= 8.5

Full

AWS

Amazon Linux 2022

Full

AWS

Amazon Linux 2023

Full

RaspberryPi (ARM)

Debian

Full

ArchLinux

ArchLinux-6.2.1

Full

Alibaba

Alibaba Cloud Linux 3.2104 LTS 64 bit

Full

Note Full: Supports both enforcement and observability Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.

Support Matrix

KubeArmor supports following types of workloads:

K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider

K8s engine

OS Image

Arch

Audit Rules

Blocking Rules

LSM Enforcer

Remarks

Onprem

kubeadm, , , microk8s

x86_64, ARM

✔️

, AppArmor

Google

x86_64

✔️

, AppArmor

All

Google

Ubuntu >= 16.04

x86_64

✔️

, AppArmor

All

Microsoft

Ubuntu >= 18.04

x86_64

✔️

, AppArmor

Oracle

>=7

x86_64

✔️

IBM

Ubuntu

x86_64

✔️

, AppArmor

Talos

x86_64

✔️

AWS

Amazon Linux 2 (kernel >=5.8)

x86_64

✔️

AWS

Ubuntu

x86_64

✔️

AppArmor

AWS

x86_64

✔️

AWS

x86_64

✔️

AWS

Ubuntu

ARM

✔️

AppArmor

AWS

Amazon Linux 2

ARM

✔️

❌

✔️

SELinux

RedHat

<=8.4

x86_64

✔️

❌

✔️

SELinux

RedHat

>=8.5

x86_64

✔️

RedHat

>=9.2

x86_64

✔️

Rancher

x86_64

✔️

, AppArmor

Rancher

x86_64

✔️

, AppArmor

Oracle

ARM

✔️

❌

✔️

SELinux

VMware

TBD

x86_64

🚧

Mirantis

Ubuntu>=20.04

x86_64

✔️

AppArmor

Digital Ocean

Debian GNU/Linux 11 (bullseye)

x86_64

✔️

Alibaba Cloud

Alibaba Cloud Linux 3.2104 LTS

x86_64

✔️

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider

Distro

VM / Bare-metal

Kubernetes

SUSE

SUSE Enterprise 15

Full

Debian

Full

Ubuntu

18.04 / 16.04 / 20.04

Full

RedHat / CentOS

RHEL / CentOS <= 8.4

Full

Partial

RedHat / CentOS

RHEL / CentOS >= 8.5

Full

Fedora

Fedora 34 / 35

Full

Rocky Linux

Rocky Linux >= 8.5

Full

AWS

Amazon Linux 2022

Full

AWS

Amazon Linux 2023

Full

RaspberryPi (ARM)

Debian

Full

ArchLinux

ArchLinux-6.2.1

Full

Alibaba

Alibaba Cloud Linux 3.2104 LTS 64 bit

Full

Note Full: Supports both enforcement and observability Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.