Skip to content

KubeArmor Support Matrix

KubeArmor supports following types of workloads:

1.K8s orchestrated workloads: Workloads deployed as k8s orchestrated containers. In this case, KubeArmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).

2.VM/Bare-Metals workloads: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host processes. In this case, KubeArmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider K8s engine OS Image Arch Observability Audit Rules Blocking Rules Network-Segmentation LSM Enforcer Remarks
Onprem kubeadm, k0s, k3s, microk8s Distros x86_64, ARM ✔ ✔ ✔ ✔ BPFLSM, AppArmor
Google GKE COS x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor All release channels
Google GKE Ubuntu >= 16.04 x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor All release channels
Microsoft AKS Ubuntu >= 18.04 x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor
Oracle OKE UEK >=7 x86_64 ✔ ✔ ✔ ✔ BPFLSM Oracle Linux Server 8.7
IBM IBM k8s Service Ubuntu x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor
AWS EKS Amazon Linux 2 (kernel >=5.8) x86_64 ✔ ✔ ✔ ✔ BPFLSM
AWS EKS Amazon Linux 2 (kernel <=5.4) x86_64 ✔ ✔ ❌ ✔ SELinux
AWS EKS Ubuntu x86_64 ✔ ✔ ✔ ✔ AppArmor
AWS EKS Bottlerocket x86_64 ✔ ✔ ✔ ✔ BPFLSM
AWS Graviton Ubuntu ARM ✔ ✔ ✔ ✔ AppArmor
AWS Graviton Amazon Linux 2 ARM ✔ ✔ ❌ ✔ SELinux
RedHat OpenShift RHEL <=8.4 x86_64 ✔ ✔ ❌ ✔ SELinux
RedHat OpenShift RHEL >=8.5 x86_64 ✔ ✔ ✔ ✔ BPFLSM
RedHat MicroShift RHEL >=9.2 x86_64 ✔ ✔ ✔ ✔ BPFLSM
Rancher RKE SUSE x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor
Rancher K3S Distros x86_64 ✔ ✔ ✔ ✔ BPFLSM, AppArmor
Oracle Ampere UEK ARM ✔ ✔ ❌ ✔ SELinux 1084
VMware Tanzu TBD x86_64 🚧 🚧 🚧 🚧 🚧 1064
Mirantis MKE Ubuntu>=20.04 x86_64 ✔ ✔ ✔ ✔ AppArmor 1181
Digital Ocean DOKS Debian GNU/Linux 11 (bullseye) x86_64 ✔ ✔ ✔ ✔ BPFLSM 1120
Alibaba Cloud Alibaba Alibaba Cloud Linux 3.2104 LTS x86_64 ✔ ✔ ✔ ✔ BPFLSM 1650

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider Distro VM / Bare-metal Kubernetes
SUSE SUSE Enterprise 15 Full Full
Debian Buster / Bullseye Full Full
Ubuntu 18.04 / 16.04 / 20.04 Full Full
RedHat / CentOS RHEL / CentOS <= 8.4 Full Partial
RedHat / CentOS RHEL / CentOS >= 8.5 Full Full
Fedora Fedora 34 / 35 Full Full
Rocky Linux Rocky Linux >= 8.5 Full Full
AWS Amazon Linux 2022 Full Full
AWS Amazon Linux 2023 Full Full
RaspberryPi (ARM) Debian Full Full
ArchLinux ArchLinux-6.2.1 Full Full
Alibaba Alibaba Cloud Linux 3.2104 LTS 64 bit Full Full

Note Full: Supports both enforcement and observability
Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.


SCHEDULE DEMO