KubeArmor on VM/Bare-Metal¶
KubeArmor is a Runtime Security engine that can protect your applications from unknown threats.
This recipe explains how to use KubeArmor directly on VM/Bare-Metal host and was tested on Ubuntu hosts. The recipe installs
kubearmor as systemd process and
karmor cli tool to manage policies and show alerts/telemetry.
Download and Install KubeArmor¶
- Install pre-requisites
sudo apt install bpfcc-tools linux-headers-$(uname -r)
- Download the latest release of KubeArmor
- Install KubeArmor
sudo dpkg -i kubearmor_0.1_linux-amd64.deb
sudo systemctl start kubearmor
Check kubearmor status using
sudo systemctl status kubearmor or use
sudo journalctl -u kubearmor -f to continuously monitor kubearmor logs.
Apply sample policy¶
Following policy is to deny execution of
sleep binary on the host:
1 2 3 4 5 6 7 8 9 10
Save the above policy to
sleepdenypolicy.yaml and apply:
karmor vm policy add sleepdenypolicy.yaml
Now if you run
sleep command, the process would be denied execution.
Get Alerts for policies and telemetry¶
karmor log --json
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19