EKS Amazon Linux 2
Overview¶
This user journey guides you to install and verify the compatibility of Kuberarmor on EKS Amazon Linux 2 by applying policies on Kubernetes workloads.
Note: As of now KubeArmor for EKS Amazon Linux 2 will only Support for Audit mode. In the upcoming updates it will also support Enforcements, such as Allow and Block.
Step 1: Create a EKS-Cluster using AWS Console¶
Once the nodegroup is created, Install EKS CTL, AWS CLI, Helm tools
aws configure
eksctl get cluster
aws eks --region us-west-1 update-kubeconfig --name eks-amazon-kubearmor
kubectl get nodes
kubectl get svc
Step 2: Karmor Install¶
Install Karmor CLI:
curl -sfL https://raw.githubusercontent.com/kubearmor/kubearmor-client/main/install.sh | sudo sh -s -- -b /usr/local/bin
karmor install

karmor version
Karmor Verify:
kubectl get pods -n kube-system | grep kubearmor
Step 3: Kubearmor Policy on Process Level¶
1. Create a nginx deployment
kubectl create deployment nginx --image nginx
kubectl get pods --show-labels
2. Explore the Policy
cat nginx-kubearmor-policy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
name: nginx-kubearmor-policy
# namespace: accuknox-agents # Change your namespace
spec:
selector:
matchLabels:
app: nginx # use your own label here
process:
severity: 3
matchPaths:
- path: /usr/bin/touch
- path: /bin/rm
- path: /bin/chmod
- path: /usr/sbin/nginx
action: Audit
3. Apply the Policy
kubectl apply -f nginx-kubearmor-policy.yaml
kubectl get kubeArmorPolicy
Note: Policy will work based on matched labels. Ex: (app: nginx)
4. Violating the Policy
kubectl exec -it nginx-6799fc88d8-qdnfq -- bash
5. Kubearmor SVC port forward to Monitor the logs
kubectl port-forward -n kube-system svc/kubearmor --address 0.0.0.0 --address :: 32767:32767
6. Verifying policy Violation logs
karmor log
Step 4: Kubearmor Policy on File Level¶
1. Explore the policy
cat nginx-kubearmor-policy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
name: nginx-kubearmor-policy
# namespace: accuknox-agents # Change your namespace
spec:
selector:
matchLabels:
app: nginx # use your own label here
file:
severity: 3
matchPaths:
- path: /etc/fstab
action: Audit

2. Apply the policy
kubectl apply -f nginx-kubearmor-policy.yaml
Note: Policy will work based on matched labels. Ex: (app: nginx)
3. Violating the policy
kubectl exec -it nginx-6799fc88d8-qdnfq -- bash
4. Kubearmor SVC port forward to Monitor the logs
kubectl port-forward -n kube-system svc/kubearmor --address 0.0.0.0 --address :: 32767:32767
5. Verify the policy violation log
karmor log

Step 5: Kubearmor Policy on Directory level¶
1. Explore the policy
cat nginx-kubearmor-policy.yaml
apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
name: nginx-kubearmor-policy
# namespace: accuknox-agents # Change your namespace
spec:
selector:
matchLabels:
app: nginx # use your own label here
file:
severity: 3
matchDirectories:
- dir: /boot/
recursive: true
action: Audit
2. Apply the policy
kubectl apply -f nginx-kubearmor-policy.yaml
Note: Policy will work based on matched labels. Ex: (app: tomcat)
3. Violating the policy
kubectl exec -it nginx-6799fc88d8-qdnfq -- bash
4. Kubearmor SVC port forward to Monitor the logs
kubectl port-forward -n kube-system svc/kubearmor --address 0.0.0.0 --address :: 32767:32767
5. Verify policy violation log
karmor log