Skip to content

v0.11 Release Blog

Rahul Jadhav edited this page Aug 14, 2023 · 39 revisions

KubeArmor v0.11 Release: Elevating Container Security for Kubernetes Environments

We're thrilled to introduce the latest release of KubeArmor, version v0.11! This significant update reinforces our commitment to providing top-tier container-level security for Kubernetes deployments. With an array of new features, integrations, and improvements, KubeArmor v0.11 empowers you to achieve even greater security and control over your containerized workloads. Let's delve into the key highlights of this release:

Operator support: Simplifying Management and Deployment

KubeArmor v0.11 comes with robust operator support, making the installation, configuration, and management of KubeArmor instances a breeze. The KubeArmor Operator streamlines the deployment process, enabling you to efficiently set up and maintain KubeArmor across your Kubernetes clusters. Embrace simplicity and consistency in managing your security policies.

OpenTelemetry

The OpenTelemetry KubeArmor receiver converts KubeArmor telemetry data (logs, visibilty events, policy violations) to the openTelemetry format. This adds opentelemetry support to KubeArmor providing a vendor agnostic means of exporting KubeArmor's telemetry data to various observability backend such as elastic search, grafana, signoz and a bunch of other opentelemetry adopters!

To enhance your observability capabilities, KubeArmor now seamlessly integrates with Open Telemetry. Gain unparalleled insights into container behavior and workload interactions through comprehensive telemetry data collection. With this integration, you'll be equipped to make informed decisions, swiftly identify anomalies, and proactively address potential security threats.

Credits: Amazing work by Maureen Ononiwu for handling OpenTelemetry integration as part of LFX Mentorship. 🚀

KubeArmor as Canonical Microk8s Addon

Microk8s is a full embedded Kubernetes platform that is lightweight yet robust and scalable and is a perfect fit for edge, embedded scenarios. KubeArmor support for Canonical MicroK8s as a community addon is merged making microk8s more secure. Microk8s with KubeArmor brings enterprise grade security to lightweight edge kubernetes environments.

Kind and Minikube Compatibility

With this release, KubeArmor extends its compatibility to Kind and Minikube clusters, enabling you to effortlessly apply KubeArmor's security policies to your local testing and development environments. Maintain consistency between testing and production while fortifying your workloads.

karmor profile

karmor logs tool provides raw telemetry out of the box. However, you may want to summarize the process, file, network, syscall events over a period of time. karmor profile introduces a way to handle the summarization. KubeArmor community followers might realize that the base profile feature was added in v0.8 release. v0.11 vastly improves the usability of the features, for e.g, by sorting the data based on process name, summarizing/aggregating well, enabling display of block based events, adding syscall related event summarization etc.

Filter

FlatCar support (Barun)

EKS Addon published (Ankur)

Helm chart updates (Rudraksh,Ramakant)

Deploying KubeArmor has never been smoother. The updated Helm chart simplifies the installation process, ensuring that you can effortlessly manage KubeArmor's security policies across your Kubernetes clusters. Spend less time configuring and more time securing. Use of KubeArmor Operator greatly simplifies the auto detection of cluster components and deploying the kubearmor accordingly. For example, no more mounting of unwanted host mount points to just detect the container runtime in use.

Announcing k8tls (pronounced cattles)

K8tls is a k8s-native service endpoint scanning engine that verifies whether the endpoint is using secure communication and whether it is using right security configuration.

  • 🔒 Check if the server port is TLS enabled or not.
  • 📃 Check TLS version, Ciphersuite, Hash, and Signature for the connection. Are these TLS parameters per the TLS best practices guide?
  • Certificate Verification
    • 💥 Is the certificate expired or revoked?
    • ✍️ Is it a self-signed certificate?
    • ⛓️ Is there a self-signed certificate in the full certificate chain?

Terraform Updates

Adopters update

  • 5G-SBP
  • IDSM

Scale testing: KubeArmor-Relay (Shreyas)

Clone this wiki locally