Skip to content

Latest commit

 

History

History
83 lines (70 loc) · 6.48 KB

support_matrix.md

File metadata and controls

83 lines (70 loc) · 6.48 KB

KubeArmor Support Matrix

KubeArmor supports following types of workloads:

  1. K8s orchestrated: Workloads deployed as k8s orchestrated containers. In this case, Kubearmor is deployed as a k8s daemonset. Note, KubeArmor supports policy enforcement on both k8s-pods (KubeArmorPolicy) as well as k8s-nodes (KubeArmorHostPolicy).
  2. Containerized: Workloads that are containerized but not k8s orchestrated are supported. KubeArmor installed in systemd mode can be used to protect such workloads.
  3. VM/Bare-Metals: Workloads deployed on Virtual Machines or Bare Metal i.e. workloads directly operating as host/system processes. In this case, Kubearmor is deployed in systemd mode.

Kubernetes Support Matrix

Provider K8s engine OS Image Arch Observability Audit Rules Blocking Rules Network-Segmentation LSM Enforcer Remarks
Onprem kubeadm, k3s, microk8s Distros x86_64, ARM ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor
Google GKE COS x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor All release channels
Google GKE Ubuntu >= 16.04 x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor All release channels
Microsoft AKS Ubuntu >= 18.04 x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor
Oracle OKE UEK >=7 x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM Oracle Linux Server 8.7
IBM IBM k8s Service Ubuntu x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor
AWS EKS Amazon Linux 2 (kernel >=5.8) x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM
AWS EKS Amazon Linux 2 (kernel <=5.4) x86_64 ✔️ ✔️ ✔️ SELinux
AWS EKS Ubuntu x86_64 ✔️ ✔️ ✔️ ✔️ AppArmor
AWS EKS Bottlerocket x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM
AWS Graviton Ubuntu ARM ✔️ ✔️ ✔️ ✔️ AppArmor
AWS Graviton Amazon Linux 2 ARM ✔️ ✔️ ✔️ SELinux
RedHat OpenShift RHEL <=8.4 x86_64 ✔️ ✔️ ✔️ SELinux
RedHat OpenShift RHEL >=8.5 x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM
Rancher RKE SUSE x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor
Rancher K3S Distros x86_64 ✔️ ✔️ ✔️ ✔️ BPFLSM, AppArmor
Oracle Ampere UEK ARM ✔️ ✔️ ✔️ ✔️ 1084
VMWare Tanzu TBD x86_64 🚧 🚧 🚧 🚧 🚧 1064

Supported Linux Distributions

Following distributions are tested for VM/Bare-metal based installations:

Provider Distro VM / Bare-metal Kubernetes
SUSE SUSE Enterprise 15 Full Full
Debian Buster / Bullseye Full Full
Ubuntu 18.04 / 16.04 / 20.04 Full Full
RedHat / CentOS RHEL / CentOS <= 8.4 Full Partial
RedHat / CentOS RHEL / CentOS >= 8.5 Full Full
Fedora Fedora 34 / 35 Full Full
Rocky Linux Rocky Linux >= 8.5 Full Full
AWS Amazon Linux 2022 Full Full
RaspberryPi (ARM) Debian Full Full

Note Full: Supports both enforcement and observability
Partial: Supports only observability

Platform I am interested is not listed here! What can I do?

Please approach the Kubearmor community on slack or raise a GitHub issue to express interest in adding the support.

It would be very much appreciated if you can test kubearmor on a platform not listed above and if you have access to. Once tested you can update this document and raise a PR.