Skip to content

Release Notes

Nandhini A edited this page Aug 17, 2021 · 5 revisions

v1.0

We are pleased to release KubeArmor v1.0.

Environments

Kubernetes Environments

  • Self-managed Kubernetes, MicroK8s
  • Google Kubernetes Engine (GKE)

Container Platforms

  • Docker
  • Containerd

LSM

  • AppArmor

Features

  • System Monitor - Monitor container behaviors at the system level
  • AppArmor Enforcer - Enforce security policies against process executions, file accesses, network operations, and capabilities permitted
  • Logger - Produce container-aware alerts and system logs and write them into standard output, log file, and gRPC
  • gRPC Client - Provide the kubearmor-log-client (https://github.com/kubearmor/kubearmor-log-client)
  • Relay Server - Provide a common interface across all KubeArmor daemons

v1.1

Environments

Kubernetes Environments

  • Minikube
  • Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS)

LSM

  • SELinux (systemd version only)

Features

  • KubeArmorPolicy

    • Add a new field "apparmor" to apply native AppArmor profiles using KubeArmorPolicy
    • Add a new field "selinux -> volumeMounts" to control the access of mounted volumes using SELinux
  • KubeArmorHostPolicy

    • Provide security policies to restrict host resource (e.g., processes and files in hosts)
  • Audit Mode

    • Provide the audit mode if no LSM is enabled in hosts, auditing the behavior of containers based on given policies
    • In the audit mode, actions are changed as follows: Allow -> Audit (Allow) Audit -> Audit Block -> Audit (Block)
  • gRPC Client

  • Telemetry

Enterprise Features

System Policy Discovery

       Coming Soon..

v1.2

Environments

Container Platforms

  • OpenShift

LSM

  • LSM eBPF

Features

Event Auditor

Bare-metal/VM Support

Clone this wiki locally