Skip to main content
KubeArmor v1.0 is here!

Runtime Security Enforcement

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

Try KubeArmor

Created By

accuknox image
architecture image

ARCHITECTURE

First K8s Security Engine to Leverage BPF-LSM

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

architecture image

FEATURES

What Makes KubeArmor Unique?

Inline Mitigation

KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments.

Simplicity with LSMs

KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities.

Flaws of Post-Attack Mitigation

Our inline approach is proactive, in contrast to post-attack mitigation, which kills processes after malicious intent is observed. Attackers are able to run code and possibly elude detection with the help of post-attack mitigation.

Challenges of Pod Security Context

K8s native Pod Security Context has limitations, including difficulties in predicting available LSMs and a lack of support for BPF-LSM.

Multi-Cloud Challenges

Dealing with pod security contexts is difficult since cloud providers use various default LSMs.

feature image
Created By

INSTALLATION

How to Install KubeArmor?

Boost your security with KubeArmor in simple steps

Download and install KubeArmor via helm chart 


helm repo add kubearmor https://kubearmor.github.io/charts

helm repo update kubearmor

helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubearmor --create-namespace

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml

For configuration options and further information

Read Documentation
installation imageWatch Installation Video

USE CASES

Monitor and Enforce Policies To Prevent Sophisticated Attacks

Behavior Restriction

Within workloads, KubeArmor limits particular behaviors of processes, file access, networking operations, and resource usage.

Runtime Policy Enforcement

Based on container or workload identities, LSMs are used to enforce security policies in real-time.

Kubernetes-Native

Policy development based on Kubernetes metadata. This allows for enhanced Kubernetes-native security enforcement.

Policy Violation Logging

Get logs for policy breaches while keeping track of container processes via eBPF.

Simplified Policy Descriptions

KubeArmor manages LSM complexity to simplify policy descriptions.

Network security

KubeArmor regulates communications between containers using network system calls.

KubeArmor is Now Available on

Install Now

VERSION CHANGELOG

Exciting Updates and Announcements

EXPANSIONS

What's new?

IoT/Edge Security

KubeArmor provides the ability to restrict specific behavior of process executions, file accesses, networking operations, and resource utilization inside of your workload level.

Learn More

5G Control Plane Security

KubeArmor directly enforces security policies using Linux Security Modules (LSMs) for each workload based on the identities (e.g., labels) of given containers or workloads.

Learn More

BLOGS

Open Source Solutions for Kubernetes Security

FIRESIDE CHAT

Securing Kubernetes Clusters Effectively

TESTIMONIALS

Developers Love Using KubeArmor

tweet

Kubesploit

KubeArmor is a cloud-native runtime security enforcement system that restricts the behaviour (such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) at the system level

tweet

Oracle Developers

We're excited to announce that #developers can now use @KubeArmor, a runtime security engine that can enhance security of containerized applications on Oracle Container Engine for #Kubernetes. https://social.ora.cl/60153sOwv

tweet

Whitney Lee

♫~ On tomorrow's Enlightning, @daemon1024 will teach @KubeArmor, a @CloudNativeFdn project that protects your modern, cloud native workloads at runtime!

tweet

Sachin Maurya

Finally, I Graduated from the @linuxfoundation Mentorship Program. It was fun and lots of learning working on the @KubeArmor Project. I learned a lot about Container Security and #eBPF. Now I'm looking to continue working on this awesome technology.

tweet

ITNEXT DevOps

Protecting Your Kubernetes Environment With KubeArmor by Patrick Kalkman at #ITNEXT. #containers #cybersecurity #kubernetes #cyberattack #hacker https://itnext.io/protecting-your-kubernetes-environment-with-kubearmor-76b02fc2209b?source=rss----5b301f10ddcd---4… (s)

tweet

Manish Kapur

Happy to share that @KubeArmor Zero trust #Security solution for #Kubernetes has added support for Oracle Kubernetes Engine and @OracleLinux. Thank you to our friends at @AccuKnox https://github.com/kubearmor/KubeArmor/wiki/KubeArmor-support-for-Oracle-Container-Engine-for-Kubernetes-(OKE)… #k8s #cncf

Adopted By

adopter logoadopter logoadopter logo

Want to Add Your Logo ?

Be one of the adopters for our organization

Apply

COMMUNITY

Join Our Awesome Community

Community Card
880
GitHub
Community Card
600+ Members
Slack Channel
Community Card
250+ Subscribers
YouTube Channel

Open Source Partners

member logomember logomember logomember logomember logomember logo

CONTRIBUTORS

Shout Out to KubeArmor Contributors

View More

We are a CNCF Sandbox project.

logo

Effortless and Efficient Runtime Security in Minutes

KubeArmor supports public and private Kubernetes deployments

Learn KubeArmor Basics