Skip to main content
KubeArmor v1.0 is here!

Runtime Security Enforcement

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

architecture image

ARCHITECTURE

First K8s Security Engine to Leverage BPF-LSM

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

architecture image

USE CASES

What Makes KubeArmor Unique?

Inline Mitigation

KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments.

Simplicity with LSMs

KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities.

Flaws of Post-Attack Mitigation

Our inline approach is proactive, in contrast to post-attack mitigation, which kills processes after malicious intent is observed. Attackers are able to run code and possibly elude detection with the help of post-attack mitigation.

Challenges of Pod Security Context

K8s native Pod Security Context has limitations, including difficulties in predicting available LSMs and a lack of support for BPF-LSM.

Multi-Cloud Challenges

Dealing with pod security contexts is difficult since cloud providers use various default LSMs.

feature image

INSTALLATION

How to Install KubeArmor?

Boost your security with KubeArmor in simple steps

Download and install KubeArmor via helm chart


helm repo add kubearmor https://kubearmor.github.io/charts

helm repo update kubearmor

helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubearmor --create-namespace

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml 
    

For configuration options and further information

Read Documentation

KubeArmor is Now Available on

EXPANSIONS

What's new?

IoT/Edge Security

KubeArmor provides the ability to restrict specific behavior of process executions, file accesses, networking operations, and resource utilization inside of your workload level.

Learn More

5G Control Plane Security

KubeArmor directly enforces security policies using Linux Security Modules (LSMs) for each workload based on the identities (e.g., labels) of given containers or workloads.

Learn More

TESTIMONIALS

Developers Love Using KubeArmor

Adopted By

Want to Add Your Logo ?

Be one of the adopters for our organization

Apply

Open Source Partners

member logomember logomember logomember logomember logomember logo

CONTRIBUTORS

Shout Out to KubeArmor Contributors

We are a CNCF Sandbox project.

logo

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.

Effortless and Efficient Runtime Security in Minutes

KubeArmor supports public and private Kubernetes deployments