Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test KubeArmor on AWS (EKS) #58

Closed
4 tasks done
nyrahul opened this issue Jan 25, 2021 · 4 comments
Closed
4 tasks done

Test KubeArmor on AWS (EKS) #58

nyrahul opened this issue Jan 25, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@nyrahul
Copy link
Contributor

nyrahul commented Jan 25, 2021
edited
Loading

Check if the KubeArmor can work on AWS k8s engines.

  • Check if the kernel primitives needed for KubeArmor are readily available
  • Test KubeArmor on AWS
  • Create a document for EKS deployment

Check if anyone can deploy KubeArmor based on the document

  • Double validation by someone else
@nyrahul nyrahul added good first issue Good for newcomers v1.0 labels Jan 25, 2021
@seungsoo-lee
Copy link
Contributor

AWS EKS uses Amazon Linux 2 as an OS image, there are no other options.

The kernel version is 4.14 by default, and we can upgrade to 5.4.

BUT, Amazon Linux 2 does not support AppArmor. They suggest using SELinux.

ref. https://forums.aws.amazon.com/thread.jspa?threadID=320641

Screen Shot 2021-02-02 at 12 01 15 PM

@nam-jaehyun nam-jaehyun removed the v1.0 label Feb 26, 2021
@seungsoo-lee
Copy link
Contributor

image

currently, SELinux not supported in aws/eks

@nam-jaehyun nam-jaehyun reopened this Mar 9, 2021
@nam-jaehyun nam-jaehyun added enhancement New feature or request and removed good first issue Good for newcomers labels Apr 2, 2021
@danmx
Copy link

danmx commented Aug 12, 2021

5.10 lts kernel should be supported soon (they tend to follow lts versions). I think there will be a problem with EKS Fargate since it's a very locked down microVM running a sidecar that runs eBPF will be impossible. One thing that could be used is ptrace, like Falco, to bypass the limitations.

@nyrahul
Copy link
Contributor Author

nyrahul commented Aug 13, 2021

5.10 lts kernel should be supported soon (they tend to follow lts versions). I think there will be a problem with EKS Fargate since it's a very locked down microVM running a sidecar that runs eBPF will be impossible. One thing that could be used is ptrace, like Falco, to bypass the limitations.

Interesting point. However, at this juncture, our aim is to get it working for vanilla EKS (not fargate). Fargate will be a different challenge for the reasons you mentioned.

@nam-jaehyun nam-jaehyun changed the title Test KubeArmor on AWS (EKS/Fargate) Test KubeArmor on AWS (EKS) Aug 27, 2021
@nam-jaehyun nam-jaehyun mentioned this issue Aug 27, 2021
Merged
@DelusionalOptimist DelusionalOptimist mentioned this issue May 23, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@seungsoo-lee @nyrahul @danmx @nam-jaehyun