Skip to main content
KubeArmor v1.4.0 is here!

Runtime Security Enforcement

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

ctaKubearmorctaModelarmor

Created By

accuknox image
architecture image

ARCHITECTURE

First K8s Security Engine to Leverage BPF-LSM

KubeArmor is a runtime Kubernetes security engine. It uses eBPF and Linux Security Modules(LSM) for fortifying workloads based on Cloud Containers, IoT/Edge, and 5G networks. It enforces policy-based controls.

architecture image

USE CASES

What Makes KubeArmor Unique?

Inline Mitigation

KubeArmor lessens the attack surface on pods, containers, and virtual machines. For inline mitigation, it uses Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux to provide security without changing the pod or container or without host-level adjustments.

Simplicity with LSMs

KubeArmor simplifies their intricacies and makes enforcing policy simple. It functions as a non-privileged daemonset and has host, pod, and container monitoring capabilities.

Flaws of Post-Attack Mitigation

Our inline approach is proactive, in contrast to post-attack mitigation, which kills processes after malicious intent is observed. Attackers are able to run code and possibly elude detection with the help of post-attack mitigation.

Challenges of Pod Security Context

K8s native Pod Security Context has limitations, including difficulties in predicting available LSMs and a lack of support for BPF-LSM.

Multi-Cloud Challenges

Dealing with pod security contexts is difficult since cloud providers use various default LSMs.

feature image

INSTALLATION

How to Install KubeArmor?

Boost your security with KubeArmor in simple steps

Download and install KubeArmor via helm chart


helm repo add kubearmor https://kubearmor.github.io/charts

helm repo update kubearmor

helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubearmor --create-namespace

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml 
    

For configuration options and further information

Read Documentation

KubeArmor is Now Available on

Aws Marketplace logoRedhat Marketplace logoOracle Marketplace logoDigital Ocean logo

Kernel Support Matrix

EXPANSIONS

What's new?

IoT/Edge Security

KubeArmor provides the ability to restrict specific behavior of process executions, file accesses, networking operations, and resource utilization inside of your workload level.

Learn More

5G Control Plane Security

KubeArmor directly enforces security policies using Linux Security Modules (LSMs) for each workload based on the identities (e.g., labels) of given containers or workloads.

Learn More

TESTIMONIALS

Developers Love Using KubeArmor

Milestones

2020

  • KubeArmor project architecture
  • MVP Launch

2021

  • CNCF Sandbox Acceptance (November 16)
  • Dec 17, Released v0.1 - stable version

2022

  • Surpassed 300K+ downloads
  • Gained traction in the open-source community
  • Host Policy Enforcement support

2023

  • Reached 10+ industry adopters, validating enterprise-grade capabilities
  • Listed on AWS and Redhat Marketplace
  • Released v1.0 - production-ready solution

2024

  • Over 1+ Million downloads
  • Earned 1,300+ GitHub stars, showcasing community engagement
  • Listed on Oracle and Digital Ocean Marketplace
  • Launched comprehensive KubeArmor Book, enhancing user education
  • Introduced the KOSHER program

Open Source Partners

member logomember logomember logomember logomember logomember logo

CONTRIBUTORS

Shout Out to KubeArmor Contributors

We are a CNCF Sandbox project.

logo

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.

Effortless and Efficient Runtime Security in Minutes

KubeArmor supports public and private Kubernetes deployments