-
Notifications
You must be signed in to change notification settings - Fork 336
v0.7 Release Blog
- RPI
- ARM VM
- ARM VM on Macbook M1 laptops
...
...
KubeArmor already had a community driven curated list of System and Network policy templates at policy-template repository.
With the templates, it was upto the user to change values like namespace
labels
etc to make sure that the policies are actually enforcing on their cluster.
With the new kArmor recommend
it is made sure that the user doesn't have to change anything on the policy but rather simply apply them to get a secure environment for the Kubernetes deployments.
kArmor recommend
recommends policies based on container image, k8s manifest or the actual runtime environment itself.
The kArmor recommend update
fetches the latest release of policy-templates and saves them locally. These policies are later recommended to the user according to the identified os distribution and preconditions.
You can get recommendation for an image or your kubernetes deployments.
kArmor recommend
with --namespace
flag will generate security policies for your active cluster if there is atleast one deployment in the namespace.
The recommendation can be further filtered down using the flag --labels
. With this the user can input an array of labels belonging to deployments which needs policy recommendation.
Policy recommendation can also be used on docker images using karmor recommend
. The --images
flag lets the user to get recommendation for any docker images.
karmor recommend
is also equipped with 2 reporting features: text and html. The text based reporting is enabled by default and creates a report.txt
file under the default output directory out
. Both the directory and report file can be customized using --outdir
and --report
flags respectively.
The html
reporting will generate an html page with the all the important information.
...
...
- Fix AppArmor policies behavior https://github.com/kubearmor/KubeArmor/issues/954
- Discovery engine fixes
- Relative paths
- Refreshed
karmor summary
output - Improved discovered policies rules to include all necessary paths
- Data race conditions https://github.com/kubearmor/KubeArmor/issues/842