KubeArmor
Search…
Development Guide

Development

  1. 1.
    Self-managed Kubernetes
    • Requirements
      List of minimum requirements for self-managed Kubernetes.
      1
      OS - Ubuntu 18.04
      2
      Kubernetes - v1.19
      3
      Docker - 18.09 or Containerd - 1.3.7
      4
      Linux Kernel - v4.15
      5
      LSM - AppArmor
      Copied!
      KubeArmor is designed for Kubernetes, which means that Kubernetes should be ready in your environment. If Kubernetes is not prepared yet, please refer to Kubernetes installation guide. KubeArmor also requires either Docker or Containerd since it internally uses its APIs. KubeArmor requires LSMs to operate properly; thus, please make sure that your environment supports LSMs (at least, AppArmor). Otherwise, KubeArmor will work as Audit-Mode with no container behavior restriction.
      • Alternative Setup - MicroK8s
        You can also develop and test KubeArmor on MicroK8s instead of the self-managed Kubernetes. For this, please follow the instructions in MicroK8s installation guide.
      • Notice - Minikube
        KubeArmor does not support the policy enforcement on Minikube because MiniKube supports no LSM, which means that you will only get the alerts against given policy violations. However, if you want to test KubeArmor, you can follow the instructions in Minikube installation guide.
      • Caution - Docker Desktops
        KubeArmor does not work with Docker Desktops on Windows and macOS because KubeArmor integrates with Linux-kernel native primitives (including LSMs).
    • Development Setup
      In order to install all dependencies, please run the following command.
      1
      $ cd KubeArmor/contribution/self-managed-k8s
      2
      ~/KubeArmor/contribution/self-managed-k8s$ ./setup.sh
      Copied!
      setup.sh will automatically install BCC, Go, Protobuf, and some other dependencies.
      Now, you are ready to develop any code for KubeArmor. Enjoy your journey with KubeArmor.
  2. 2.
    Vagrant Environment (Recommended)
    • Requirements
      Here is the list of requirements for a Vagrant environment
      1
      Vagrant - v2.2.9
      2
      VirtualBox - v6.1
      Copied!
      If you do not have Vagrant and VirtualBox in your environment, you can easily install them by running the following command.
      1
      cd KubeArmor/contribution/vagrant
      2
      ~/KubeArmor/contribution/vagrant$ ./setup.sh
      Copied!
    • VM Setup using Vagrant
      Now, it is time to prepare a VM for development.
      To create a vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-up
      Copied!
      To destroy the vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-destroy
      Copied!
      To get into the vagrant VM
      1
      ~/KubeArmor/KubeArmor$ make vagrant-ssh
      Copied!
    • VM Setup using the latest Linux kernel (v5.13)
      To use the latest linux kernel for dev env you can run make with the NETNEXT flag set to 1 for the respective make option.
      1
      ~/KubeArmor/KubeArmor$ make vagrant-up NETNEXT=1
      Copied!
      You can also make the setting static by changing NETNEXT=0 to NETNEXT=1 in the Makefile.
      1
      ~/KubeArmor/KubeArmor$ vi Makefile
      Copied!
Please Note:
You could skip vagrant step completely if you're directly compiling Kubearmor on any Linux distro, or using Virtualbox.
Please ensure that the steps to setup K8s is followed so as to resolve any open dependencies
  1. 1.
    Environment Check
    • Compilation
      Check if KubeArmor can be compiled on your environment without any problems.
      1
      $ cd KubeArmor/KubeArmor
      2
      ~/KubeArmor/KubeArmor$ make
      Copied!
      If you see any error messages, please let us know the issue with the full error messages through KubeArmor's slack.
    • Execution
      In order to directly run KubeArmor in a host (not as a container), you need to run a local proxy in advance.
      1
      $ kubectl proxy &
      2
      3
      or
      4
      5
      $ tmux
      6
      (tmux)$ kubectl proxy
      7
      (tmux)$ CTRL B + D
      Copied!
      Then, run KubeArmor on your environment.
      1
      $ cd KubeArmor/KubeArmor
      2
      ~/KubeArmor/KubeArmor$ make run
      Copied!

Code Directories

Here, we briefly give you an overview of KubeArmor's directories.
  • Source code for KubeArmor (/KubeArmor)
    1
    KubeArmor/
    2
    BPF - eBPF code for system monitor
    3
    common - Libraries internally used
    4
    core - The main body (start point) of KubeArmor
    5
    enforcer - Runtime policy enforcer (enforcing security policies into LSMs)
    6
    feeder - gRPC-based feeder (sending audit/system logs to a log server)
    7
    log - Message logger (stdout) for KubeArmor
    8
    monitor - eBPF-based system monitor (mapping process IDs to container IDs)
    9
    types - Type definitions
    10
    protobuf/ - Protocol buffer
    Copied!
  • Source code for KubeArmor's custom resource definition (CRD)
    1
    pkg/KubeArmorPolicy/ - KubeArmorPolicy CRD generated by Kube-Builder
    2
    pkg/KubeArmorHostPolicy/ - KubeArmorHostPolicy CRD generated by Kube-Builder
    Copied!
  • Scripts for GKE
    1
    GKE/ - scripts to set up the enforcer in a container-optimized OS (COS)
    Copied!
  • Files for testing
    1
    examples/ - Example microservices for testing
    2
    tests/ - Automated test framework for KubeArmor
    Copied!
Last modified 1mo ago
Export as PDF
Copy link