Comments (13)
Hey @sumit-158, Thanks for the interest.
I'm kinda beginners to go and k8s can you help me out how to get involved in this project or any suggestion ?
kArmor is a helper utility to the KubeArmor project.
I would suggest going through CONTRIBUTING.md for ways to get involved and experiment with KubeArmor and kArmor meanwhile. If you have any specific queries feel free to shoot em on the KubeArmor Slack.
For
- go - https://go.dev/learn/
- kubernetes - https://gist.github.com/dims/bb219a4a8d9cb88dc2a2dc1f11a537c6#beginner-resources
are some nice resources.
from kubearmor-client.
@SaarthakMaini Sure go ahead. Thank You for the interest.
from kubearmor-client.
Hello @daemon1024 , hope you're doing well , this is Anutosh here from India .
I'm an open source enthusiast and I am keen to take part in the LFX Mentorship program for the summer term. The project and the library interests me. But being new to the project , I would be glad if you could syggest any relevant resources/links I should be going through as a beginner for getting to know the project and the library better . Thank you !
from kubearmor-client.
Hi, I'm Anurag Pathak, a full-stack developer and B. Tech. 2nd-year CSE student. I have been working with Kubernetes and Golang for the last 2-3 months and contributing to Brigade and Argo-workflow. While looking for some good projects which interest me, I found KubeArmor and eventually came to this issue. I would like to work on it in LFX Mentorship Summer 2022.
from kubearmor-client.
PreInstall
$ karmor probe
**Host**
Observability/Audit : Supported
Enforcement: Full (Supported LSMs: apparmor)
**Node 1**
Observability/Audit : Supported
Enforcement: Partial (Supported LSMs: selinux)
**Node 2**
Observability/Audit : Supported
Enforcement: None (Supported LSMs: smack)
**Node 3**
Observability/Audit : Nope ( Kernel Version < 4.14 )
Enforcement: Full (Supported LSMs: apparmor)
KubeArmor running
- Kubernetes
$ karmor probe
Found KubeArmor running in Kubernetes
Deployment kubearmor-relay Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet kubearmor Desired: 1, Ready: 1/1, Available: 1/1
Containers kubearmor Running: 4 <image version>
kubearmor-relay Running: 1 <image version>
Node 1
OS Image: Ubuntu 18.04.5 LTS
Kernel Version: 4.15.0-184-generic
Kubelet Version: v1.23.3
Container Runtime: docker://18.9.1
Supported LSMs: capability,yama,apparmor
Observability/Audit : Yes
Host Security: Yes
Container Security: Yes
KubeArmor Posture: Block
Node 2
OS Image: RHEL..
Kernel Version: 4.18...
Kubelet Version: v1.23.3
Container Runtime: crio-o://18.9.1
Supported LSMs: capability,yama,selinux
Observability/Audit : Yes
Host Security: Yes
Container Security: No
KubeArmor Posture: Audit
- SystemD
$ karmor probe
Found KubeArmor running in systemd mode
KubeArmor PID - 32454
Host - HostName
OS Image: Ubuntu 18.04.5 LTS
Kernel Version: 4.15.0-184-generic
Container Runtime: docker://18.9.1
Supported LSMs: capability,yama,apparmor
Observability/Audit : Yes
Host Security: Yes
Container Security: Yes
KubeArmor Posture: Block
from kubearmor-client.
Hi , I want to participate in LFX Mentorship currently I'm kinda beginners to go and k8s can you help me out how to get involved in this project or any suggestion ?
from kubearmor-client.
Hello,
I am currently a beginner in Go and Kubernetes
I would also like to contribute to the project under LFX Mentorship Program
May I also follow the above resources and apply for the project?
Thank you!
from kubearmor-client.
Hello,
I have gone through the required pre-requisites and resources as stated above.
I also saw this video:
https://www.youtube.com/watch?v=A4HwqCRjyHE&t=221s
to learn about KubeArmor and eBPF
What I understand is that we have to create and change yaml files in the policy-templates repository. Am I correct?
If possible, please point me in the direction from where I could get started on this issue and what else I have to do in this exactly, and I will take it on from there
Thank you very much!
from kubearmor-client.
I'm also interested in working on this project, I'm still on my way to understanding the project architecture. I had a doubt tho:
This feature will provide various information about KubeArmor like the current running mode (audit or enforcement), the enforcer used by KubeArmor (SELinux or AppArmor or BPF-LSM), whether it's running in systemd mode or on k8s, etc.
I suppose audit
and enforcement
are Kubernetes admission control constructs, right?
Also, the extensions that we are planning to build, are those pieces of information available for collection from KubeArmor? Or do we have to work on KubeArmor first to make such information available for the kArmor CLI?
from kubearmor-client.
@daemon1024 I would love to pick up this issue
from kubearmor-client.
Partially handled in #86, More changes to follow in a seperate PR
from kubearmor-client.
Ref #166
from kubearmor-client.
Closing, since handled.
from kubearmor-client.
Related Issues (20)
- [feat] Improving Broken-link-check scope HOT 3
- Update Long description for karmor install HOT 3
- `--save` command is broken in karmor profile HOT 2
- karmor probe panic HOT 4
- `karmor install --env=generic --save` should work without kubernetes cluster access HOT 4
- karmor install percentage completion showing more than 100% HOT 4
- update `karmor install` to deploy kubearmor-relay sa and associated rbac policies for kubearmor relay HOT 4
- Running karmor probe on operator installation throws incorrect posture values HOT 7
- Karmor probe not showing armored pods
- add instructions to verify the tarballs using cosign HOT 3
- Install karmor without `sudo` HOT 4
- fix scorecard github action HOT 2
- fix renovate go.sum updates HOT 2
- `karmor uninstall` should remove annotations/policies by default HOT 1
- Improve `karmor probe` error handling HOT 1
- JSON output from `karmor logs --json` is not beautified HOT 7
- `karmor sysdump` should contain logs from all pods with `kubearmor-app` label HOT 1
- Show current status of daemonset in `karmor install` HOT 3
- `karmor recommend` doesn't recommend all expected policies with Docker v26 HOT 1
- Replace Docker Client with ORAS to handle interaction with OCI registries like DockerHub HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubearmor-client.