Skip to content

Release Notes

Nandhini A edited this page Aug 17, 2021 · 5 revisions

v1.1

We are pleased to release v1.1.

Environments

Kubernetes Environments

  • Minikube
  • Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS)

LSM

  • SELinux (systemd version only)

Features

  • KubeArmorPolicy

    • Add a new field "apparmor" to apply native AppArmor profiles using KubeArmorPolicy
    • Add a new field "selinux -> volumeMounts" to control the access of mounted volumes using SELinux
  • KubeArmorHostPolicy

    • Provide security policies to restrict host resource (e.g., processes and files in hosts)
  • Audit Mode

    • Provide the audit mode if no LSM is enabled in hosts, auditing the behavior of containers based on given policies

    • In the audit mode, actions are changed as follows:

                Allow -> Audit (Allow)
                Audit -> Audit
                Block -> Audit (Block)
      
  • gRPC Client

  • Telemetry


v1.0

We are pleased to release KubeArmor v1.0.

Environments

Kubernetes Environments

  • Self-managed Kubernetes, MicroK8s
  • Google Kubernetes Engine (GKE)

Container Platforms

  • Docker
  • Containerd

LSM

  • AppArmor

Features

  • System Monitor - Monitor container behaviors at the system level
  • AppArmor Enforcer - Enforce security policies against process executions, file accesses, network operations, and capabilities permitted
  • Logger - Produce container-aware alerts and system logs and write them into standard output, log file, and gRPC
  • gRPC Client - Provide the kubearmor-log-client (https://github.com/kubearmor/kubearmor-log-client)
  • Relay Server - Provide a common interface across all KubeArmor daemons
Clone this wiki locally