Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KubeArmor operator #914

Closed
11 tasks done
achrefbensaad opened this issue Sep 26, 2022 · 0 comments · Fixed by #1246
Closed
11 tasks done

KubeArmor operator #914

achrefbensaad opened this issue Sep 26, 2022 · 0 comments · Fixed by #1246
Assignees
Labels
enhancement New feature or request

Comments

@achrefbensaad
Copy link
Member

achrefbensaad commented Sep 26, 2022

KubeArmor operator

Aim

  • Simplify our volumes mounts
  • Unlock multi-enforcers cluster support
  • Unlock multi-CRI cluster support
  • Improve Karmor update procedure

Node snitch

The node snitch is responsible for detecting the node runtime socket location(docker, crio, containerd, ...) and the node security enforcer (SeLinux, AppArmor, Bpf). After detection, the snitch will label the node with needed information.

KubeArmor Operator

Is reponsible for installing KubeArmor and KubeArmor CRD's on the cluster, it makes use of the snitch to detect CRI and node enforcer.

Diagram

kubearmor-operator drawio

Work

  • Node snitch
    • CRI detection
    • node enforcer detection
  • KubeArmor operator
    • Install node snitch
    • Watch for node events
    • Install CRD
    • Install KubeArmor daemonsets
    • Watch for changes in installed resources
  • Integrate with karmor
  • Test on multi-enforcer multi-container runtime cluster (Decided we will not do this unless users specifically ask for it. Till date there has been no clusters which face this problem).
@achrefbensaad achrefbensaad added the enhancement New feature or request label Sep 26, 2022
@achrefbensaad achrefbensaad self-assigned this Sep 26, 2022
@achrefbensaad achrefbensaad moved this to 🏗 In progress in v0.7 Backlog, Release Plan Sep 26, 2022
@achrefbensaad achrefbensaad added this to the v0.7 milestone Sep 26, 2022
@Ankurk99 Ankurk99 modified the milestones: v0.7, v0.8 Nov 3, 2022
@Ankurk99 Ankurk99 mentioned this issue Nov 10, 2022
5 tasks
@Ankurk99 Ankurk99 moved this to 🏗 In progress in v0.8 backlog Nov 10, 2022
@nyrahul nyrahul moved this from 🏗 In progress to 👀 In review in v0.8 backlog Dec 26, 2022
@Ankurk99 Ankurk99 removed this from v0.8 backlog Jan 11, 2023
@Ankurk99 Ankurk99 removed this from the v0.8 milestone Jan 11, 2023
@nyrahul nyrahul moved this to Todo in v0.9 backlog Jan 24, 2023
@nyrahul nyrahul moved this from Todo to In Progress in v0.9 backlog Jan 27, 2023
@daemon1024 daemon1024 removed the status in v0.9 backlog Feb 27, 2023
@nyrahul nyrahul moved this to Todo in v0.10 Backlog Mar 14, 2023
@Ankurk99 Ankurk99 removed the status in v0.10 Backlog Mar 24, 2023
@nyrahul nyrahul moved this to In Progress in v0.11 Backlog Jun 26, 2023
@DelusionalOptimist DelusionalOptimist linked a pull request Jul 4, 2023 that will close this issue
3 tasks
@achrefbensaad achrefbensaad moved this from In Progress to In review in v0.11 Backlog Jul 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
Status: Done
Development

Successfully merging a pull request may close this issue.

3 participants