Release Notes

Jump to bottom

Nandhini A edited this page Aug 17, 2021 · 5 revisions

v1.1

We are pleased to release v1.1.

Environments

Kubernetes Environments

Minikube
Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS)

LSM

SELinux (systemd version only)

Features

KubeArmorPolicy
- Add a new field "apparmor" to apply native AppArmor profiles using KubeArmorPolicy
- Add a new field "selinux -> volumeMounts" to control the access of mounted volumes using SELinux
KubeArmorHostPolicy
- Provide security policies to restrict host resource (e.g., processes and files in hosts)
Audit Mode
- Provide the audit mode if no LSM is enabled in hosts, auditing the behavior of containers based on given policies
- In the audit mode, actions are changed as follows:
```
          Allow -> Audit (Allow)
          Audit -> Audit
          Block -> Audit (Block)
```
gRPC Client
- Provide the kubearmor-mysql-client (https://github.com/kubearmor/kubearmor-mysql-client)
- Provide the kubearmor-kafka-client (https://github.com/kubearmor/kubearmor-kafka-client)
Telemetry
- Provide telemetry data to monitoring systems (https://github.com/kubearmor/kubearmor-prometheus-exporter)

v1.0

We are pleased to release KubeArmor v1.0.

Environments

Kubernetes Environments

Self-managed Kubernetes, MicroK8s
Google Kubernetes Engine (GKE)

Container Platforms

Docker
Containerd

LSM

AppArmor

Features

System Monitor - Monitor container behaviors at the system level
AppArmor Enforcer - Enforce security policies against process executions, file accesses, network operations, and capabilities permitted
Logger - Produce container-aware alerts and system logs and write them into standard output, log file, and gRPC
gRPC Client - Provide the kubearmor-log-client (https://github.com/kubearmor/kubearmor-log-client)
Relay Server - Provide a common interface across all KubeArmor daemons