Source: See KubeArmor website for details.
KubeArmor is a cloud-native runtime security enforcement system that restricts the behavior (such as process execution, file access, and networking operations) of pods, containers, and nodes at the system level. It makes use of eBPF and Linux security modules (LSMs) such as AppArmor, SELinux, or BPF-LSM to enforce the user-specified policies. KubeArmor generates rich alerts/telemetry events with container/pod/namespace identities for ease of use.
To enable the addon:
microk8s enable kubearmor
Afterwards the KubeArmor CLI is available under MicroK8s:
The addon can be disabled at any time with:
microk8s disable kubearmor
To learn more about KubeArmor visit:
- the KubeArmor official website