-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tests for Onprem k8s providers #1417
Comments
Hello @daemon1024 I would like to work on this issue can please guide me on how to get started |
@MeenuyD Thanks a lot for the the interest. For starters, you can try setting up a minikube/microk8s environment on a Ubuntu Machine. Follow https://github.com/kubearmor/KubeArmor/blob/main/getting-started/deployment_guide.md to play around with KubeArmor. Once you are confident with KubeArmor you can try executing the Smoke Tests based on Now the task of this issue is to automate these all. So we will create a github workflow for the same. |
@daemon1024 can I work on this issue of it is not assigned |
We have
So you can work on adding one of them? @swastik959 WDYT? Thanks for the interest. Please do comment here what you would be working on. It would be great if the workflow in general is abstracted in such a way that testing up other providers won't be difficult. |
@daemon1024 I can work on minikube and kinD since I am familiar with them |
Hello @swastik959 I am working on the issue |
Just a disclaimer, Expect KinD to not work since it depends on the underlying Host. So we can start with Minikube. @MeenuyD and @swastik959 You can collaborate on Slack if needed. |
Hey @daemon1024, can I pick up microk8s? |
Hi @rootxrishabh, can you please share the logs? |
@rootxrishabh how did you install KubeArmor using karmor or KubeArmor operator? |
Hey @anurag-rajawat, I installed using karmor. |
I tried to reproduce it on my system but could not reproduce it. $ kubectl get no -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
minikube Ready control-plane 7m41s v1.27.4 192.168.49.2 <none> Ubuntu 22.04.2 LTS 6.2.9-300.fc38.x86_64 docker:https://24.0.4 $ karmor probe
Found KubeArmor running in Kubernetes
Daemonset :
kubearmor Desired: 1 Ready: 1 Available: 1
Deployments :
kubearmor-controller Desired: 1 Ready: 1 Available: 1
kubearmor-relay Desired: 1 Ready: 1 Available: 1
Containers :
kubearmor-controller-7cb5467b99-xq795 Running: 2 Image Version: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
kubearmor-relay-5ccb6b6ffb-gh55l Running: 1 Image Version: kubearmor/kubearmor-relay-server:latest
kubearmor-wc6kt Running: 1 Image Version: kubearmor/kubearmor:stable
Node 1 :
OS Image: Ubuntu 22.04.2 LTS
Kernel Version: 6.2.9-300.fc38.x86_64
Kubelet Version: v1.27.4
Container Runtime: docker:https://24.0.4
Active LSM: BPFLSM
Host Security: false
Container Security: true
Container Default Posture: audit(File) audit(Capabilities) audit(Network)
Host Default Posture: audit(File) audit(Capabilities) audit(Network)
Host Visibility: none
Armored Up pods :
+-----------+-----------------+------------+------+--------+
| NAMESPACE | DEFAULT POSTURE | VISIBILITY | NAME | POLICY |
+-----------+-----------------+------------+------+--------+
+-----------+-----------------+------------+------+--------+ |
Could you please check the logs of the init container? It is failing in your case.
|
Seems like a missing dependency or a PATH problem. |
BTF support was first introduced in Linux kernel 5.1.x, so you will need to install a kernel version at least that new. Please install the kernel headers and check for BTF support. $ sudo apt install linux-headers-$(uname -r) or you can also upgrade your system to install the latest kernel. Check whether $ cat /boot/config-$(uname -r) | grep -e "BTF" |
Is this completed ? if no, then is there anyone working on this ? |
@daemon1024 Anyone working on this? |
@anurag-rajawat @rootxrishabh does KubeArmor policy enforcement works in AppArmor mode in minikube? Minikube works when BPFLSM is enabled. |
@daemon1024 Since Also, what should be the frequency of the |
We should test KubeArmor periodically and on release on the onprem k8s solutions like kind, minikube, microk8s and k0s.
The tests should run a smoke test to verify if basic kubearmor functionality works or not.
The text was updated successfully, but these errors were encountered: