KubeArmor 1.1: Runtime Security Enforcement Enhancements

Introduction

KubeArmor 1.1, released on March 15, 2023, is most relevant if you’re hardening clusters without turning every deploy into a support ticket. The real value is in rollout safety: tighter controls with fewer false positives, clearer policy outcomes, and smoother day-2 response when something is blocked.

Runtime Security Improvements

• Policy enforcement improvements provide faster and more reliable security policy enforcement.
• Threat detection enhancements enable better detection of security violations.
• Blocking capabilities enable automatic blocking of unauthorized operations.
• Alerting improvements provide better notification of security events.

eBPF Enhancements

1. eBPF program optimizations reduce overhead and improve performance.
2. Event filtering improvements reduce noise and focus on important security events.
3. Kernel compatibility expands support for different kernel versions.
4. Performance optimizations improve security enforcement efficiency.

Kubernetes Integration

• Admission control integration enables policy enforcement at pod creation time.
• Service account detection improves identification of containerized applications.
• Resource monitoring provides better visibility into resource access patterns.
• Operator improvements simplify KubeArmor installation and management.

Getting Started

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/deployments/GKE/kubearmor.yaml

Create a security policy:

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: block-exec
spec:
  selector:
    matchLabels:
      app: my-app
  file:
    matchPaths:
    - path: /bin/*
      action: Block

Summary

KubeArmor 1.1 provides teams with powerful runtime security enforcement capabilities using eBPF for protecting Kubernetes workloads.