Overview
KubeArmor enhances security in Bottlerocket deployments on Amazon EKS by restricting processes, files, network usage, safeguarding secrets, certificates, and controlling binary execution. Integrating KubeArmor as a Kubernetes daemonset and operating in systemd mode provides complete runtime security for a variety of workloads. For host protection, it employs inline prevention and best of breed Linux Security Modules, decreasing the attack surface. KubeArmor simplifies policy enforcement in multi node clusters by abstracting LSM complexities, allowing hassle free blocking rules, full monitoring, and no blind spots in visibility.
Highlights
- Add complete security to Bottlerocket deployments on Amazon EKS with KubeArmor. Limit processes, files, and network usage in your pods. Restrict access to Kubernetes security tokens for specific processes. Safeguard secrets and certificates within containers. Block updates to root certificates in specific folders. Control the execution of binaries in your containers with KubeArmor.
- KubeArmor offers complete security for a range of workloads by integrating as a Kubernetes daemonset, and Setting it up in systemd mode to run as host/system processes on bare metal, virtual machines, and containerized workloads. It uses inline prevention to reduce the attack surface, utilizing best-of-breed Linux Security Modules (LSMs) like AppArmor, BPF-LSM, and SELinux for host protection. This approach reduces the attack surface of pods, containers, and VMs.
- In a multi-node cluster, each node leveraging Linux Security Module, KubeArmor simplifies policy enforcement by abstracting away the LSMs' complexities. Hassle-free enforcement of blocking rules at the host or workload level Full control over monitoring hosts, pods, and containers No blind spots in visibility and protection for your cloud-native environment.
Features and programs
Quick Launch
Pricing
Vendor refund policy
No refunds required.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Amazon EKS console add-on
- Amazon EKS
EKS add-on
An add-on is software that provides supporting operational capabilities to Kubernetes applications but isn't specific to the application. This includes software like observability agents or Kubernetes drivers that allow the cluster to interact with underlying AWS resources for networking, compute, and storage. Add-on software is typically built and maintained by the Kubernetes community, cloud providers like AWS, or third-party vendors. Amazon EKS add-ons provide installation and management of a curated set of add-ons for Amazon EKS clusters. All Amazon EKS add-ons include the latest security patches and bug fixes, and are validated by AWS to work with Amazon EKS. Amazon EKS add-ons allow you to consistently ensure that your Amazon EKS clusters are secure and stable and reduce the amount of work that you need to do to install, configure, and update add-ons.
Version release notes
- Adding EKS console Add-on support
Additional details
Usage instructions
- Navigate to the Amazon EKS Console. Select an existing Amazon EKS cluster. On the cluster info page, go to the Add-ons tab info page. 2. To find more add-ons, in the middle right, select Get more add-ons. Scroll down to browse the different add-on software options available for installation from AWS Marketplace. Select AccuKnox_KubeArmor . 3. If you do not have subscription to the add-on through the AWS Marketplace, you will see a callout to subscribe to the software. Choose Next again, review the information, and choose Create. 4.In AWS CLI, describe the add-on versions for Kubecost by entering the following commands: aws eks describe-addon-versions --addon-name accuknox_KubeArmor 5. Create the add-on by entering the following command, replacing my-cluster with the cluster name: aws eks create-addon
--cluster-name my-cluster
--addon-name accuknox_KubeArmor
Support
Vendor support
Join KubeArmor Slack:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Customer reviews
I am cloud engineer
provide zero trust security.
Compliance and Auditing.
resource intensive.