Security update! Announcing the release of KubeArmor v0.10, packed with exciting new features, enhancements, and fixes. This release brings improved default visibility settings, enriched telemetry, and alert data, support for new platforms, and various installation fixes. The community has collaboratively worked to deliver a solid new release. Let’s get into the details of what’s new in KubeArmor v0.10:
The highlights of this new version’s rollout are:
|☑️||Telemetry for workloads is disabled by default, providing more flexibility in managing settings.|
|☑️||KubeArmor now includes Deployment Name, Pod Name, Namespace, and Cluster Name for better visibility and alerts.|
|☑️||Support for BPF-LSM in non-orchestrated containerized workloads enables leveraging BPF-based security policies outside of orchestrated environments.|
|☑️||Helm installation fixes, auto-updating dependencies, and support for new platforms are also available.|
Default Visibility Changes
In previous versions, KubeArmor enabled full telemetry by default for all workloads. With v0.10, we have made a significant change. By default, telemetry for workloads is now disabled, offering more flexibility in managing telemetry settings. If you want to enable telemetry for specific workloads or namespaces, you can easily do so using annotations.
Enrichment of Telemetry and Alerts Data
For better visibility, alerts, and telemetry, KubeArmor now includes Deployment Name, Pod Name, Namespace, and Cluster Name. This strategy improves analysis and monitoring, allowing for comprehensive deployments and effective troubleshooting. Added support for deployment scenarios (replicasets, statefulsets, daemonset). This makes it easier for you to base decisions on accurate metadata. You can now expect even more detailed and insightful information, empowering you to monitor and analyze your workloads with greater precision.
Support for BPF-LSM in Non-Orchestrated Containerized Workloads
In the previous versions, enforcement in containerized workloads was limited to AppArmor. We are delighted to introduce support for BPF-LSM (Linux Security Modules) in non-orchestrated containerized workloads. This new capability allows you to leverage the benefits of BPF-based security policies even outside of orchestrated environments. You can now avail the benefits of BPF LSM for enhanced security and fine-grained control over containerized workloads.
By incorporating BPF LSM enforcement, KubeArmor enables users to define and enforce security policies at the kernel level, providing an additional layer of protection for their containerized environments. Advanced capabilities offered by BPF LSM, including powerful eBPF (extended Berkeley Packet Filter) programs and flexible security rules, are now unlocked!
Helm Installation Fixes
For smoother deployments using Helm, we have addressed several issues and made necessary fixes. To benefit from these improvements, please refer to our updated Helm installation guide. If you are still facing any issues, please put it up in the discussions.
To ensure you always have the latest dependencies, KubeArmor now utilizes Renovate, an automated dependency update tool. With Renovate, you can expect a seamless experience, as KubeArmor keeps your dependencies up to date automatically. Everything synced!
Support for New Platforms
With this release, we have expanded our platform support to include:
- DigitalOcean Kubernetes (DOKs)
- Mirantis MKE.
- Amazon Linux 2023.
This means you can now confidently run KubeArmor on these platforms, benefiting from enhanced security and protection. We believe addition to these new platforms will allow you to extend security to workloads effectively on this platform.
We are grateful to our dedicated community for their continuous support and valuable contributions that have made this release possible. Your feedback and suggestions drive us to improve KubeArmor with every release.
To explore the complete list of changes, bug fixes, and enhancements in KubeArmor v0.10, please refer to our release notes.
Upgrade to KubeArmor v0.10 today and experience the latest features and fixes firsthand. We look forward to hearing your thoughts and helping you strengthen the security of your Kubernetes deployments.
Stay tuned for more updates and exciting features on our roadmap. Together, let’s build a more secure and resilient Kubernetes ecosystem!