KubeArmor directly interfaces with container runtimes to get metadata like container’s namespaces, image and so on. This metadata is then used for generating rich telemetry data and policy enforcement.
In the past, KubeArmor has supported Containerd and Docker and now with v0.5, KubeArmor will also support the CRI-O runtime. This has been made possible by leveraging the CRI-API.
Also, if you have multiple container runtimes, you can now use the CRI_SOCKET
environment var or the -criSocket
flag with kubearmor
for specifying one to use.
For complete implementation, see KubeArmor/697.