Mirantis K8s engine support

[nyrahul]

Feature Request

Short Description

Supporting k8s cluster solution from Mirantis.

Describe the solution you'd like

• Check if policy enforcement, observability, audit rules, network segmentation is supported
• Get output of karmor probe
• Update kubearmor support matrix
• Provide and attach karmor sysdump

[AshokAccuknox]

Mirantis Kubernetes Engine:

Mirantis Kubernetes Engine (formerly Docker Enterprise/UCP) is fully-baked Enterprise Kubernetes for development, testing, and production. It includes the Universal Control Plane webUI for easy management, Mirantis Secure Registry (formerly Docker Trusted Registry) for private container image storage and security scanning, and runs on Mirantis Container Runtime (formerly Docker Engine – Enterprise) — a hardened container runtime with optional FIPS 140-2 encryption and other security and reliability features

Mirantis Cluster with 3 Manager and 2 worker nodes:

This is a trial version Mirantis Bare Metal Cluster running in AWS using Ubuntu 20.04 Operating System.

Installing Sample wordpress-mysql application:

Installed Sample Wordpress-Mysql Application using the following command:

kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/examples/wordpress-mysql/wordpress-mysql-deployment.yaml

Installing KubeArmor in MKE:

Installed KubeArmor in the Mirantis Kubernetes Engine with following Commands:

curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin
karmor install

Applying KubeArmor Policy:

Audit policy for mysql:

The following policy audits the access to the var/lib/mysql folder.

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: ksp-mysql-audit-dir
  namespace: wordpress-mysql
spec:
  severity: 5
  selector:
    matchLabels:
      app: mysql
  file:
    matchDirectories:
      - dir: /var/lib/mysql/
        recursive: true
  action: Audit 

After applying Policy:

After Applying Policy we can get audit logs related to file or folder access by someone.

Logs:

WordPress Config.php file block policy:

Before Applying Policy:

Applying KubeArmor policy to block access to wp-config file:

The following policy denies access to wp-config.php file.

apiVersion: security.kubearmor.com/v1
kind: KubeArmorPolicy
metadata:
  name: ksp-wordpress-block-config
  namespace: wordpress-mysql
spec:
  severity: 10
  selector:
    matchLabels:
      app: wordpress
  file:
    matchPaths:
      - path: /var/www/html/wp-config.php
        fromSource:
          - path: /bin/cat
  action: Block

After applying Policy:

After Applying KubeArmor policy wp-config.php file cannot be accessed.

Logs:

[Ankurk99]

Hey @AshokAccuknox the screenshots you sent doesn't contain the corresponding logs (PolicyName is shown as DefaultPosture instead of the actual name). Do we have more logs for the same policy rule violation containing the policy name?