KubeArmor icon indicating copy to clipboard operation
KubeArmor copied to clipboard

Published 20 hours ago verified publisher icon kubearmor

Multicontainer support for KubeArmor

Open Ankurk99 opened this issue 2 years ago • 4 comments

Feature Request

Allow KubeArmor to apply policies at container level

Is your feature request related to a problem? Please describe the use case. Currently if we apply any policy to a pod running multiple containers, the policy get applied at pod level and we cannot create separate KubeArmor profile for different containers in the pod

Describe the solution you'd like Include container name field in the security policies and modify KubeArmor to apply policies to different containers based on this container name field.

For example: a pod is running 3 containers (container1/2/3) and we want to apply the policy to container1 and container2 then policy can be modified like:

spec:
  Selector:
    containerName:
        name: container1, container2

Ankurk99 avatar Apr 19 '22 04:04 Ankurk99

cc @nam-jaehyun @nyrahul

Ankurk99 avatar Apr 19 '22 04:04 Ankurk99 

spec:
  Selector:
    containerName:
    - container1
    - container2

how about this? having a list of containers rather than having a string?

nam-jaehyun avatar Apr 19 '22 04:04 nam-jaehyun 

Selector:
    matchLabels:
          container: ubuntu-container  
    containerName:
        - nginx

Here: matchLabels will match the corresponding pod and containerName will match to the container inside that pod. If no matchLabels are applied then KubeArmor will apply the policy to all the containers with the respective containerName

Ankurk99 avatar Apr 22 '22 04:04 Ankurk99 

Selector:
    matchLabels:
          container: ubuntu-container
          kubearmor.io/container.name: nginx

nyrahul avatar May 17 '22 06:05 nyrahul