Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kubearmor/kvm-service
Kubearmor Virtual Machine Service allows orchestrating policies to VMs and Bare-Metal environments using either k8s or non-k8s control plane.
https://github.com/kubearmor/kvm-service
bare-metal k8s kubearmor runtime security vm
Last synced: 13 days ago
JSON representation
Kubearmor Virtual Machine Service allows orchestrating policies to VMs and Bare-Metal environments using either k8s or non-k8s control plane.
- Host: GitHub
- URL: https://github.com/kubearmor/kvm-service
- Owner: kubearmor
- License: apache-2.0
- Created: 2021-09-06T11:46:52.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-15T05:34:01.000Z (11 months ago)
- Last Synced: 2024-10-12T12:24:00.818Z (about 1 month ago)
- Topics: bare-metal, k8s, kubearmor, runtime, security, vm
- Language: Go
- Homepage:
- Size: 137 MB
- Stars: 11
- Watchers: 4
- Forks: 10
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# KubeArmor VM Service (kvmservice)
## Introduction
Kubearmor Virtual Machine Service allows orchestrating policies to VMs and Bare-Metal environments using either k8s or non-k8s control plane.
kvmservice can either run as:
1. k8s service + operator in k8s based control plane
2. directly on VM/Bare-metal as systemd process### Use-cases/Requirements
- [x] Onboard kubearmor/cilium to virtual machines/bare-metals/edge-devices
- [x] Orchestrate kubearmor and cilium policies to VMs
- [x] Handle observability in a unified manner
- [x] Support hybrid deployments of k8s and Virtual machines based workloads.
- [x] Support automated policy discovery for kubearmor/cilium for VMs> Note: Virtual Machines, Bare-Metal machines, Edge Devices can be used interchangeably in this document.
## High Level Arch for Hybrid Deployment
A deployment might have workloads distributed across both k8s and non-k8s (VM-based) environments. The primary aim is to support kubearmor/cilium onboarding, policy orchestration, observability across these environments using the same toolsets. This allows simplified management of workloads for organizations who are in the midst of migrating to k8s from VMs or for those who might rely on VMs for a forseable future.
![](./getting-started/res/kvmservice-k8s-control-plane.png)
## High Level Arch for VM-only deployments
There are organizations who might not support k8s for forseable future and their workloads will primarily be on cloud VMs or their own data-center VMs or even bare-metal machines. kvmservice allows onboarding, policy orchestration, observability for such environments.
![](./getting-started/res/kvmservice-non-k8s-control-plane.png)
## Additional Documents
* [Deploying KubeArmor at scale on VMs using non-k8s control plane](./getting-started/kvmservice-nonk8s.md)
* [Google Slides for initial design discussions](https://docs.google.com/presentation/d/1aa0fVLWHcVkaGbb70Jy6dek7KOYIAailx3and-mjh8M/edit?usp=sharing)