Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CI(tests): ginkgo tests for host security capabilities of KubeArmor #1625

Open
5 tasks
DelusionalOptimist opened this issue Feb 13, 2024 · 1 comment · May be fixed by #1857 or #1858
Open
5 tasks

CI(tests): ginkgo tests for host security capabilities of KubeArmor #1625

DelusionalOptimist opened this issue Feb 13, 2024 · 1 comment · May be fixed by #1857 or #1858
Labels
help wanted Extra attention is needed

Comments

@DelusionalOptimist
Copy link
Member

DelusionalOptimist commented Feb 13, 2024

Description

We currently test container runtime security with KubeArmor running in Kubernetes. However, KubeArmor also has the capability to secure Kubernetes nodes. As well as run in non-kubernetes mode and protect hosts.
So, we need to add tests for KubeArmor's host security functionalities.
The existing ginkgo test suite can be used for reference of what all has to be tested and can be extended further to test host functionalities.

Possible scenarios

  • KubeArmorHostSecurityPolicy (hsp) enforcement
  • Host visibility annotations/settings
  • Host default posture

More scenarios from our deprecated bash test suite

Environments

  • BPF LSM enforcer
  • AppArmor
@DelusionalOptimist DelusionalOptimist added the help wanted Extra attention is needed label Feb 13, 2024
@DelusionalOptimist
Copy link
Member Author

Depends on the ability to enable host policy with the operator - #1501

@DelusionalOptimist DelusionalOptimist changed the title CI(tests): ginkgo tests for host security with KubeArmor in Kubernetes CI(tests): ginkgo tests for host security capabilities of KubeArmor May 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
1 participant