search

kubearmor / KubeArmor

Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
https://kubearmor.io/
Apache License 2.0
1.49k stars 342 forks source link

CI(tests): ginkgo tests for host security capabilities of KubeArmor #1625

Open DelusionalOptimist opened 8 months ago

DelusionalOptimist commented 8 months ago

Description

We currently test container runtime security with KubeArmor running in Kubernetes. However, KubeArmor also has the capability to secure Kubernetes nodes. As well as run in non-kubernetes mode and protect hosts. So, we need to add tests for KubeArmor's host security functionalities. The existing ginkgo test suite can be used for reference of what all has to be tested and can be extended further to test host functionalities.

Possible scenarios

More scenarios from our deprecated bash test suite

Environments

DelusionalOptimist commented 8 months ago

Depends on the ability to enable host policy with the operator - https://github.com/kubearmor/KubeArmor/issues/1501