Open Ankurk99 opened 2 years ago
rksharma95
commented
2 years ago we cannot install packages in /usr/local in Fedora CoreOs.
Importing package 'kubearmor': Analyzing /usr/local/bin/karmor: Unsupported path;
see https://github.com/projectatomic/rpm-ostree/issues/233
Ankurk99
commented
1 year ago we cannot install packages in /usr/local in Fedora CoreOs.
We can put karmor at some other place, I don't think that will be an issue. Also here we need to test kubearmor for containerized workloads, so running KubeArmor in systemd mode will be fine too.
PrathyushaModala
commented
1 year ago Hey @Ankurk99 Can I work on this??
Ankurk99
commented
1 year ago Sure, feel free to ask for any help.
HariVamsiK
commented
1 year ago Hey @Ankurk99 I got the fedoracore os instance running on my aws and there is a lot of config to be done before the actual KubeArmor installation. It doesn't have a proper package manager that can resolve all the dependencies needed for KubeArmor installation. And as @rksharma95 mentioned, packages cannot be installed in /usr/local. I went through the PR that was mentioned and there are lot of variables to take into consideration and to be resolved.
Ankurk99
commented
1 year ago I see. Do you have any other steps to further test this? Also, did you try copying the binaries to the required path (for eg: copying karmor to /usr/local/bin?
HariVamsiK
commented
1 year ago 
Here's the karmor probe output for fedora x86_64.
Deploying k3s or running in systemd mode is not possible as the package manager is far different and the scripts are for debian based OS's only.
Feature Request
Short Description Fedora CoreOS is an automatically updating minimal OS specifically designed to run containerized applications. With v0.5.5 release KubeArmor added support for containerized workloads and Fedora CoreOS is an ideal candidate to test the use-case. Note: Fedora CoreOS supports BPF LSM, so we should be good to test both observability and enforcement on it.