From 2f1416ccdae3212d956ef50e170f0ea2fefeb179 Mon Sep 17 00:00:00 2001 From: Rudraksh Pareek Date: Fri, 27 May 2022 01:25:43 +0530 Subject: [PATCH] update getting started guide and deployments for AKS Signed-off-by: Rudraksh Pareek --- deployments/AKS/README.md | 17 + deployments/AKS/kubearmor.yaml | 1187 +++++++++++++++++++++++++++ deployments/get/defaults.go | 55 ++ deployments/main.go | 2 +- getting-started/deployment_guide.md | 2 + 5 files changed, 1262 insertions(+), 1 deletion(-) create mode 100644 deployments/AKS/README.md create mode 100644 deployments/AKS/kubearmor.yaml diff --git a/deployments/AKS/README.md b/deployments/AKS/README.md new file mode 100644 index 0000000000..9f1ba43064 --- /dev/null +++ b/deployments/AKS/README.md @@ -0,0 +1,17 @@ +# Deploy KubeArmor on AKS + +## 1. Creating an AKS cluster + +- Create a Linux-based AKS cluster + + Follow the [Quickstart guide using Azure portal](https://docs.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-portal) + + Note that KubeArmor doesn't work with Windows-based based AKS clusters as it leverages Linux kernel primitives. + +- Set up AKS credentials + + Follow the [connect to your cluster using Azure CLI guide](https://docs.microsoft.com/en-us/azure/aks/learn/quick-kubernetes-deploy-cli#connect-to-the-cluster) to setup AKS credentials on your system so that kubectl and [karmor](https://github.com/kubearmor/kubearmor-client) can connect with your cluster. + +## 2. Deploying KubeArmor + +- Follow the [deployment guide](../../getting-started/deployment_guide.md) to install KubeArmor in the cluster. diff --git a/deployments/AKS/kubearmor.yaml b/deployments/AKS/kubearmor.yaml new file mode 100644 index 0000000000..a8613bf1df --- /dev/null +++ b/deployments/AKS/kubearmor.yaml @@ -0,0 +1,1187 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubearmor + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubearmor + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kubearmor + namespace: kube-system +--- +apiVersion: v1 +kind: Service +metadata: + name: kubearmor + namespace: kube-system +spec: + ports: + - port: 32767 + protocol: TCP + targetPort: 32767 + selector: + kubearmor-app: kubearmor-relay +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubearmor-app: kubearmor-relay + name: kubearmor-relay + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + kubearmor-app: kubearmor-relay + template: + metadata: + annotations: + kubearmor-policy: audited + labels: + kubearmor-app: kubearmor-relay + spec: + containers: + - image: kubearmor/kubearmor-relay-server:latest + name: kubearmor-relay-server + ports: + - containerPort: 32767 + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: kubearmor +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + kubearmor-app: kubearmor + name: kubearmor + namespace: kube-system +spec: + selector: + matchLabels: + kubearmor-app: kubearmor + template: + metadata: + annotations: + container.apparmor.security.beta.kubernetes.io/kubearmor: unconfined + labels: + kubearmor-app: kubearmor + spec: + containers: + - args: + - -gRPC=32767 + - -logPath=/tmp/kubearmor.log + - -enableKubeArmorHostPolicy + image: kubearmor/kubearmor:stable + imagePullPolicy: Always + livenessProbe: + exec: + command: + - /bin/bash + - -c + - if [ -z $(pgrep kubearmor) ]; then exit 1; fi; + initialDelaySeconds: 60 + periodSeconds: 10 + name: kubearmor + ports: + - containerPort: 32767 + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /lib/modules + name: lib-modules-path + readOnly: true + - mountPath: /sys/fs/bpf + name: sys-fs-bpf-path + - mountPath: /sys/kernel/security + name: sys-kernel-security-path + - mountPath: /sys/kernel/debug + name: sys-kernel-debug-path + - mountPath: /media/root/etc/os-release + name: os-release-path + readOnly: true + - mountPath: /usr/src + name: usr-src-path + readOnly: true + - mountPath: /etc/apparmor.d + name: etc-apparmor-d-path + - mountPath: /var/run/containerd/containerd.sock + name: containerd-sock-path + readOnly: true + - mountPath: /run/containerd + name: containerd-storage-path + readOnly: true + - mountPath: /var/lib/docker + name: docker-storage-path + readOnly: true + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: true + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + serviceAccountName: kubearmor + terminationGracePeriodSeconds: 30 + tolerations: + - operator: Exists + volumes: + - hostPath: + path: /lib/modules + type: Directory + name: lib-modules-path + - hostPath: + path: /sys/fs/bpf + type: Directory + name: sys-fs-bpf-path + - hostPath: + path: /sys/kernel/security + type: Directory + name: sys-kernel-security-path + - hostPath: + path: /sys/kernel/debug + type: Directory + name: sys-kernel-debug-path + - hostPath: + path: /etc/os-release + type: File + name: os-release-path + - hostPath: + path: /usr/src + type: Directory + name: usr-src-path + - hostPath: + path: /etc/apparmor.d + type: DirectoryOrCreate + name: etc-apparmor-d-path + - hostPath: + path: /var/run/containerd/containerd.sock + type: Socket + name: containerd-sock-path + - hostPath: + path: /run/containerd + type: DirectoryOrCreate + name: containerd-storage-path + - hostPath: + path: /var/lib/docker + type: DirectoryOrCreate + name: docker-storage-path +--- +apiVersion: v1 +kind: Service +metadata: + labels: + kubearmor-app: kubearmor-policy-manager + name: kubearmor-policy-manager-metrics-service + namespace: kube-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + kubearmor-app: kubearmor-policy-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubearmor-app: kubearmor-policy-manager + name: kubearmor-policy-manager + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + kubearmor-app: kubearmor-policy-manager + template: + metadata: + annotations: + kubearmor-policy: audited + labels: + kubearmor-app: kubearmor-policy-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + resources: + limits: + cpu: 100m + memory: 40Mi + requests: + cpu: 100m + memory: 20Mi + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + command: + - /manager + image: kubearmor/kubearmor-policy-manager:latest + name: kubearmor-policy-manager + resources: + limits: + cpu: 100m + memory: 40Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: kubearmor + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + kubearmor-app: kubearmor-host-policy-manager + name: kubearmor-host-policy-manager-metrics-service + namespace: kube-system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + kubearmor-app: kubearmor-host-policy-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + kubearmor-app: kubearmor-host-policy-manager + name: kubearmor-host-policy-manager + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + kubearmor-app: kubearmor-host-policy-manager + template: + metadata: + annotations: + kubearmor-policy: audited + labels: + kubearmor-app: kubearmor-host-policy-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + resources: + limits: + cpu: 100m + memory: 40Mi + requests: + cpu: 100m + memory: 20Mi + - args: + - --metrics-addr=127.0.0.1:8080 + - --enable-leader-election + command: + - /manager + image: kubearmor/kubearmor-host-policy-manager:latest + name: kubearmor-host-policy-manager + resources: + limits: + cpu: 100m + memory: 40Mi + requests: + cpu: 100m + memory: 20Mi + serviceAccountName: kubearmor + terminationGracePeriodSeconds: 10 +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + name: kubearmorpolicies.security.kubearmor.com +spec: + group: security.kubearmor.com + names: + kind: KubeArmorPolicy + listKind: KubeArmorPolicyList + plural: kubearmorpolicies + shortNames: + - ksp + singular: kubearmorpolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubeArmorPolicy is the Schema for the kubearmorpolicies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeArmorPolicySpec defines the desired state of KubeArmorPolicy + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + apparmor: + type: string + capabilities: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchCapabilities: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + capability: + pattern: (chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_admin|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|audit_write|audit_control|setfcap|mac_override|mac_admin)$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - capability + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - matchCapabilities + type: object + file: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchDirectories: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + dir: + pattern: ^\/$|^\/.*\/$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + readOnly: + type: boolean + recursive: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - dir + type: object + type: array + matchPaths: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + path: + pattern: ^\/+.*[^\/]$ + type: string + readOnly: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - path + type: object + type: array + matchPatterns: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + message: + type: string + ownerOnly: + type: boolean + pattern: + type: string + readOnly: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - pattern + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + type: object + message: + type: string + network: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchProtocols: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + protocol: + pattern: (icmp|ICMP|tcp|TCP|udp|UDP|raw|RAW)$ + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - protocol + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - matchProtocols + type: object + process: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchDirectories: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + dir: + pattern: ^\/$|^\/.*\/$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + recursive: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - dir + type: object + type: array + matchPaths: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + path: + pattern: ^\/+.*[^\/]$ + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - path + type: object + type: array + matchPatterns: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + message: + type: string + ownerOnly: + type: boolean + pattern: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - pattern + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + type: object + selector: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - selector + type: object + status: + description: KubeArmorPolicyStatus defines the observed state of KubeArmorPolicy + properties: + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + name: kubearmorhostpolicies.security.kubearmor.com +spec: + group: security.kubearmor.com + names: + kind: KubeArmorHostPolicy + listKind: KubeArmorHostPolicyList + plural: kubearmorhostpolicies + shortNames: + - hsp + singular: kubearmorhostpolicy + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubeArmorHostPolicy is the Schema for the kubearmorhostpolicies + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeArmorHostPolicySpec defines the desired state of KubeArmorHostPolicy + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + apparmor: + type: string + capabilities: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchCapabilities: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + capability: + pattern: (chown|dac_override|dac_read_search|fowner|fsetid|kill|setgid|setuid|setpcap|linux_immutable|net_bind_service|net_broadcast|net_admin|net_raw|ipc_lock|ipc_owner|sys_module|sys_rawio|sys_chroot|sys_ptrace|sys_pacct|sys_admin|sys_boot|sys_nice|sys_resource|sys_time|sys_tty_config|mknod|lease|audit_write|audit_control|setfcap|mac_override|mac_admin)$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - capability + - fromSource + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - matchCapabilities + type: object + file: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchDirectories: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + dir: + pattern: ^\/$|^\/.*\/$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + readOnly: + type: boolean + recursive: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - dir + type: object + type: array + matchPaths: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + path: + pattern: ^\/+.*[^\/]$ + type: string + readOnly: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - path + type: object + type: array + matchPatterns: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + message: + type: string + ownerOnly: + type: boolean + pattern: + type: string + readOnly: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - pattern + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + type: object + message: + type: string + network: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchProtocols: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + protocol: + pattern: (icmp|ICMP|tcp|TCP|udp|UDP|raw|RAW)$ + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - fromSource + - protocol + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - matchProtocols + type: object + nodeSelector: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + process: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + matchDirectories: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + dir: + pattern: ^\/$|^\/.*\/$ + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + recursive: + type: boolean + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - dir + type: object + type: array + matchPaths: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + fromSource: + items: + properties: + path: + pattern: ^\/+.*[^\/]$ + type: string + type: object + type: array + message: + type: string + ownerOnly: + type: boolean + path: + pattern: ^\/+.*[^\/]$ + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - path + type: object + type: array + matchPatterns: + items: + properties: + action: + enum: + - Allow + - Audit + - Block + type: string + message: + type: string + ownerOnly: + type: boolean + pattern: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - pattern + type: object + type: array + message: + type: string + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + type: object + severity: + maximum: 10 + minimum: 1 + type: integer + tags: + items: + type: string + type: array + required: + - nodeSelector + type: object + status: + description: KubeArmorHostPolicyStatus defines the observed state of KubeArmorHostPolicy + properties: + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/deployments/get/defaults.go b/deployments/get/defaults.go index 49ac41f06d..74b6ae5eec 100644 --- a/deployments/get/defaults.go +++ b/deployments/get/defaults.go @@ -405,4 +405,59 @@ var defaultConfigs = map[string]DaemonSetConfig{ }, }, }, + "aks": { + Args: []string{ + "-enableKubeArmorHostPolicy", + }, + VolumeMounts: []corev1.VolumeMount{ + hostUsrVolMnt, + apparmorVolMnt, + { + Name: "containerd-sock-path", // containerd + MountPath: "/var/run/containerd/containerd.sock", + ReadOnly: true, + }, + { + Name: "containerd-storage-path", // containerd storage + MountPath: "/run/containerd", + ReadOnly: true, + }, + { + Name: "docker-storage-path", // docker storage + MountPath: "/var/lib/docker", + ReadOnly: true, + }, + }, + Volumes: []corev1.Volume{ + hostUsrVol, + apparmorVol, + { + Name: "containerd-sock-path", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/var/run/containerd/containerd.sock", + Type: &hostPathSocket, + }, + }, + }, + { + Name: "containerd-storage-path", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/run/containerd", + Type: &hostPathDirectoryOrCreate, + }, + }, + }, + { + Name: "docker-storage-path", + VolumeSource: corev1.VolumeSource{ + HostPath: &corev1.HostPathVolumeSource{ + Path: "/var/lib/docker", + Type: &hostPathDirectoryOrCreate, + }, + }, + }, + }, + }, } diff --git a/deployments/main.go b/deployments/main.go index fa4fbbdb0b..b8d5f46841 100644 --- a/deployments/main.go +++ b/deployments/main.go @@ -20,7 +20,7 @@ import ( ) func main() { - envs := []string{"generic", "EKS", "GKE", "docker", "minikube", "microk8s", "k3s"} + envs := []string{"generic", "docker", "minikube", "microk8s", "k3s", "GKE", "EKS", "AKS"} nsPtr := flag.String("namespace", "kube-system", "Namespace") flag.Parse() diff --git a/getting-started/deployment_guide.md b/getting-started/deployment_guide.md index 37e97b5bcf..bc81b1fcf5 100644 --- a/getting-started/deployment_guide.md +++ b/getting-started/deployment_guide.md @@ -77,6 +77,7 @@ karmor log 5. [minikube](https://github.com/kubearmor/KubeArmor/tree/main/deployments/minikube) 6. [GKE](https://github.com/kubearmor/KubeArmor/tree/main/deployments/GKE) 7. [EKS](https://github.com/kubearmor/KubeArmor/tree/main/deployments/EKS) +8. [AKS](https://github.com/kubearmor/KubeArmor/tree/main/deployments/AKS) --- **NOTE** @@ -90,6 +91,7 @@ karmor log 3. Google Kubernetes Engine (GKE) with Container Optimized OS (COS) 4. GKE with Ubuntu image 5. [Amazon Elastic Kubernetes Service (EKS)](../deployments/EKS) +6. [Azure Kubernetes Service (AKS)](../deployments/AKS) ## Prerequisites 1. [K3s](../deployments/k3s)