Packer
KubeArmor
@kubearmor
The KubeArmor plugin which provides kubearmor hardening security policies for the build workloads
- Community
Updated 9 months ago
- GitHub(opens in new tab)
KubeArmor
A plugin for Packer which provides KubeArmor Hardening Host Security policies for the build workloads.
KubeArmor is a security solution for the Kubernetes and cloud native platforms that helps protect your workloads from attacks and threats. It does this by providing a set of hardening policies that are based on industry-leading compliance and attack frameworks such as CIS, MITRE, NIST-800-53, and STIGs. These policies are designed to help you secure your workloads in a way that is compliant with these frameworks and recommended best practices.
The KubeArmor provisioner will configure the build and provide the KubeArmor Hardening Host Security Policies. These hardening policies will be in the context of your workload, so you can see how they will be applied and what impact they will have on your system. This allows you to make informed decisions about which policies to apply, and helps you understand the trade-offs between security and functionality.
Installation
To install this plugin, copy and paste this code into your Packer configuration, then run packer init
.
packer {
required_plugins {
kubearmor = {
version = ">= 0.0.1"
source = "github.com/kubearmor/kubearmor"
}
}
}
Alternatively, you can use packer plugins install
to manage installation of this plugin.
$ packer plugins install github.com/kubearmor/kubearmor
From Source
If you prefer to build the plugin from its source code, clone the GitHub
repository locally and run the command go build
from the root
directory. Upon successful compilation, a packer-plugin-kubearmor
plugin
binary file can be found in the root directory.
To install the compiled plugin, please follow the official Packer documentation on installing a plugin.
Components
Provisioners:
- kubearmor - The kubearmor provisioner is used to provisioner Packer builds and provide the packer builds KubeArmor Host Security Policies.