-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Podman for unorchestrated environments #1814
Comments
Hey @rootxrishabh , I am interested in the issue of creating Podman support for KubeArmor in unorchestrated environments. I plan to review the reading materials you provided and other resources available online related to Podman. I will come up with a proper plan and design for this project. |
Hey @rootxrishabh,Exicted to work on this issue of creating Podman support for KubeArmor for unorchestrated environments.Currently going through the references you have shared. |
hii @rootxrishabh I would like to work for this project as it aligns with my skills and interests under the LFX mentorship programme |
@rootxrishabh this would be an exciting project for me as i've worked closely with podman during my global certification training with RedHat for RHCSA and RHCE, i'll go through the resources and prepare a plan for the project. |
hey @rootxrishabh are there any prerequisites for working on this particular project? |
Hey Folks, Thanks for the interest in the mentorship. We have certain prerequisites which we expect to be included in your application. Please include details or reference to a document for the said prerequisite in your Cover Letter / Mail to the mentors / DM Mentors in CNCF Slack by 20 August 11:59PM IST Following are the details. Support Podman and OCI Hooks support for unorchestrated environments - https://mentorship.lfx.linuxfoundation.org/project/c693a6b1-d034-4140-8aba-dfe02fbef48a Prerequisite: Share an OCI Hook to add AppArmor Profile to container created by user.
Where Imagine you start a container using
Due to the presence of your OCI Hook, the said podman container should be loaded with a AppArmor Profile References to understand containers and apparmor profile |
Kubearmor connects to the container-runtime to get the mount-namespace and other details (for eg, container image details etc).
These details are used subsequently in the telemetry/log enrichment. For e.g -
The aim is to create Podman support for kubearmor for unorchestrated environments as podman does not implement the CRI.
Initial Scope:
Future Items:
Support for podman with socket mode as well
References:
The text was updated successfully, but these errors were encountered: