From 9e91775c70a5e02de9ecc2a367e40cda457dc919 Mon Sep 17 00:00:00 2001 From: PrimalPimmy Date: Wed, 24 Jan 2024 14:12:51 +0530 Subject: [PATCH] LFX: Add Kubearmor project for March - May term 2024 Signed-off-by: PrimalPimmy LFX: Add Kubearmor project for March - May term 2024 Signed-off-by: PrimalPimmy LFX: Add Kubearmor project for March - May term 2024 Signed-off-by: PrimalPimmy --- .../2024/01-Mar-May/project_ideas.md | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md index 1be9daf6..cdeee137 100644 --- a/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md +++ b/programs/lfx-mentorship/2024/01-Mar-May/project_ideas.md @@ -133,3 +133,41 @@ - [Manan Gupta](https://github.com/GuptaManan100) (manan@planetscale.com) - [Harshit Gangal](https://github.com/harshit-gangal) (harshit@planetscale.com) - Issue: + +### Kubearmor + +#### Kubearmor Kata Container Support + +- Description: Kata Containers is an open source community working to build a secure container runtime with lightweight virtual machines that feel and perform like containers, but provide stronger workload isolation using hardware virtualization technology as a second layer of defense. +- Expected Outcome: KubeArmor natively protecting Kata containers with required Integration. +- Recommended Skills: Go, Kubernetes, Linux +- Mentor(s): + - Barun Acharya (@daemon1024, barun1024@gmail.com) + - Prashant Mishra (@primalpimmy, prashant20.pm@gmail.com) + - Rudraksh Pareek (@DelusionalOptimist, rudrakshpareek3601@gmail.com ) +- Upstream Issue: https://github.com/kubearmor/KubeArmor/issues/1340 + +#### Leverage OCI Hooks for Container Events + +- Description: Use OCI hooks and get events in context to container start/stop: Currently KubeArmor mounts docker/containerd/crio UNIX domain socket file in KubeArmor to watch for container events. The aim is to use OCI hooks for getting such container events. +- Expected Outcome: Eliminate exposing docker/containerd/crio UNIX domain sockets inside a container. +- Recommended Skills: Go, Kubernetes, Linux +- Mentor(s): + - Barun Acharya (@daemon1024, barun1024@gmail.com) + - Akshay Gaikwad (@akshay196, akgaikwad001@gmail.com) + - Rudraksh Pareek (@DelusionalOptimist, rudrakshpareek3601@gmail.com ) +- Upstream Issue: https://github.com/kubearmor/KubeArmor/issues/1390 + +#### Dashboards for application behavior and KubeArmor state + +- Description: For showing an application's behaviour, we'd like to have a Kibana/Grafana dashboard. We have existing integrations for +visualizing alerts with Elastic/Loki and we can use them for creating these. +We want to leverage the above for creating a plugin which will allow users to see an application's behavior based on visibility logs sent by KubeArmor. +- Expected Outcome: A kubernetes dashboard setup that also has the app behaviours described. +- Recommended Skills: Grafana, Javascript, Go, Kubernetes, Linux +- Mentor(s): + - Barun Acharya (@daemon1024, barun1024@gmail.com) + - Prashant Mishra (@primalpimmy, prashant20.pm@gmail.com) + - Rudraksh Pareek (@DelusionalOptimist, rudrakshpareek3601@gmail.com ) + - Anurag Kumar (@kranurag7, kranurag7@linux.com) +- Upstream Issue: https://github.com/kubearmor/KubeArmor/issues/1390