GitBook: [master] 25 pages and 18 assets modified

README.md

@@ -1,6 +1,6 @@
 # KubeArmor
 
-![KubeArmor Logo](documentation/resources/logo.png)
+![KubeArmor Logo](.gitbook/assets/logo.png)
 
 ## Introduction to KubeArmor
 
@@ -14,7 +14,7 @@ KubeArmor is designed for Kubernetes environments; thus, operators only need to
 
 If there are any violations against security policies, KubeArmor immediately generates audit logs with container identities. If operators have any logging systems, it automatically sends audit logs to their systems as well.
 
-![KubeArmor High Level Design](documentation/resources/kubearmor_overview.png)
+![KubeArmor High Level Design](.gitbook/assets/kubearmor_overview.png)
 
 ## Functionality Overview
 
@@ -48,15 +48,15 @@ KubeArmor aims to protect containers themselves rather than interactions among c
 
 Please take a look at the following documents.
 
-1. [Deployment Guide](documentation/getting-started/deployment_guide.md)
-2. [Security Policy Specification](documentation/getting-started/security_policy_specification.md)
-3. [Security Policy Examples](documentation/getting-started/security_policy_examples.md)
+1. [Deployment Guide](getting-started/deployment_guide.md)
+2. [Security Policy Specification](getting-started/security_policy_specification.md)
+3. [Security Policy Examples](getting-started/security_policy_examples.md)
 
 If you want to make a contribution, please refer to the following documents too.
 
-1. [Contribution Guide](documentation/contribution/contribution_guide.md)
-2. [Development Guide](documentation/contribution/development_guide.md)
-3. [Technical Roadmap](documentation/contribution/technical_roadmap.md)
+1. [Contribution Guide](contribution/contribution_guide.md)
+2. [Development Guide](contribution/development_guide.md)
+3. [Technical Roadmap](contribution/technical_roadmap.md)
 
 ## Community
 
@@ -68,3 +68,4 @@ If you want to make a contribution, please refer to the following documents too.
 
 KubeArmor is licensed under the Apache License, Version 2.0.  
 The eBPF-based container monitor is licensed under the General Public License, Version 2.0.
+

SUMMARY.md

@@ -2,29 +2,28 @@
 
 * [KubeArmor](README.md)
 
-## Documentation
+## Getting Started
 
-### Getting Started
+* [Deployment Guide](getting-started/deployment_guide.md)
+* [Security Policy Specification](getting-started/security_policy_specification.md)
+* [Security Policy Examples](getting-started/security_policy_examples.md)
+* [Consideration in Policy Action](getting-started/consideration_in_policy_action.md)
 
-* [Deployment Guide](documentation/getting-started/deployment_guide.md)
-* [Security Policy Specification](documentation/getting-started/security_policy_specification.md)
-* [Security Policy Examples](documentation/getting-started/security_policy_examples.md)
-* [Consideration in Policy Action](documentation/getting-started/consideration_in_policy_action.md)
+## Contribution
 
-### Contribution
+* [Contribution Guide](contribution/contribution_guide.md)
+* [Development Guide](contribution/development_guide.md)
+* [Kubernetes Installation](contribution/k8s_installation_guide.md)
+* [Technical Roadmap](contribution/technical_roadmap.md)
 
-* [Contribution Guide](documentation/contribution/contribution_guide.md)
-* [Development Guide](documentation/contribution/development_guide.md)
-* [Kubernetes Installation](documentation/contribution/k8s_installation_guide.md)
-* [Technical Roadmap](documentation/contribution/technical_roadmap.md)
+## Reference
 
-### Reference
-
-* [Supported Capability List](documentation/reference/supported_capability_list.md)
-* [Supported Operation List](documentation/reference/supported_operation_list.md)
+* [Supported Capability List](reference/supported_capability_list.md)
+* [Supported Operation List](reference/supported_operation_list.md)
 
 ## Examples
 
 * [Multiubuntu](examples/multiubuntu.md)
 * [Sock-Shop](examples/sock-shop.md)
 * [Wordpress-MySQL](examples/wordpress-mysql.md)
+

documentation/contribution/contribution_guide.md → contribution/contribution_guide.md

@@ -6,15 +6,17 @@ If you want to make a contribution, please follow the steps below.
 
    First, fork this repository by clicking on the Fork button \(top right\).
 
-   ![fork button](../resources/images/fork_button.png)
+   ![fork button](../.gitbook/assets/fork_button.png)  
+
 
    Then, click your ID on the pop-up screen.
 
-   ![fork screen](../resources/images/fork_screen.png)
+   ![fork screen](../.gitbook/assets/fork_screen.png)  
+
 
    This will create a copy of KubeArmor in your account.
 
-   ![fork repo](../resources/images/forked_repo.png)
+   ![fork repo](../.gitbook/assets/forked_repo.png)  
 
 2. Clone the repository
 
@@ -24,13 +26,13 @@ If you want to make a contribution, please follow the steps below.
     $ git clone https://github.com/[your GitHub ID]/KubeArmor
    ```
 
-   Then, you will get the full code of KubeArmor in your machine.
+   Then, you will get the full code of KubeArmor in your machine.  
 
 3. Make changes
 
    First, go into the repository directory and make some changes.
 
-   Please refer to [development guide](development_guide.md) to set up your environment for KubeArmor contribution.
+   Please refer to [development guide](development_guide.md) to set up your environment for KubeArmor contribution.  
 
 4. Commit the changes
 
@@ -48,7 +50,7 @@ If you want to make a contribution, please follow the steps below.
     (KubeArmor) $ git commit -m "Add a new feature by [your name]"
    ```
 
-   Please make sure that your changes are properly tested on your machine.
+   Please make sure that your changes are properly tested on your machine.  
 
 5. Push changes to your forked repository
 
@@ -62,18 +64,24 @@ If you want to make a contribution, please follow the steps below.
 
    First, go to your repository on GitHub.
 
-   ![commit ahead](../resources/images/commit_ahead.png)
+   ![commit ahead](../.gitbook/assets/commit_ahead.png)  
+
 
    Then, click "Pull request" button.
 
-   ![after pull request](../resources/images/after_pull_request.png)
+   ![after pull request](../.gitbook/assets/after_pull_request.png)  
+
 
    After checking your changes, click 'Create pull request'.
 
-   ![open pull request](../resources/images/open_pull_request.png)
+   ![open pull request](../.gitbook/assets/open_pull_request.png)  
+
+
+   A pull request should contain the details of all commits as specific as possible. Also, please make sure that you have "Fixes: \#\(issue number\)".  
 
-   A pull request should contain the details of all commits as specific as possible. Also, please make sure that you have "Fixes: \#\(issue number\)".
 
    Finally, click the "Create pull request" button.
 
+
    The changes would be merged post a review by the respective module owners. Once the changes are merged, you will get a notification, and the corresponding issue will be closed.
+

documentation/contribution/development_guide.md → contribution/development_guide.md

@@ -3,7 +3,6 @@
 ## Development
 
 1. Self-managed Kubernetes
-
    * Requirements
 
      Here is the list of minimum requirements for self-managed Kubernetes.
@@ -17,7 +16,9 @@
 
      KubeArmor is designed for Kubernetes, which means that Kubernetes should be ready in your environment. If Kubernetes is not prepared yet, please refer to [Kubernetes installation guide](k8s_installation_guide.md). KubeArmor also requires Docker or Containerd since it internally uses its APIs. If you have other container platforms \(e.g., Podman\), please make an issue in this repository. While we are going to adopt other container platforms in KubeArmor, we may be able to adjust the priorities of our planned tasks on demand. KubeArmor requires LSMs to operate properly; thus, please make sure that your environment supports LSMs \(at least, AppArmor\).
 
-     Note that KubeArmor does not work on MiniKube because MiniKube does not support AppArmor. In addition, KubeArmor does not work with Docker Desktops on Windows and macOS because KubeArmor integrates with Linux-kernel native primitives such as LSMs.
+  
+     Note that KubeArmor does not work on MiniKube because MiniKube does not support AppArmor. In addition, KubeArmor does not work with Docker Desktops on Windows and macOS because KubeArmor integrates with Linux-kernel native primitives such as LSMs.  
+
 
      * \(Optional\) MicroK8s Setup
 
@@ -39,10 +40,8 @@
 
      [setup.sh](https://github.com/accuknox/KubeArmor/blob/master/contributions/bare-metal/setup.sh) will automatically install BCC \(latest\), Go \(v1.15.2\), and Protobuf \(3.14.0\).
 
-     Now, you are ready to develop any code for KubeArmor. Enjoy your journey with KubeArmor.
-
+     Now, you are ready to develop any code for KubeArmor. Enjoy your journey with KubeArmor.  
 2. Vagrant Environment
-
    * Requirements
 
      Here is the list of requirements for a Vagrant environment
@@ -130,3 +129,4 @@ Here, we briefly give you an overview of KubeArmor's directories.
   examples/     - Example microservices for testing
   tests/        - Automated test framework for KubeArmor
   ```
+

documentation/contribution/k8s_installation_guide.md → contribution/k8s_installation_guide.md

@@ -2,7 +2,7 @@
 
 * Requirements
 
-  You can install Docker and Kubernetes on any Ubuntu platform.
+  You can install Docker and Kubernetes on any Ubuntu platform.  
 
 * Prerequisites
 
@@ -40,11 +40,12 @@
     (k8s) $ ./initialize_kubernetes.sh [ weave | calico | cilium ] master
   ```
 
-  Please make sure that you need to put "master" at the above command end if you have only a single machine.
+  Please make sure that you need to put "master" at the above command end if you have only a single machine.  
 
 * Kubernetes Installation \(multiple machines\)
 
-  If you use multiple machines to set up a multi-node environment, Please run the following command.
+  If you use multiple machines to set up a multi-node environment, Please run the following commands.  
+
 
   * Master Node
 
@@ -54,10 +55,11 @@
     (k8s) $ ./initialize_kubernetes.sh [ flannel | weave | calico | cilium ] (master)
     ```
 
-    Here, the master node will only serve Kubernetes services since you do not put "master" at the above command end. However, if you also want to use the master node to deploy containers, you can put "master" at the above command end.
+    Here, the master node will only serve Kubernetes services since you do not put "master" at the above command end. However, if you also want to use the master node to deploy containers, you can put "master" at the above command end.  
 
   * Worker Node
 
     ```text
     $ sudo kubeadm ... (the command that you get from the master node)
     ```
+

documentation/contribution/technical_roadmap.md → contribution/technical_roadmap.md

@@ -3,19 +3,12 @@
 Here, we briefly share a plan for the next releases \(e.g., including features, specs, and platforms\).
 
 * Current Release
-
   * Kubernetes Environments
-
-    * Self-managed Kubernetes \(using kubeadm\), MicroK8s, Google Kubernetes Engine \(GKE\)
-
+    * Self-managed Kubernetes \(using kubeadm\), MicroK8s, Google Kubernetes Engine \(GKE\) 
   * Container Platforms
-
-    * Docker, Containerd
-
+    * Docker, Containerd 
   * LSM Supports
-
-    * AppArmor
-
+    * AppArmor 
   * Features
 
     * Monitor container behaviors at the system level
@@ -35,17 +28,11 @@ Here, we briefly share a plan for the next releases \(e.g., including features,
       Log file  
       gRPC
     ```
-
 * Next Release
-
   * Kubernetes Environments
-
-    * \(extension\) Amazon Elastic Kubernetes Service \(EKS\), Azure Kubernetes Service \(AKS\)
-
+    * \(extension\) Amazon Elastic Kubernetes Service \(EKS\), Azure Kubernetes Service \(AKS\) 
   * LSM Supports
-
-    * \(extension\) KRSI \(requiring Linux kernel v5.8 or newer\)
-
+    * \(extension\) KRSI \(requiring Linux kernel v5.8 or newer\) 
   * Features
 
     * \(extension\) Produce container-aware logs and write them into:
@@ -75,17 +62,11 @@ Here, we briefly share a plan for the next releases \(e.g., including features,
     ```text
       Prometheus
     ```
-
 * Future Releases
-
   * Container Platforms
-
-    * \(extension\) Podman
-
+    * \(extension\) Podman 
   * LSM Supports
-
-    * \(extension\) SELinux
-
+    * \(extension\) SELinux 
   * Features
 
     * Produce container-aware logs and write them into:
@@ -99,3 +80,4 @@ Here, we briefly share a plan for the next releases \(e.g., including features,
     ```text
       Integration with network security solutions (e.g., Cilium)
     ```
+

examples/multiubuntu.md

@@ -58,3 +58,4 @@ $ kubectl -n multiubuntu exec -it {pod name for ubuntu 5} -- bash
 ```text
 $ kubectl -n kube-system exec -it {KubeArmor in the node where ubuntu 5 is located} -- tail /tmp/kubearmor.log
 ```
+

examples/sock-shop.md

@@ -8,3 +8,4 @@ To deploy the sock-shop microservice, please run the following commands.
 $ cd examples/sock-shop
 (examples/sock-shop) $ kubectl apply -f .
 ```
+

examples/wordpress-mysql.md

@@ -8,3 +8,4 @@ To deploy the wordpress-mysql microservice, please run the following commands.
 $ cd examples/wordpress-mysql
 (examples/wordpress-mysql) $ kubectl apply -f .
 ```
+

documentation/getting-started/consideration_in_policy_action.md → getting-started/consideration_in_policy_action.md

@@ -8,4 +8,5 @@ Here, we introduce an example of how security policies are handled differently.
 
 After that, let us say that the operator also wants the pods with role=A to execute /app only. Then, this policy will be enforced into Pod A. At this point, a problem may occur. Since Pod A has an 'Allow' policy and a 'Block' policy together, the way to handle those policies is changed from a blacklist manner to a whitelist manner, which means that Pod A will be only able to execute /app. Here, if Pod A needs to only run /app, then everything will be fine. However, what if Pod A had to implicitly execute some other applications \(e.g., /agent\)? Then, there will be a severe problem since all applications except for /app will be blocked in Pod A.
 
-![Action Conflict](../resources/policy_action_conflict.png)
+![Action Conflict](../.gitbook/assets/policy_action_conflict.png)
+

documentation/getting-started/deployment_guide.md → getting-started/deployment_guide.md

@@ -11,9 +11,11 @@
 
 2. Deploy KubeArmor in your Kubernetes environment
 
-   KubeArmor currently supports self-managed Kubernetes and Google Kubernetes Engine \(GKE\). It will support Amazon Elastic Kubernetes Service \(EKS\) and Azure Kubernetes Service \(AKS\) later.
+   KubeArmor currently supports self-managed Kubernetes and Google Kubernetes Engine \(GKE\). It will support Amazon Elastic Kubernetes Service \(EKS\) and Azure Kubernetes Service \(AKS\) later.  
+
+
+   According to your environment, you can choose one of the following.  
 
-   According to your environment, you can choose one of the following.
 
    * Deploy KubeArmor in self-managed Kubernetes \(with Docker\)
 
@@ -54,3 +56,4 @@
      ```text
        Coming soon
      ```
+