Skip to main content

Cloud-native container sandbox for Kubernetes

Get StartedGitHub

Core Features

Powerful capabilities to enhance your container security

Cloud-Native Icon

Cloud-Native

Follows the Kubernetes Operator design pattern, allowing users to harden specific workloads by manipulating the CRD API.

Cloud-Native Icon

Multiple Enforcers

Abstracts AppArmor, BPF, and Seccomp as enforcers, supporting their use individually or in combination.

Cloud-Native Icon

Allow-by-Default

Only explicitly declared behaviors will be blocked, which effectively minimizes performance impact and enhances usability.

Cloud-Native Icon

Built-in Rules

Features a range of built-in rules ready to use out of the box, eliminating the need for expertise in security profile creation.

Cloud-Native Icon

Behavior Modeling

Supports behavior modeling for workloads to develop allowlist profiles and guide configurations to adhere to least privilege.

Cloud-Native Icon

Deny-by-Default

Capable of creating an allowlist profile from behavior models and ensuring only explicitly declared behaviors are permitted.

Architecture

How vArmor works to protect your containers

vArmor primarily consists of two components: the Manager and the Agent. The Manager is responsible for responding to and managing policy objects, while the Agent handles the management of enforcers and profiles on Nodes.

With VarmorPolicy or VarmorClusterPolicy objects, users can harden specific workloads and decide which enforcers and rules to use. The ArmorProfile CR acts as an internal interface used for profile management.

Quick Start

Get up and running in minutes

1. Fetch chart

helm pull oci://elkeid-ap-southeast-1.cr.volces.com/varmor/varmor --version 0.7.0

2. Install

helm install varmor varmor-0.7.0.tgz \ --namespace varmor --create-namespace \ --set image.registry="elkeid-ap-southeast-1.cr.volces.com"

3. Apply Policy

Create a VarmorPolicy to protect your workloads

View Full Guide

Community

Join the vArmor community

Open Source

vArmor was created by the Elkeid Team of the endpoint security department at ByteDance. The project is licensed under Apache 2.0 and is in active development.

Star on GitHub

Contribute

We welcome contributions from the community! Whether it's reporting bugs, improving documentation, or adding new features, your help is appreciated.

Contribution Guide