Kubearmor Virtual Machine Service allows orchestrating policies to VMs and Bare-Metal environments using either k8s or non-k8s control plane. kvmservice can either run as:
- k8s service + operator in k8s based control plane
- directly on VM/Bare-metal as systemd process
- Onboard kubearmor/cilium to virtual machines/bare-metals/edge-devices
- Orchestrate kubearmor and cilium policies to VMs
- Handle observability in a unified manner
- Support hybrid deployments of k8s and Virtual machines based workloads.
- Support automated policy discovery for kubearmor/cilium for VMs
Note: Virtual Machines, Bare-Metal machines, Edge Devices can be used interchangeably in this document.
A deployment might have workloads distributed across both k8s and non-k8s (VM-based) environments. The primary aim is to support kubearmor/cilium onboarding, policy orchestration, observability across these environments using the same toolsets. This allows simplified management of workloads for organizations who are in the midst of migrating to k8s from VMs or for those who might rely on VMs for a forseable future.
There are organizations who might not support k8s for forseable future and their workloads will primarily be on cloud VMs or their own data-center VMs or even bare-metal machines. kvmservice allows onboarding, policy orchestration, observability for such environments.
