Introduction
Hello everyone! ๐๐ป
In this blog, I'm excited to share my Linux Foundation Mentorship experience with the KubeArmor project. KubeArmor is a cloud-native runtime security enforcement system. If you're unfamiliar with runtime security, I encourage you to join the KubeArmor community and discover the benefits firsthand. I'm confident you'll be impressed.
Linux Foundation Mentorship
LFX mentorship (in short) is a great opportunity to get involved with the open-source community and learn new skills effectively. The program provides mentees with the opportunity to work with experienced mentors on well-known real-world projects, which is a great way to learn by doing. Additionally, the program offers a variety of resources and support, which can help mentees succeed in their goals.
To apply you need your updated Resume and Cover letter in which you clearly state how you plan to implement the task with a proper timeline and that's all you need.
Background
I'm a self-driven engineer from Madhya Pradesh, India. My self-learning journey began in July 2021 and to get a feel of how real-world projects work I started contributing to open-source projects in January 2022. Later that year, I was selected for Google Summer of Code with Eclipse Foundation for the JKube project. After completing GSoC I got very much interested in the CNCF ecosystem and projects so I decided to take part in LFX mentorship.
As we know Go is the most used programming language for CNCF projects so I learnt the Go programming language and Kubernetes at an intermediate level, but I don't know anything about security, so I decided to get some understanding of it by contributing to some projects related to security and that's where I found two projects one is KubeArmor and another one is Kubescape though they serve different purposes. On checking their proposals I found that Kubescape is not my cup of tea so I applied only to KubeArmor and fortunately got the opportunity to work with the KubeArmor project.
Mentorship Journey (Learnings & Challenges)
TL;DR
Amazing journey with lots of learning.
Now comes the part I'm waiting for. Having selected KubeArmor and working for over 12 weeks I would say I loved the journey because every day brought some challenges and opportunities for learning. I still remember when I was setting it up locally and was not able to set it up and was doing everything possible to set it up, this experience proved invaluable as I embarked on my contributions to KubeArmor.
During my mentorship, I focused on extending KubeArmor's support to include K0s and Red Hat MicroShift platforms. This endeavour successfully enabled KubeArmor to secure workloads running on these edge platforms.
My mentors, Barun Acharya, Rudraksh Pareek, Ankur Kothiwal, and Anurag Kumar, provided invaluable guidance throughout my mentorship. Our weekly sync-ups ensured that we were aligned on progress and goals. Regular interactions with the community further clarified my priorities, leading to the completion of our first major goal, K0s support, within the first four weeks.
Now moving on to the second giant (Why? Just in a moment) which is MicroShift, first I thought it was also easy just like K0s but it was not, it was more than that and it has a lot of moving parts. One of them is SELinux and due to a bug in the KubeArmor controller code, SELinux prevented it from detecting the LSM as a result KubeArmor enforcement was not working and after extensive debugging, that bug was fixed, and KubeArmor was finally able to secure workloads on MicroShift, and that's why I called it giant.
While adding support for it I learned a lot of things such as:
Different LSMs such as BPFLSM, AppArmor, and SELinux and how they work at the fundamental level.
Gained experience with different platforms like OpenShift, K3s, MicroK8s and different container runtimes such as cri-o, and containerd.
Explored low-level tools used by container runtimes such as runc, crun and CRI storage.
Developed an understanding of Kubernetes Controller, Operator, and OpenShift SCC.
During this period I exponentially expanded my knowledge of LSMs and container technologies and my mentors served as great resources, they helped me in every step. I cannot imagine completing MicroShift support without their expertise and support. I thoroughly enjoyed collaborating and learning from them.
I am thrilled to share that AccuKnox, the company behind KubeArmor, has offered a full-time Software Engineer role. This exemplifies that hard work and dedication do pay off.
Conclusion
I would encourage those who prefer hands-on learning through real-world projects to apply for open-source projects like LFX mentorship and GSoC. I understand that it may seem intimidating at first, but all you need is a willingness to learn and some time. So, don't hesitate to step out of your comfort zone and apply!
Open source has played a pivotal role in my professional development. Participating in GSoC and LFX Mentorship has been a transformative experience, propelling my growth in both technical skills and soft skills.
If you have any feedback, please share it in the comments below. Thank you for reading!
Let's connect!