Kubernetes Scanners
Overview of InsightCloudSec Kubernetes Scanning Options
Scanners Overview
The InsightCloudSec Kubernetes Cluster support is provided by two types of scanning options: a local scanner and a remote scanner. In some scenarios, a customer may choose to employ both solutions for coverage of both managed and unmanaged clusters.
| Item/Process | Remote Scanner | Local Scanner |
|---|---|---|
| Installation Requirements | - Network access from InsightCloudSec to the Cluster API Server Endpoint - Permission to access the API server | Network access from the cluster to the InsightCloudSec endpoint for sending data |
| Installation Process | None required (feature built-in to InsightCloudSec) | User needs to install a Cron Job in the cluster |
| Enable/Disable Scanning | Available via InsightCloudSec UI | User can install/uninstall scanner |
| Error/State Reporting | Detailed Error and State Reporting | Limited |
| Data Retrieved | Workloads, Tasks (e.g., Cluster details) | Workloads, Tasks (e.g., Cluster details) |
Local Scanner
The local scanner supports managed Kubernetes clusters not accessible to InsightCloudSec and any self-managed Kubernetes clusters. When configured to provide access to each specific cluster, self-managed clusters will be harvested and assessed automatically through the local scanner after they are successfully onboarded to InsightCloudSec.
After successful onboarding, the local scanner allows you to identify cluster coverage through the Clouds page.
- Check out the Clusters Account Setup & Management for general details around onboarding your clusters.
- Check out our detailed Kubernetes Local Scanner documentation details for enabling the local scanner.
Remote Scanner
InsightCloudSec’s new Kubernetes Remote Scanner expands our existing Kubernetes capabilities by extending an agentless approach for better usability and simplified operation of harvesting Kubernetes entities that exist within different Kubernetes clusters running across different cloud accounts.
The new Kubernetes Remote Scanner extends the current local scanner so that both solutions can be used. The Remote Scanner also provides a complete solution to all user configuration including support for unmanaged Kubernetes clusters.
Check out our detailed Kubernetes Remote Scanner documentation details for enabling the remote scanner.
Scanner Support
Detailed documentation for both the remote scanner and local scanner options are available:
InsightCloudSec currently supports adding a cluster from the following services/providers:
| Providers | Local Scanner | Remote Scanner |
|---|---|---|
| AWS (EKS) | Supported | Supported |
| AWS (EKS) GovCloud | Supported | Supported |
| AWS (EKS) China | Supported | Not Supported |
| GCP (GKE) | Supported | Supported |
| Azure (AKS) | Supported | Supported |
| Azure (AKS) GovCloud | Supported | Not Supported |
| Azure (AKS) China | Supported | Not Supported |
| Oracle Cloud Infrastructure (OCI) - OKE | Supported | Not Supported |
| Alibaba Cloud (ACK) | Supported | Not Supported |
| Red Hat OpenShift | Supported | Not Supported |
| Self-managed (All CSPs) | Supported | Not Supported |
Details on each Kubernetes provider can be found at the following pages.
Note: Click one of the links above to view details around Kubernetes support through any of the specific Cloud Service Providers(CSPs). Contact us through the Customer Support Portal with any questions.
Updated 5 months ago