Kubernetes Scanners

Overview of InsightCloudSec Kubernetes Scanning Options

Scanners Overview

The InsightCloudSec Kubernetes Cluster support is provided by two types of scanning options: a local scanner and a remote scanner. In some scenarios, a customer may choose to employ both solutions for coverage of both managed and unmanaged clusters.

Item/ProcessRemote ScannerLocal Scanner
Installation Requirements- Network access from InsightCloudSec to the Cluster API Server Endpoint
- Permission to access the API server
Network access from the cluster to the InsightCloudSec endpoint for sending data
Installation ProcessNone required (feature built-in to InsightCloudSec)User needs to install a Cron Job in the cluster
Enable/Disable ScanningAvailable via InsightCloudSec UIUser can install/uninstall scanner
Error/State ReportingDetailed Error and State ReportingLimited
Data RetrievedWorkloads, Tasks (e.g., Cluster details)Workloads, Tasks (e.g., Cluster details)

Local Scanner

The local scanner supports managed Kubernetes clusters not accessible to InsightCloudSec and any self-managed Kubernetes clusters. When configured to provide access to each specific cluster, self-managed clusters will be harvested and assessed automatically through the local scanner after they are successfully onboarded to InsightCloudSec.

After successful onboarding, the local scanner allows you to identify cluster coverage through the Clouds page.

Remote Scanner

InsightCloudSec’s new Kubernetes Remote Scanner expands our existing Kubernetes capabilities by extending an agentless approach for better usability and simplified operation of harvesting Kubernetes entities that exist within different Kubernetes clusters running across different cloud accounts.

The new Kubernetes Remote Scanner extends the current local scanner so that both solutions can be used. The Remote Scanner also provides a complete solution to all user configuration including support for unmanaged Kubernetes clusters.

Check out our detailed Kubernetes Remote Scanner documentation details for enabling the remote scanner.

Scanner Support

Detailed documentation for both the remote scanner and local scanner options are available:

InsightCloudSec currently supports adding a cluster from the following services/providers:

ProvidersLocal ScannerRemote Scanner
AWS (EKS)SupportedSupported
AWS (EKS) GovCloudSupportedSupported
AWS (EKS) ChinaSupportedNot Supported
GCP (GKE)SupportedSupported
Azure (AKS)SupportedSupported
Azure (AKS) GovCloudSupportedNot Supported
Azure (AKS) ChinaSupportedNot Supported
Oracle Cloud Infrastructure (OCI) - OKESupportedNot Supported
Alibaba Cloud (ACK)SupportedNot Supported
Red Hat OpenShiftSupportedNot Supported
Self-managed (All CSPs)SupportedNot Supported

Details on each Kubernetes provider can be found at the following pages.

Note: Click one of the links above to view details around Kubernetes support through any of the specific Cloud Service Providers(CSPs). Contact us through the Customer Support Portal with any questions.