Kubernetes Security Guardrails

Details on Working with the InsightCloudSec Kubernetes Guardrails Feature.

Kubernetes Security Guardrails (K8s Guardrails) helps harden your production environment by auditing your Kubernetes clusters, nodes, and pods configuration. This ensures that your cluster is tuned and runs according to security best practices and internal guidelines. Kubernetes Guardrails provides actionable recommendations for risk mitigation. You can easily shift-left to resolve security and compliance issues in the development stage before moving to production.

For any questions about setup, configuration, or support reach out to your CSM or to support through our Customer Support Portal.

Getting Started

Prerequisites

Before getting started with Kubernetes Security Guardrails you will need to have the following:

  • A functioning InsightCloudSec Platform installation
  • Configuration to support either the local and/or remote scanner. Check out the Kubernetes Scanners - Overview for an overview of our scanning options.
    • For configurations using the Remote Scanner option you must have version 22.10.x or later)
  • InsightCloudSec Admin permissions (Domain or Org Admin)
  • Familiarity using Helm
  • Familiarity using kubectl
  • Access to the license server (e.g. if you do not see the "Manage Kubernetes API Key" option on the Clouds page this feature is not enabled)

Note: If you are not experienced with the tools identified above we recommend working closely with us or coordinating with your own DevOps resources for support.

What is Supported by Kubernetes Security Guardrails?

  • Multi-cluster vulnerability scanner
  • A summary of your cluster’s compliance and security status
  • A detailed list of compliance and security issues, followed by recommendation for a quick remediation
  • Baseline your clusters profile and easily monitor degradations
  • Note: Our current setup can support up to two API keys to enable key rotation. The clusters will be installed as a single Organization (within InsightCloudSec).

What's Next?

After you've completed your Clusters Account Setup & Management and have enabled your preferred Kubernetes Scanner(s) you can move on to exploring the data provided by Kubernetes Security Guardrails.

Check out the Using Kubernetes Security Guardrails page for details around viewing information within Insights and in the Compliance Scorecard.

A future release will also provide a dedicated page within InsightCloudSec to view details for clusters you have harvested.