Kubernetes Integration Open Preview
InsightVM now integrates with Kubernetes to extend your container security. With this integration, you’ll be able to see the clusters an image has been deployed to, as well as how many containers are running a specific image. You’ll increase your awareness of vulnerabilities potentially present in your containers so you can monitor and prioritize accordingly.
In this article, we’ll walk you through the steps to integrate Kubernetes with InsightVM.
Before You Begin
Verify that you have permissions to do the following:
- Push images to your registry.
- Deploy images to your Kubernetes clusters.
- Configure your Kubernetes host.
Insight Platform Administrator Rights
Before starting the integration, confirm that you have admin privileges for the Rapid7 Insight platform, not the Security Console.
You must have at least one deployed agent to enable the Kubernetes Monitor. If you don’t have a deployed agent, you’ll need to download one, but installation is not required.
View your deployed agents:
- Go to the Insight Platform home.
- In the left nav menu, click Data Collection Management (electrical plug icon).
- Look at the Agents tab, where you’ll see a number in the parenthesis. This number indicates the number of deployed agents.
If you do not have any deployed agents, you’ll need to download one, but do not need to deploy it:
- In the Agents tab, click Add New ^.
- Select Agent from the menu dropdown.
- Select your OS system.
- In the Advanced tab, click Download agent.
Integrate Kubernetes with InsightVM
After confirmation that you meet the above requirements, do the following:
- Go to insight.rapid7.com and sign in with your Insight account email address and password.
- Click Data Collection Management (electric plug icon) in the left menu.
- Click the Kubernetes Monitor tab.
- Click Integrate to be guided through the integration process.
Access the Kubernetes Containers Tab
After you’ve completed the Kubernetes integration process, you can view your Kubernetes details in InsightVM. To do so:
- Log into InsightVM.
- Click Container Security in the left navigation menu.
- Select the Kubernetes Containers tab to view its relevant information.
View the Kubernetes Containers Tab
The Kubernetes Containers tab shows data for only running containers
If you are running a container, that data will display until you exit it. Once you stop or delete a container, data will no longer be displayed. This tab only shows information on the containers currently running in your environment.
These containers are discovered only through the Kubernetes Monitor, not the scan engine.
On the Kubernetes Containers tab, select the appropriate checkbox(es) which will update the results accordingly.
In the table, you’ll see the following:
- Name - Unique identifier for the container.
- Risk Score - A calculated value based on a number of factors, such as base impact, likelihood of compromise, and maturity of threat exposure over time.
- Vulnerability Instance - Denotes the number of vulnerability instances found on an image.
- Repository - Where the container resides.
- Age - Denotes the container’s age in days, hours, minutes, and seconds.
- ID - Unique image identifier. If there are dashes (-) in the Risk Score, Vulnerability Instance, and ID columns, this indicates that the container is running an image that has not been assessed before.
To scan an image on a specific registry, you must connect that registry so it can be scanned. There are 2 ways to accomplish this:
View Images Details
- After filtering, click an image ID to see its details.
- In the dropdown menu, select one of the following options to view more details.
- Hosts - Indicates the actual machine the Docker image is running on.
- Containers - Lists instantiated containers based on that image. Applies only to images in Kubernetes clusters.
- Namespaces - Lists the namespaces for instantiated containers based on that image. Applies only to images in Kubernetes clusters.