In Kubernetes, there is a class of problems that arise from an incorrect or insufficient configuration in workload and Kubernetes cluster deployments. We refer to them as configuration anomalies.
We integrated third-party open-source components into the DKP Insights Engine, that handle specific classes of configuration anomalies:
Polaris checks configurations against a set of best practices for workloads and Kubernetes cluster deployments, such as:
It informs you about potential problems in configurations through insight alerts.
In DKP Insights, Pluto scans Live Helm releases running in your cluster for deprecated API versions, and sends an alert about any deprecated
apiVersions that are deployed in your Helm releases.
Nova adds the ability for the Insights engine to check the helm chart version of the current workload deployment. It scans the latest helm chart version available from the helm repository, and then sends a structural insight alert if there is an issue. The alert details show an RCA and a solution to resolve the problem.
Trivy is an open source vulnerability and misconfiguration scanner, that scans to detect vulnerabilities in:
Kube-bench adds the ability to ensure that Kubernetes clusters run securely. This tool runs a check against the best practices and guidelines specified in the CIS Kubernetes Benchmark.
Whenever a security standard is not met during a scan, an Insights alert is created with comprehensive information on the issue.