Kaspersky Container Security
1.2
English

Contents

Working with clusters

Kaspersky Container Security provides a tool for displaying and analyzing the connections between various objects within namespaces in clusters.

A cluster is a set of

nodes
that run applications placed in containers.

By using clusters, you can perform bulk scans of images within those clusters. When doing so, the registries found in a cluster during a scan are automatically created. Kaspersky Container Security automatically reads and records the identification data used for accessing registries in a cluster (user name, password, token), and generates a link to this object. Registries are also assigned a name in the following format: <cluster name>_<registry name>. When working with cluster objects, the received identification data is used to access the registries.

Kaspersky Container Security displays a list of available clusters as a table under ResourcesAssetsClusters.

In this Help section

View the list of clusters

Namespaces in the cluster

Pods in the cluster

Visualization of cluster resources
Page top
[Topic 271440]

View the list of clusters

The Resources → Assets → Clusters section displays a table of clusters available in Kaspersky Container Security. The following data is provided for each cluster:

  • Cluster name. Clicking the cluster name in the Cluster name column takes you to the page where you can view the namespaces in that cluster
  • Number of namespaces included in the cluster
  • Name of the orchestrator where the cluster is deployed
  • Maximum risk rating. The maximum risk rating assigned to the cluster is based on the risk ratings for the images in that cluster

You can use sorting to rearrange the data in the table as follows:

  • By cluster name: you can arrange clusters alphabetically in the Cluster name column in ascending (A to Z) or descending (Z to A) order.
  • By number of namespaces - You can sort clusters in descending or ascending order of the number of namespaces in the Namespaces column.
  • By orchestrator name: by sorting on the Orchestrator column, you can group clusters by the orchestrator where they are deployed.
  • By maximum risk rating: you can arrange clusters in descending or ascending order of the maximum risk rating, displayed in the Max risk rating column.

You can view the namespaces in the cluster and the links between these by clicking View in the View on graph column. Kaspersky Container Security opens the namespace graph for the selected cluster.

Cluster resources can be scanned and visually represented only if deployed agents are available.

Page top

[Topic 271536]

Namespaces in the cluster

To view the namespaces included in the cluster:

  1. Go to the Table tab under ResourcesAssetsClusters.
  2. In the Cluster name column of the table with the list of clusters, click the cluster name.

    Kaspersky Container Security opens a page displaying a table with a list of namespaces in the selected cluster.

The following information is indicated for each namespace in the cluster:

  • Namespace name. Clicking the link in the name of the namespace in the Namespace column takes you to the page where you can view the pods in that namespace.
  • The number of containers in all pods in the selected namespace.
  • Number of scanned images. The Scanned images column displays this information in X/Y format, for example: 1/8. The first value (X) represents the number of images scanned, and the second value (Y) represents the total number of images in the namespace.
  • Number of images with the Queued status. The Scans in queue column displays the number of images in the jobs that are queued and waiting to be scanned.
  • Number of images with the Error status. The Failed scans column displays the number of images whose scanning completed with an error.
  • The maximum risk rating assigned to images in the namespace.

You can use sorting to rearrange the data in the table as follows:

  • By namespace name: you can arrange objects alphabetically in the Namespace column in ascending (A to Z) or descending (from Z to A) order.
  • In the ascending or descending order of the number of containers in the pods in the selected namespace.
  • In the ascending or descending order of the number of images with the Queued status.
  • In the ascending or descending order of the number of images with the Error status.
  • By maximum risk rating: you can arrange namespaces in descending or ascending order of the maximum risk rating, displayed in the Max risk rating column.

You can view the objects in the namespace by clicking View in the View on graph column. Kaspersky Container Security opens the application graph of the selected namespace.

To view the namespaces in a cluster and the relationships between them,

go to the Graph tab under ResourcesAssetsClusters.

Page top
[Topic 271328]

Pods in the cluster

To view a list of pods in a namespace:

  1. Under ResourcesAssetsClusters, open the table with a list of namespaces in the cluster.
  2. In the Namespace column, click namespace name.

    Kaspersky Container Security opens a page that displays a table with a list of pods in the selected cluster.

The following is displayed for each pod in the selected namespace:

  • Pod name.
  • List of container names associated with the pod
  • Name of the image the container was deployed from. By clicking the link in the image name, you can go to the page with the results of this image scanning under ResourcesAssetsRegistries.
  • Status of compliance with security policy requirements
  • Risk rating. Kaspersky Container Security displays the risk rating for the image specified in the Image column
  • Number of security issues (vulnerabilities, malware, sensitive data, and misconfigurations) detected For vulnerabilities, the solution separately lists the number of security issues broken down by severity.
  • Date and time of the last object scan

You can use sorting to rearrange the data in the table as follows:

  • By pod name, container name, or image name: you can arrange objects in the Pod, Container and Image columns in ascending or descending alphabetical order.
  • For compliance or non-compliance with security policies. Kaspersky Container Security can group objects in line with the Compliant and Non-compliant statuses.
  • By risk rating: you can arrange objects according to the severity level.
  • By date and time: Kaspersky Container Security can display objects starting with the earliest or latest by scan date and time.

Page top

[Topic 271445]

Visualization of cluster resources

Kaspersky Container Security visualizes objects within one or more clusters, as well as the links between objects in a cluster and resources out of cluster or scope. Depending on the level of the cluster resources visualization, it displays the following:

  • Namespace graph: represents the cluster and the namespaces in it.
  • Application graph of the selected cluster: shows the cluster, its namespaces, and the applications of the expanded namespaces. The application graph can shown in maximum detail by expanding objects to the lowest level.

When working with cluster resource graphs, one must take into account the following specifics of object display:

  • The number on the upper right of the object icon shows the number of lower-level objects within the specified object (child objects).
  • Objects on the graph may be highlighted in color. The object is identified if it meets the parameters established regarding risk assessment and compliance with security policies.
  • Objects on the graph are grouped according to the following rules:
    1. Highlighted objects are grouped together if their number is more than five.
    2. Unhighlighted objects are grouped together if their number is more than two.
  • Objects on the graph can be hidden if needed.

A visual representation of cluster resources is generated if active agents exist for this cluster.

Page top
[Topic 271446]

Cluster resources on a graph

Kaspersky Container Security scans and displays the resources of the cluster and the links between them. This scan is performed for all clusters with active agents.

Cluster resources are entities or objects that are stored in the orchestrator and used to represent the status of the cluster. With their help, you can get information about running containerized applications, where they are started (nodes), and the resources available to them. Cluster objects also define strategies for managing running applications (for example, restarting or updating).

In the interface of Kaspersky Container Security, the highest-level object (parent object) is the cluster. It includes namespaces in which applications are started. Applications, in turn, include pods and other objects.

A cluster is a set of physical or virtual machines (nodes) that run containerized applications. The following types of nodes are distinguished in Kubernetes:

  • A master node implements API objects and is used to manage the cluster and its resources.
  • A worker node is used to run the workload. A cluster includes one or more worker nodes.

Kaspersky Container Security displays the cluster as a graph using the cluster icon (Cluster icon in Kubernetes).

Depending on the level of detail you want for the cluster resource display, Kaspersky Container Security displays the graph as a graph of namespaces or a graph of applications. The table below shows all objects that may be included in the cluster and are displayed on the graph.

Objects within the cluster

Object

Icon

Description

Namespace

Namespace icon on the graph

A mechanism for isolating resources within a cluster. A namespace includes various objects necessary for an individual workspace (for example, Deployment, Service).

Kaspersky Container Security can group namespaces on the graph and display such a group of objects with the number of entities in it indicated (for example, Namespace group icon on the graph).

Pod

Pod icon on the graph.

An entity that includes one or more containers with shared network resources, as well as a set of rules for running containers included in the pod.

Application

Application icon on the graph.

A group of objects in the cluster that is conventionally considered as a single entity in Kaspersky Container Security.

The application is formed from the following objects:

  • Deployment → ReplicaSet → other objects (if any).
  • DaemonSet → other objects (if any).
  • ReplicaSet → other objects (if any).
  • StatefulSet → other objects (if any).

Individual pods do not form an application. They continue to function as part of a namespace and are displayed individually on the graph.

Deployment

Deployment object icon on the graph.

An object that includes a set of rules that describe pods and the running of applications in them, the number of pod replicas, and the order in which they are replaced if their characteristics change.

DaemonSet

DaemonSet object icon on the graph.

An object responsible for creating and running pods from the same image on all nodes of the cluster. In Kaspersky Container Security, a DaemonSet is used to deploy an agent (node-agent) on each node of the cluster to receive information and manage processes in pods.

Ingress

Ingress object icon on the graph.

An object that provides external access to services in the cluster, usually over HTTP and HTTPS.

ReplicaSet

ReplicaSet object icon on the graph.

An object that manages pod replication. ReplicaSet maintains a certain number of identical pods.

Secret

Secret object icon on the graph.

An object for storing sensitive data (for example, a password, token, or key). Secret helps avoid storing such data in the application code.

The Secret is created separately from the pods that use such objects to store sensitive data. This reduces the risk of secrets being revealed when creating, viewing, or editing pods.

Service

Service object icon on the graph.

An object describing the network capabilities of applications in pods. Service combines pods into logical groups, forwards traffic to them, and balances the load among them.

Endpoints

Endpoint object icon on the graph.

A list of network endpoints that the Service object queries to determine which pods to direct traffic to.

StatefulSet

StatefulSet object icon on the graph.

A workload object used for managing applications by keeping track of and saving their state.

StatefulSet is used in applications that need:

  • Persistent unique network IDs
  • Persistent storage volumes
  • Consistent deployment and scaling
  • Consistent automatic update of resources

ConfigMap

Configmap object icon on the graph.

An object for storing non-sensitive data in key-value pairs. ConfigMap is used in pods as an environment variable, command line argument, or configuration file within a volume.

Using ConfigMap lets you separate environment-specific configuration settings from images in a container for better portability of your applications.

Persistent volume (PV)

Persistent volume object icon on the graph.

A dedicated persistent resource (volume) for storing pod data in the cluster. PV is independent of pods, stores information contained in it and, when implementing multiple access, allows other pods to use this information.

Persistent volume claim (PVC)

Persistent volume claim object icon on the graph.

A user-generated request to store data with persistent volume (PV) requirements. For example, a PVC can specify the size of the persistent volume required and the mode of access to data in it (for example, single read access or multiple read/write access).

Page top

[Topic 273534]

Namespace graph

To view the namespace graph for the selected cluster,

in the table with the list of clusters, click View.

Kaspersky Container Security displays the cluster with its namespaces.

Kaspersky Container Security can display information about the cluster and namespaces on the namespace graph in the sidebar or in a table. The sidebar provides a brief summary of the object. The table shows a more detailed security scan status for objects in the cluster. The data is partially duplicated between the sidebar and the table.

Page top
[Topic 272591]

Viewing details about graph objects in the sidebar

To view cluster information in the sidebar:

  1. Click the cluster (Cluster icon in Kubernetes) or namespace (Namespace icon on the graph) icon on the namespace graph.
  2. In the menu that opens, select Details.

    The details sidebar displays the following object-specific data:

    1. For a cluster:
      • Cluster name.
      • Number of namespaces in the cluster
      • Cluster orchestration platform
      • Maximum risk rating assigned to the objects in the cluster
      • The security policy compliance status is Compliant or Not Compliant.
    2. For a namespace:
      • Namespace name
      • Number of containers and applications in the namespace
      • Number of scanned images in the namespace
      • Number of processed and failed scan tasks
      • Maximum risk rating assigned to the objects in the cluster
      • The security policy compliance status is Compliant or Not Compliant.
      • Number of security issues across all risk types. For vulnerabilities, the number of security issues is specified, broken down by risk severity.

Page top

[Topic 272699]

Viewing details about graph objects in the table

To view information about the objects on a graph in a table:

  1. Click one of the following icons in the namespace graph:
    • Cluster (Cluster icon in Kubernetes)
    • Namespace group (Namespace group icon on the graph)
    • Namespace (Namespace icon on the graph)
  2. In the menu that opens, select Open in table.

    Kaspersky Container Security opens a table with information about the selected object or group of objects at the bottom of the work pane under the graph. Depending on the object, Kaspersky Container Security displays the following container details in the table that opens:

    1. For a cluster or a namespace group:
      • List of namespaces in the cluster
      • Number of containers in each namespace
      • Number of scanned images, scan jobs in queue, and failed scan jobs for each namespace
      • Maximum risk rating assigned to the objects in the cluster
      • The security policy compliance status is Compliant or Not Compliant.
    2. For the selected namespace:
      • List of applications in this namespace and their types.
      • Number of pods and containers in each application.
      • Maximum risk rating assigned to the objects in the namespace.
      • The security policy compliance status is Compliant or Not Compliant.

You can also use the table to configure the way objects are displayed on the graph to hide or show namespaces.

Page top
[Topic 272700]

Application graph

To view the application graph for the selected cluster:

  1. Go to ResourcesAssetsClusters.
  2. Do one of the following:
    • On the Table view tab, open the table with the list of namespaces and click View.
    • On the Graph view tab, open the namespace graph and do one of the following:
      • Double-click to expand the namespace to applications.
      • Click the namespace icon (Namespace icon on the graph) to open a menu and select Expand on graph.

    Kaspersky Container Security displays all applications in the selected namespace.

Each application can be expanded down to the pod level. You can view detailed information about the following objects on the application graph of the selected cluster:

Page top

[Topic 272593]

Viewing information about application

To open information about an application in the application graph,

Click the application icon (Application icon on the graph.) to open a menu and select Details.

Kaspersky Container Security opens a side panel with detailed information about the application.

The solution displays the following information about the application:

  • The object type and application type (for example, Application: Deployment).
  • Application name.
  • Maximum risk rating. The solution assigns a risk rating to the application according to the highest severity level of all the objects within that application.
  • The security policy compliance status is Compliant or Not Compliant.
  • The Containers tab contains the following information about the containers in the selected pod:
    • Name of the container.
    • Name of the image the container was deployed from.
    • The security policy compliance status is Compliant or Not Compliant.
    • Maximum risk rating assigned to containers in the pod.
    • Number of security issues across all risk types. For vulnerabilities, the number of security issues is specified, broken down by risk severity.
    • Date and time of the last scan of the image from which the container was deployed.
  • The Policies tab displays information about assurance policies and runtime policies that are applied to the application.

    The following information is provided in the Assurance policies section:

    • Policy application status (Passed/Failed).
    • Policy name.
    • Indication of existing security threats. In terms of the applied policy, the scan results can be displayed as follows:
      • Scan was performed, security threats were identified (Icon of a security threat found during the scan.).
      • Scan was performed, no security threats were detected (Icon of undetected security threat during the scan.).
      • No scan was performed for this type of security threat (Icon of a security threat whose presence was not scanned for.).

    The Runtime policies section contains the following information:

    • Policy name.
    • Policy application mode (Audit/Enforce).

    By clicking the link on the name of a policy in the Policies tab, you can view its detailed description. The sidebar displays the following information:

    • Policy type and name.
    • Description of the policy (if any).
    • Author of the policy.
    • Mode (for runtime policy).
    • List of predefined scopes.
    • Actions that are performed when the policy is applied (for an assurance policy).
    • Set benchmarks and their parameters.

    You can edit the settings of an assurance policy by clicking the Edit policy button.

    To view the detailed description of policies, you must have rights to view them. Policy management rights are required to make changes to policy settings.

Page top

[Topic 273663]

Viewing information about objects in the application

To open information about objects on the applications graph:

  1. On the applications graph, select the application about whose objects you want to obtain information and do one of the following:
    • Double-click the application to expand it to its constituent objects.
    • Click the application icon (Application icon on the graph.) to open a menu and select Expand on graph.
  2. Select the object of interest and double-click to expand its information in the side panel.

    Kaspersky Container Security opens a side panel with detailed information about the selected object.

Depending on the type of the object, additional information about the selected entity is displayed. The table below describes the set of information that the solution displays for various objects in the application.

Information about objects in the application

Object

Displayed object data

Deployment
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • List of pods.

DaemonSet
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • List of pods.

Ingress
  • Object type.
  • Name.
  • Date and time of creation.
  • Services, to which access is controlled, and ports being used (the port number or port name is displayed).

Secret
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • Secret type.
  • Secret in its hidden form.

    Secrets can only be viewed if you have permission to view secrets. Without such permission, the secret is not displayed in any form.

    By default, the secret value is hidden. You can view the secret using the Show button.

ReplicaSet
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • List of pods.

Service
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • Interaction protocols: data sending ports and destination ports.
  • Type of service access.
  • Service IP address.

Endpoint
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.

StatefulSet
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • List of pods.

ConfigMap
  • Object type.
  • Name.
  • Date and time of creation.
  • Description of the object from the .YAML file.

Persistent volume
  • Object type.
  • Name.
  • Date and time of creation.
  • PV size.
  • Access rights granted.
  • PV class.
  • Storage volume operating mode.
  • CSI
    provider.
  • PV to PVC relation status.
  • PVC details (namespace, name, user).

Persistent volume claim
  • Object type.
  • Name.
  • Date and time of creation.
  • Labels.
  • Allowable PV size.
  • Granted PV access permissions.
  • Requested PV resource usage.
  • Requested access permissions to resources.
  • Volume name
  • PV class.
  • PV volume operating mode.
  • CSI provider.
  • Node on which the PV is deployed.
  • PV relation status.

You can generate and download a file with the description of the object current state in the .YAML format for all objects by using the Download .yaml button.

Page top
[Topic 273666]

Viewing information about pod

To open the pod information,

on the graph, select the pod about which you want to receive information, and double-click to expand its information in the side panel.

Kaspersky Container Security displays pods on all types of graphs: namespace graphs and application graphs.

The solution opens a side panel with detailed information about the pod.

Kaspersky Container Security displays the following information about the pod:

  • Object type.
  • Maximum risk score among pod images.
  • The security policy compliance status is Compliant or Not Compliant.
  • Pod name.
  • The General tab contains the following information about the object:
    • Date and time of creation.
    • Labels.
    • Pod running status.
    • Pod lifetime—the period between the date and time of viewing the pod information and the date and time of its creation.
    • List of ports used by pod containers in the following format: <"port name" port protocol>. For example, "dns" UDP 53.
    • Available system functions of the pod.
    • The name of the PV used by the pod.
    • The name of the PVC used.
    • The name of the application, namespace and cluster within which the pod is located.

    Also in this tab, you can click Download *.yaml to generate and download a file with a description of the pod.

  • The Containers tab contains the following information on containers within the pod:
    • Name of the container.
    • Name of the image the container was deployed from.
    • Compliance status of the deployed image: Compliant or Non-compliant.
    • Maximum risk rating of the deployed image.
    • Number of security issues across all risk types. For vulnerabilities, the number of security issues is specified, broken down by risk severity.
    • Date and time of the last scan of the image from which the container was deployed.
    • List of ports used by pod containers in the following format: <"port name" port protocol>.
    • Additional properties of the container—it is an
      init container
      .
  • The Policies tab displays information about assurance policies and runtime policies applied to the pod. Information about policies applied to the pod is presented in two sections (Assurance policies and Runtime policies), similarly to the information displayed about the applicable policies when viewing information about the application on the graph.

    To view the detailed description of policies, you must have rights to view them. Policy management rights are required to make changes to policy settings.

Page top

[Topic 273755]

Viewing details about application graph objects in the table

To view information about the objects on the application graph as a table:

  1. Do one of the following:
    • Click the namespace icon (Namespace icon on the graph) that indicates the number of applications within the namespace on the graph.
    • Click the icon of the application group within the namespace (Application group icon on the graph.).
  2. In the menu that opens, select Open in table.

    The solution opens a table with information about applications in the lower part of the workspace below the graph. Kaspersky Container Security displays the following information:

    • The list of applications in this namespace and their types (types of parent objects).
    • Number of pods and containers in each application.
    • Maximum risk rating assigned to the objects in the namespace.
    • The security policy compliance status is Compliant or Not Compliant.

Page top

[Topic 274980]

Highlighting objects on the graph

To highlight objects on the graph:

  1. Click the Highlight objects button above the graph.

    Kaspersky Container Security opens a sidebar where you can configure the settings for highlighting objects.

  2. Select the check boxes to specify values for the following settings:
    1. Risk rating. You can select one or several risk severity levels (Critical, High, or Medium). If the check boxes are not selected, objects on the graph are not highlighted.

      The check boxes for the Critical and High values are selected by default.

    2. Compliance If the Non-compliant check box is selected, Kaspersky Container Security highlights objects that do not comply with applicable security policies. If this check box is not selected, objects on the graph will not be highlighted, regardless of their compliance or non-compliance with standards.

      Non-compliant is specified by default.

  3. Click Apply.

    Kaspersky Container Security updates the graph and displays the objects according to your settings.

    For each user, the solution saves the highlighting settings that the user has specified and applies them when displaying cluster objects that this user opens later.

Page top

[Topic 273477]

Configuring visibility of objects on the graph

By default, Kaspersky Container Security displays all namespaces in the cluster on the graph. If necessary, you can hide namespaces if these namespaces and objects in them are not relevant to you for a specific analytical task.

You can configure graph object visibility:

  • On the graph
  • In the table with information about the child object

To hide a namespace with the help of the graph:

  1. Click the object icon on the graph.
  2. In the menu that opens, select Hide.

    Kaspersky Container Security updates the graph and hides the object.

    You can restore object visibility with the help of the table with detailed information about the parent object or group of objects.

To configure namespace visibility with the help of the table:

  1. In the table with namespaces as part of the column, select one or more objects for which you want to change the visibility settings.
  2. Use the buttons above the table to do one of the following:
    • To display the object on the graph, click Show on graph.
    • To hide the object on the graph, click Hide on graph.

    Kaspersky Container Security updates the graph and displays the objects according to your settings. The Data display column indicates whether the object is shown or hidden on the graph.

Page top

[Topic 272713]

Network processes on the graph

Kaspersky Container Security displays network interactions between objects on the graph, and also provides information about network activity between cluster resources.

To view network activity in the cluster:

  1. In the ResourcesAssetsClusters section, go to the Graph view tab.
  2. Click Show network activity above the graph area.

    The solution opens the sidebar with the types of network activity available for display.

  3. By selecting check boxes, select one or more network activity display options. You can select the following display options:
    • Show audited activity. This displays network connections that were detected in accordance with the applied runtime policies in Audit mode.
    • Show blocked activity. This displays network connection attempts that were blocked in accordance with the applied runtime policies in Enforce mode.
    • Show other activity. This displays network connections that were not covered by the applied runtime policies in Audit and Enforce modes.
  4. Click Apply.

    The graph is reloaded and the selected network activity is displayed.

Page top

[Topic 275391]

Principles of displaying network processes

The following principles apply to the display of network connections on the graph in Kaspersky Container Security:

  • The solution displays processes as edges between two objects (groups of objects within a cluster), or between an object (group of objects) and resources outside the cluster. An arrow on the graph points from the sender object to the recipient object. If the same types of network activity (for example, audited activity) occurs between a pair of objects that are linked by a network connection and the traffic between the object goes both ways, the solution represents this activity with a bidirectional arrow.
  • If the recipient object is outside the relevant cluster, infrastructure or the scope assigned to the user, the solution indicates it as Resources out of cluster or scope.
  • The graph displays network connections to a group of namespaces or applications if inbound or outbound traffic is detected involving at least one object inside such a group. When you expand a group to its constituent objects, the connection is displayed to the specific resource.
  • If multiple network processes go from one object to another, the solution takes the priority of network activity when displaying them. Blocked activity has the maximum priority, and other activity has the minimum priority.

The solution displays different types of network activity as follows:

  • Blocked activity on the graph is represented by a dotted red line (Blocked network activity icon on the graph.).
  • Audited activity on the graph is represented by a solid red line with an arrow (Audited network activity icon on the graph.).
  • Other activity on the graph is represented by a solid black line with an arrow (Non-blocked and non-audited activity icon on the graph.).
  • Two-way network activity is represented on the graph as a line corresponding to one of the activity types, with arrows on both ends (Two-way network activity icon on the graph.).
  • If you hover over a network connection line on the graph, it is highlighted and changes color (Highlighted network activity icon on the graph.).
Page top
[Topic 275395]

Viewing information about network processes

Kaspersky Container Security can provide brief and detailed information about network activity.

To view brief information about network activity:

Hover over the network connection of interest.

A tooltip is displayed with the number of non-unique connections for each type of network activity (blocked, audited, and other).

To view detailed information about network activity:

Click the connection of interest.

This opens the sidebar with information about network activity for the selected connection.

The sidebar displays information about network activity for the 15 minutes before the sidebar was called up. Network activity information is presented in tables on the Audited activities, Blocked activities, and Other activities tabs. The number of connections is indicated next to tab captions.

The tables have the same structure and contain the following information:

  • The Source column contains the name of the pod that is the sender of the network traffic and the IP address of the pod in the <pod IP address:outbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Protocol column indicates the pod interaction protocol.
  • The Destination column contains the name of the pod that is the recipient of the network traffic and the IP address of the pod in the <pod IP address:inbound traffic port> format. You can click the link in the pod name to open a detailed description of the pod.
  • The Number of connections column displays the total number of non-unique connections between the sender and the recipient of the traffic.
  • The Last connection column displays the date and time of the last non-unique connection between the sender and the recipient of the traffic.

If the sender object or the recipient object is outside the relevant cluster, the Source or Destination columns display the domain name and IP address of such an object respectively (if the solution can obtain this information).

Page top

[Topic 275396]

Displaying the graph subject to applicable scope

When displaying cluster resources on the graph, the scope assigned to the user role is taken into account. In this case, the following must be considered:

  • If the global scope is assigned to the user role, the graph displays all cluster resources.
  • If a scope with access to a specific image within the namespace is assigned to the user role, the graph displays the entire namespace (all entities in the namespace are displayed).
  • If a scope that does not have access to specific namespaces is assigned to the user role, such namespaces are not displayed on the graph.

    If there are no namespaces to display for the selected cluster in view of the assigned scope, the solution informs you that is no data to display.

Page top
[Topic 275421]