github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c39683872e1c1980c28d0581f4121860563675d3
kubescape/httphandler/examples/prometheus/README.md
Craig Box c39683872e Initial documentation update upon joining the CNCF (#1020) 
* Initial refactor

Signed-off-by: Craig Box <craigb@armosec.io>

* Initial refactor.

Signed-off-by: Craig Box <craigb@armosec.io>

* Now how did that get in there?

Signed-off-by: Craig Box <craigb@armosec.io>

* small fixes

Signed-off-by: Craig Box <craigb@armosec.io>

* Use GitHub note and warning syntax

Signed-off-by: Craig Box <craigb@armosec.io>

* second guessing thing with no docs

Signed-off-by: Craig Box <craigb@armosec.io>

* Final changes

Signed-off-by: Craig Box <craigb@armosec.io>

Signed-off-by: Craig Box <craigb@armosec.io>
2023-01-11 08:53:55 +02:00

3.2 KiB
Raw Blame History

Prometheus Kubescape Integration

  1. Deploy kubescape

    kubectl apply -f ks-deployment.yaml

    Note


    Make sure the configurations suit your cluster (e.g. serviceType, etc.)

  2. Deploy kube-prometheus-stack

    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
kubectl create namespace prometheus
helm install -n prometheus kube-prometheus-stack prometheus-community/kube-prometheus-stack --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false

  3. Deploy pod monitor

    kubectl apply -f podmonitor.yaml

Metrics

All kubescape related metrics begin with kubescape

riskScore is the output of an algorithm calculating the risk of the vulnerability. 0 indicates there is no risk and 100 indicates highest risk.

Cluster scope metrics

Overall risk score
# Overall riskScore of the scan
kubescape_cluster_riskScore{} <risk score>
Overall resources counters
# Number of resources that failed 
kubescape_cluster_count_resources_failed{} <counter>

# Number of resources that where excluded
kubescape_cluster_count_resources_excluded{} <counter>

# Number of resources that passed
kubescape_cluster_count_resources_passed{} <counter>
Overall controls counters
# Number of controls that failed 
kubescape_cluster_count_controls_failed{} <counter>

# Number of controls that where excluded 
kubescape_cluster_count_controls_excluded{} <counter>

# Number of controls that passed
kubescape_cluster_count_controls_passed{} <counter>

Frameworks metrics

Frameworks risk score
kubescape_framework_riskScore{name="<framework name>"} <risk score>
Frameworks resources counters
# Number of resources that failed 
kubescape_framework_count_resources_failed{} <counter>

# Number of resources that where excluded
kubescape_framework_count_resources_excluded{} <counter>

# Number of resources that passed
kubescape_framework_count_resources_passed{} <counter>
Frameworks controls counters
# Number of controls that failed 
kubescape_framework_count_controls_failed{name="<framework name>"} <counter>

# Number of controls that where excluded 
kubescape_framework_count_controls_excluded{name="<framework name>"} <counter>

# Number of controls that passed
kubescape_framework_count_controls_passed{name="<framework name>"} <counter>

Controls metrics

Controls risk score
kubescape_control_riskScore{name="<control name>",url="<docs url>",severity="<control severity>"} <risk score>
Controls resources counters
# Number of resources that failed 
kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>

# Number of resources that where excluded
kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>

# Number of resources that passed
kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
Reference in New Issue View Git Blame Copy Permalink