Repeatedly Kubescape Scanning
You can scan your cluster repeatedly by adding a CronJob that will repeatedly trigger kubescape
- Setup scanning & submitting
- Setup scanning without submitting
Scanning & Submitting
If you wish to repeatedly scan and submit the result to the Kubescape SaaS version where you can benefit the features the SaaS version provides, please follow this instructions ->
-
Apply kubescape namespace
kubectl apply ks-namespace.yaml -
Apply serviceAccount and roles
kubectl apply ks-serviceAccount.yaml -
Setup and apply configMap
Before you apply the configMap you need to set the account ID and cluster name in the
ks-configMap.yamlfile.-
Set cluster name: Run
kubectl config current-contextand set the result in thedata.clusterNamefield -
Set account ID:
- Navigate to the Kubescape SaaS version and login/sign up for free
- Click the
Add Clusterbutton on the top right of the page
- Copy the value of
--accountand set it in thedata.customerGUIDfield
Make sure the configMap looks as following;
kind: ConfigMap apiVersion: v1 metadata: name: kubescape labels: app: kubescape namespace: kubescape data: config.json: | { "customerGUID": "XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX", "clusterName": "my-awesome-cluster-name" }
Finally, apply the configMap
kubectl apply ks-configMap.yaml -
-
Apply CronJob
Before you apply the cronJob, make sure the scanning frequency suites your needs
kubectl apply ks-cronJob-submit.yaml
Scanning Without Submitting
If you wish to repeatedly scan but not submit the scan results, follow this instructions ->
-
Apply kubescape namespace
kubectl apply ks-namespace.yaml -
Apply serviceAccount and roles
kubectl apply ks-serviceAccount.yaml -
Apply CronJob
Before you apply the cronJob, make sure the scanning frequency suites your needs
kubectl apply ks-cronJob-non-submit.yaml