Periodically Kubescape Scanning
You can scan your cluster periodically by adding a CronJob that will repeatedly trigger kubescape
- Setup scanning & submitting
- Setup scanning without submitting
Scanning And Submitting
If you wish to periodically scan and submit the result to the Kubescape SaaS version where you can benefit the features the SaaS version provides, please follow this instructions ->
-
Apply kubescape namespace
kubectl apply ks-namespace.yaml -
Apply serviceAccount and roles
kubectl apply ks-serviceAccount.yaml -
Setup and apply configMap
Before you apply the configMap you need to set the account ID and cluster name in the
ks-configMap.yamlfile.-
Set cluster name: Run
kubectl config current-contextand set the result in thedata.clusterNamefield -
Set account ID:
- Navigate to the Kubescape SaaS version and login/sign up for free
- Click the
Add Clusterbutton on the top right of the page
- Copy the value of
--accountand set it in thedata.customerGUIDfield
Make sure the configMap looks as following;
kind: ConfigMap apiVersion: v1 metadata: name: kubescape labels: app: kubescape namespace: kubescape data: config.json: | { "customerGUID": "XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX", "clusterName": "my-awesome-cluster-name" }
Finally, apply the configMap
kubectl apply ks-configMap.yaml -
-
Apply CronJob
Before you apply the cronJob, make sure the scanning frequency suites your needs
kubectl apply ks-cronJob-submit.yaml
Scanning Without Submitting
If you wish to periodically scan but not submit the scan results, follow this instructions ->
-
Apply kubescape namespace
kubectl apply ks-namespace.yaml -
Apply serviceAccount and roles
kubectl apply ks-serviceAccount.yaml -
Apply CronJob
Before you apply the cronJob, make sure the scanning frequency suites your needs
kubectl apply ks-cronJob-non-submit.yaml