Kubernetes
      Back to home
      1. Knowledge base
      2. System & Network Security
      3. Kubernetes

      How do I scan a Kubernetes (K8s) Cluster?

      Use this guide to configure cluster authentication and set up a target in Security Center to start scanning your Kubernetes environment.

      Gather cluster details

      To ensure you get the proper authentication details, follow the instructions in the Kubernetes API Token Guide to retrieve:
      • Cluster API URL
      • Authentication Token

      Create a Network Asset

      1. Log in to Security Center.
      2. Go to Asset Manager > Network and click Add network asset.
      3. Add the IP that is used by the Kubernetes API (e.g for the API http://174.32.12.45:6443 use the IP 174.32.12.45 for the network asset)
      4. (Optional) If you want detect and assess internal services running inside of your Kubernetes cluster, add the internal network of your cluster as an IP network/range asset

      Import the Scan Profile

      1. Navigate to Scan Network > Scan Profiles.
      2. Import the profile Kubernetes Scan – Standard.

      Configure Authentication

      1. Click Edit imported profile and go to the Authentication tab.
      2. Add a new Kubernetes Authentication Record.
        1. Enter the API URL and the Authentication Token
      3. Run a scan targeting the cluster API asset, using this profile.
      4. Done!

      Supported scanner appliance versions
      Ensure that the Scanner Appliance in use must have at least revision 3.18.0 

      Understanding the results

      Once your Kubernetes scan has completed, you can widen your understanding of the results by reading the information in this article:
      https://support.holmsecurity.com/knowledge/how-do-i-interpret-kubernetes-vulnerabilities