- Knowledge base
- System & Network Security
- Kubernetes
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
System & Network Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability Manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS ASV scans
-
Partner Portal
-
Terms & conditions
-
Dashboard
How do I make the Cluster reachable from the Scanner Appliance?
When scanning Kubernetes (K8s) clusters as network assets, the Scanner Appliance must be able to directly reach the cluster’s internal IPs.
The key prerequisites are:
-
Subnet Alignment – The scanner and the K8s cluster should exist within the same
Subnet. -
Security Groups / Firewall Rules – Ensure that the Scanner Appliance and K8s cluster are assigned to the same security group (or mutually permissive groups), allowing full inbound/outbound communication.
AWS – Amazon VPC CNI
- Find the Subnet names used by the cluster under the Networking Tab.
- Use the same Subnet name in the Network Settings during theScanner Appliance Deployment.
- Use the same security group name if present
Azure – Azure CNI
Find the Subnet name used by the cluster under Cluster (your cluster) > Networking > Virtual network integration.
- Use the same Subnet name in the Networking during the Scanner Appliance Deployment.
GCP – VPC-Native.
Find the Subnet name used by the cluster under Details > Cluster Networking.
- Use the same subnet name for the network interfaces during the Scanner Appliance deployment.
