Overview:

The Cloudanix Container Security capability provides a dashboard to help you scan images for vulnerabilities, detect runtime threats and unusual behavior in your Kubernetes clusters. Examples of few the runtime threats detection rules:
  • Files added or modified in sensitive directories
  • SSH into a container
  • Modifications to shell configuration files
  • Attempts to read sensitive files that contain credential information
  • Crypto mining
The Cloudanix dashboard provides an interactive interface that displays the mapping between threat events, associated workloads (container, pod, and node). Cloudanix also builds co-relation between Runtime Threats and Image Vulnerabilities There are multiple capabilities offered as part of Container Security Product.
  • Runtime Threat Detection
  • Image Vulnerabilities Scanning at Build time

Runtime Threat Detection Installation:

Runtime Threat Detection capability is offered as Helm Chart which sits next to the cluster workloads for deeper visibility & analysis into system level calls.

Pre-Requisites:

  1. Pick a cluster where you would like to install the container security capability.
  2. Install Helm on your local machine, if it’s not installed already, check “Steps to Install Helm” section for steps. Any version below 3.9.0 should be okay. 3.9.0 is known to raise invalid APIVersion errors while installation of helm charts. Reference: https://github.com/helm/helm/issues/10975
  3. For the Container Security integration, team member should be able to connect & install helm charts

System Requirements for Cloudanix Workloads:

  • Minimum:
    • CPUs: 1 vCPUs
    • Memory: 1024 MiB
  • Maximum:
    • CPUs: 2 vCPUs
    • Memory: 2048 MiB
  • Kubernetes 1.19.x or Higher
  • Kernel version 4.5 and higher

Installation Steps

Step 1:
  • Setup KubeConfig on your machine to connect to the desired Kubernetes Cluster.
Step 2:
  • In Cloudanix Console, go to “Workloads”
  • Select the Account, with the desired Kubernetes Cluster, from the Dropdown
  • Click on “Connect” to see the Installation Instructions
Step 3:
  • Follow the instructions in the page to install helm chart
    • Add Cloudanix Helm Chart to helm repository
    • Set clusterIdentifier argument value with Kubernetes Cluster ARN or Id
    • Install Helm Chart
    • Click “Finish” once installation is completed
Step 4:
  • Congratulations!
  • Cloudanix Container Security capability is now installed.
  • Data should start getting populated in the “Workloads” screen.

Uninstall Steps

Step 1:
  • Setup KubeConfig on your machine to point to your Cluster.
Step 2:
  • Uninstall helm chart
helm uninstall cloudanix -n cloudanix
Step 3:
  • Remove namespace
kubectl delete namespace cloudanix

Image Vulnerabilities Scanning at Build time Installation:

Image Vulnerabilities Scanning at Build time integrates with CI/CD Pipelines. Once integrated, Cloudanix plugin exports vulnerabilities findings to Cloudanix. It’s used for visibility & also for co-relation with runtime workloads & threats in Cloudanix Dashboard. Currently, following CI/CD Platforms are supported for integration:
  • Github Actions
  • GitLab
  • Azure Devops
For integration, please reach out to [email protected]

Steps to Install Helm:

Mac - 
brew install helm
Ubuntu - 
# Install Helm
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -

sudo apt-get install apt-transport-https --yes

echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list

sudo apt-get update

sudo apt-get install helm
Windows - 
choco install kubernetes-helm