-
Feature Request
-
Resolution: Done
-
Normal
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
Business Problem:
Every resource is consumed as a deployment with ACS. CronJobs and Replicasets all show up as a deployment in the console. This is not the correct information for a "Kubernetes-centric" security solution.
I would recommend adding a flag to the specific workloads run in Kubernetes. This would give users more context about the workloads running and hopefully avoid a significant redesign.
Use Cases:
- From Nakul: Summarizing the problem for @Mandar and @charmik: If the cron job specifies a digest hash for the image, it will correctly show up and be linked to the deployment. If the cron is allowed to run for a bit (~10s or so), it shows up. However, if the cron runs quickly and finishes (<1s), the deployment is detected, not the image. It doesn't even show up in the image view.
- Statefulsets are typically used for stateful workloads and require more visibility from the SecOps team as they tend to be high-priority workloads. By flagging the workload as a statefulset vs. deployment, we can help users prioritize risk more effectively.
Key Functionality:
- Configuration management should have a policy highlighting non-default deployments and flagging them accordingly.
- Possibility of vet K8s objects against what we have scanned to surface any cronjobs or other k8s objects that the scanner cannot pick up in time.
- Policy to call out all new CronJobs as high risk.
Benefits:
We can claim to support all of the K8s workloads and give more context to each workload since not all deployments are created equally.
Acceptance criteria:
- Risk management callout for specific workloads.
- Policy to inform on CronJobs, StatefulSets, etc.
Implementation Suggestions (optional):
- Integration: [Specify any existing systems or tools that the new feature should integrate with]
- Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components]
- User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]
Timeline:
[Specify the preferred implementation date or any specific deadlines for the feature implementation]
Please use the following Jira fields to complete this Feature Request
- [Jira Field] Summary Required: [Provide a clear and concise name/description for the feature]
- [Jira Field] Description:
- [Jira Field] Component:
- [Jira Field] Priority: [Indicate the importance or urgency of the feature on a scale of High, Medium, or Low]
- [Jira Field] Supporting Documentation:
- [Attach any relevant documents, research, or supporting materials that provide additional context or information]