Prometheus Exporter
Kubescape is running as a microservice. As a result, you can set up a pod monitor for scanning and scraping the scanning results.
-
Install kube-prometheus-stack
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update kubectl create namespace prometheus helm install -n prometheus kube-prometheus-stack prometheus-community/kube-prometheus-stack --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
-
Add ARMO helm repo
helm repo add armo https://kubescape.github.io/helm-charts/
Or, if already installed, run an upgrade:
helm repo update
-
Install the helm chart with the following values:
kubescape.serviceMonitor.enabled=true
# Create the Prometheus serviceMonitor
If you wish to integrate only with Prometheus and not with the Kubescape Cloud Platform, it is recommended to set the following values
kubescape.submit=false
# Do not submit scan resultskubescape.enableHostScan=false
# Do not install the Host Scannerkubescape.downloadArtifacts=false
# Do not download artifacts every scan
Install:
helm upgrade --install kubescape kubescape/kubescape-cloud-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set kubescape.serviceMonitor.enabled=true
Grafana dashboard
Add kubescape dashboard to Grafana
Metrics
All kubescape related metrics begin with kubescape
riskScore
is the output of an algorithm calculating the risk of the vulnerability.0
indicates there is no risk and100
indicates the highest risk.
Cluster scope metrics
Overall risk score
# Overall riskScore of the scan
kubescape_cluster_riskScore{} <risk score>
Overall resources counters
# Number of resources that failed
kubescape_cluster_count_resources_failed{} <counter>
# Number of resources that where excluded
kubescape_cluster_count_resources_excluded{} <counter>
# Number of resources that passed
kubescape_cluster_count_resources_passed{} <counter>
Overall controls counters
# Number of controls that failed
kubescape_cluster_count_controls_failed{} <counter>
# Number of controls that where excluded
kubescape_cluster_count_controls_excluded{} <counter>
# Number of controls that passed
kubescape_cluster_count_controls_passed{} <counter>
Frameworks metrics
Frameworks risk score
kubescape_framework_riskScore{name="<framework name>"} <risk score>
Frameworks resources counters
# Number of resources that failed
kubescape_framework_count_resources_failed{} <counter>
# Number of resources that where excluded
kubescape_framework_count_resources_excluded{} <counter>
# Number of resources that passed
kubescape_framework_count_resources_passed{} <counter>
Frameworks controls counters
# Number of controls that failed
kubescape_framework_count_controls_failed{name="<framework name>"} <counter>
# Number of controls that where excluded
kubescape_framework_count_controls_excluded{name="<framework name>"} <counter>
# Number of controls that passed
kubescape_framework_count_controls_passed{name="<framework name>"} <counter>
Controls metrics
Controls risk score
kubescape_control_riskScore{name="<control name>",url="<docs url>",severity="<control severity>"} <risk score>
Controls resources counters
# Number of resources that failed
kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
# Number of resources that where excluded
kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
# Number of resources that passed
kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
Updated 8 months ago