Prometheus Exporter
Since Kubescape runs as an in-cluster component as part of a helm install, you can use Prometheus Exporter to scan clusters and scrape the scan results.
Install Prometheus and Kubescape
Prepare your environment to run Prometheus and Kubescape, and then install Kubescape using Helm commands.
-
Install
kube-prometheus-stack
.helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update kubectl create namespace prometheus helm install -n prometheus kube-prometheus-stack prometheus-community/kube-prometheus-stack --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
-
If you haven't added the ARMO helm repository, add it now.
helm repo add armo https://kubescape.github.io/helm-charts/
-
Update your repository.
helm repo update
-
Install the Kubescape helm chart and create a Prometheus service monitor.
Replace the<ARMOPlatfromaccountID
with your ARMO Platform account ID.helm upgrade --install kubescape kubescape/kubescape-cloud-operator -n kubescape --create-namespace --set clusterName=`kubectl config current-context` --set kubescape.serviceMonitor.enabled=true --set account=<ARMOPlatformaccountID>
Grafana dashboard
If you use Prometheus with Grafana, you can add a kubescape dashboard to Grafana and view the scan results there.
Available metrics
All kubescape related metrics begin with kubescape
.
RiskScore
is the output of an algorithm that calculates the risk of the misconfiguration. 0
indicates there is no risk and 100
indicates the highest risk.
Cluster scope metrics
Overall risk score
# Overall riskScore of the scan
kubescape_cluster_riskScore{} <risk score>
Overall resources counters
# Number of resources that failed
kubescape_cluster_count_resources_failed{} <counter>
# Number of resources that where excluded
kubescape_cluster_count_resources_excluded{} <counter>
# Number of resources that passed
kubescape_cluster_count_resources_passed{} <counter>
Overall controls counters
# Number of controls that failed
kubescape_cluster_count_controls_failed{} <counter>
# Number of controls that where excluded
kubescape_cluster_count_controls_excluded{} <counter>
# Number of controls that passed
kubescape_cluster_count_controls_passed{} <counter>
Frameworks metrics
Frameworks risk score
kubescape_framework_riskScore{name="<framework name>"} <risk score>
Frameworks resources counters
# Number of resources that failed
kubescape_framework_count_resources_failed{} <counter>
# Number of resources that where excluded
kubescape_framework_count_resources_excluded{} <counter>
# Number of resources that passed
kubescape_framework_count_resources_passed{} <counter>
Frameworks controls counters
# Number of controls that failed
kubescape_framework_count_controls_failed{name="<framework name>"} <counter>
# Number of controls that where excluded
kubescape_framework_count_controls_excluded{name="<framework name>"} <counter>
# Number of controls that passed
kubescape_framework_count_controls_passed{name="<framework name>"} <counter>
Controls metrics
Controls risk score
kubescape_control_riskScore{name="<control name>",url="<docs url>",severity="<control severity>"} <risk score>
Controls resources counters
# Number of resources that failed
kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
# Number of resources that where excluded
kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
# Number of resources that passed
kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
Updated about 1 year ago