Workloads
Overview
The Workload View provides a comprehensive inventory of all Kubernetes workloads in your cluster. It enables users to assess workload-level risk and behavior using tabular insights and contextual visualizations. It allows users to:
- Identify workloads with elevated security risks
- Track profiling status and visibility coverage
- Drill down into workload-specific details
Table Columns
Each row in the workload table includes the following information:
- Asset
- Kind
- Risk Factor
- Application Profile Status
Risk Factors
Workloads are evaluated based on runtime and configuration insights. The following risk factors may be displayed:
| Risk Factor | Description |
|---|---|
| External Facing | The workload is accessible from outside the cluster or internet-exposed. |
| Privileged | The workload runs in privileged mode or uses elevated permissions. |
| Secret Access | The workload has access to Kubernetes secrets. |
| Host Access | The workload can access the host system (e.g., via hostPath volumes). |
| Data Access | The workload accesses sensitive or persistent storage resources. |
Application Profile Status
The profiling engine monitors runtime behavior and evaluates workloads against observed activity. Status types:
| Status | Meaning |
|---|---|
| Completed | Profiling is complete with sufficient runtime data. |
| Learning | Profiling is in progress; more data is being collected. |
| Missing | No profile data available due to insufficient visibility or coverage. |
| Failed | Profiling failed due to an internal error or misconfiguration. |
Workload Drill-Down
Clicking on any workload in the table opens a dedicated Workload Page, organized into three tabs:
1. Graph
Visualizes the workload's runtime context. Includes:
- Observed Network Connections (past 24 hours)
- Mounted Volumes and Resources
Users can toggle additional graph display options:
- Network Policy Status — Shows whether a connection is allowed or blocked by Kubernetes network policies
- Port and Protocol — Displays traffic details such as TCP/UDP and port numbers
- Vulnerabilities — Marks workloads with known CVEs associated with images
- Incidents — Marks workloads with detected security incidents
- Names — Shows workload names
2. Application Profile
Displays the runtime profile of the workload, including:
- Processes
- File access patterns
- APIs
- Syscalls
- Linux capabilities
Used for behavioral baselining and anomaly detection.
3. Details
Includes configuration-level metadata:
- Deployment overview
- Risks
- Protection policies
- Pod Specification
Updated 12 days ago