To view and assess Kubernetes workloads, perform the following procedure.

Procedure

  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Workloads.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Workloads.

    The Kubernetes Workloads page opens.

    Note: If you modified a workload by enforcing values through the rule enforcement presets, that workload is shown with a mutated label next to its name. See Mutate Hardening Rules and Mutate a Rule Outcome.

    The remaining steps describe your options on this page.

  2. View a specific workload page — click the workload name. See View a Kubernetes Workload - Overview.
  3. View the runtime policy that is assigned to a workload — click the runtime policy name. The Policy Details panel displays a summary of the runtime policy.
    Policy details panel
  4. View the hardening policy that is assigned to a workload — click the hardening policy name. The Policy Details panel displays a summary of the hardening policy.
  5. View the workload details — click the arrow Right arrow icon at the right of the row.

    Kubernetes Workloads Details panel

    From the Workload Details panel, you can view:

    • A specific workload page — click View more in the Workload Details section. See View a Kubernetes Workload - Overview.
    • The workload's configuration risks in order of severity — click the number next to Configuration risks in the Risk section.

      Kubernetes workload configuration risks

    • The workload's vulnerabilities in order of severity — click the number next to Vulnerabilities in the Risk section.
    • The runtime policy, the hardening policy, and associated scopes with either policy by clicking the name of the policy or scope in the Runtime and Hardening sections.
    • The number of alerts that have arisen from policy violations. To view all such alerts, click View all in the Runtime section. The Alerts page opens and lists the relevant alerts. See Triaging Kubernetes Alerts.
    • A list of hardening policy violations and enforcements.
    • Network connections within the past 2 hours.
    • Container images in this workload. You can click any hyperlinked container image name to view information about that container image.

      Container summary tab