You can group Kubernetes resources in a scope. The scope target is Deploy Locations.


Set up your Kubernetes clusters. See Adding Clusters and Installing Kubernetes Sensors.


  1. On the left navigation pane, do one of the following depending on your system configuration and role:
    • If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click Inventory > Scopes.
    • If you have any other role and your system has Container security and other Carbon Black Cloud features, click Inventory > Kubernetes > Scopes.
  2. Click Add Scope.
  3. Enter a Name for the scope.
  4. For target resources, select Deploy Locations. This scope will target workloads in specific clusters or cluster groups. A policy can be enforced during the deployment and execution phases.
  5. Click Next.
  6. Select your scope targets.
    Add a deploy location scope
    • You can group by clusters, namespaces, or both.
    • To apply the same policy to multiple clusters, use the cluster group as a basis for your scope. You can also select individual clusters instead of a cluster group. A cluster group includes all its existing or future clusters. Thus, cluster group is a broader selection than choosing a list of clusters.
    • If you have namespaces with the same name in multiple clusters, the scope you define per namespace will span across clusters for that namespace.
    • To determine a particular namespace inside a particular cluster, you can point to a cluster or cluster group and to a specific namespace.
  7. Click Save.
    The scope is ready for use in a Kubernetes Hardening Policy.

What to do next

Create a Kubernetes Hardening Policy