You can group Kubernetes resources in a scope. The scope target is Deploy Locations.
Procedure
- On the left navigation pane, do one of the following depending on your system configuration and role:
- If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click .
- If you have any other role and your system has Container security and other Carbon Black Cloud features, click .
- Click Add Scope.
- Enter a Name for the scope.
- For target resources, select Deploy Locations. This scope will target workloads in specific clusters or cluster groups. A policy can be enforced during the deployment and execution phases.
- Click Next.
- Select your scope targets.
- You can group by clusters, namespaces, or both.
- To apply the same policy to multiple clusters, use the cluster group as a basis for your scope. You can also select individual clusters instead of a cluster group. A cluster group includes all its existing or future clusters. Thus, cluster group is a broader selection than choosing a list of clusters.
- If you have namespaces with the same name in multiple clusters, the scope you define per namespace will span across clusters for that namespace.
- To determine a particular namespace inside a particular cluster, you can point to a cluster or cluster group and to a specific namespace.
- Click Save.
The scope is ready for use in a Kubernetes Hardening Policy.