When you install and set up your Kubernetes clusters, the system includes three ready-to-use scopes: Kubernetes System, CBContainers dataplane, and Default Namespace.

The built-in scopes are assigned to built-in hardening policies. The scopes are available as a starting point for your configuration, and you can either edit or delete them. For more information about built-in hardening policies, see Built-in Kubernetes Hardening Policies.

Pre-Packaged Scope Scope Target Scope Description
Kubernetes System

Target:

Deploy phase

Namespaces:

kube-system

Matches the namespace for objects created by the Kubernetes system. This system typically contains services for DNS, proxy, controller manager, and other system components.

CBContainers dataplane

Target:

Deploy phase

Namespaces:

cbcontainers-dataplane

octarine-dataplane

Matches the namespace where the Carbon Black Kubernetes agent runs and deploys its resources.

Note: Two namespaces are listed here. Octarine-dataplane is the namespace name before version 3.0.0 of the agent. Cbcontainers-dataplane is the current namespace name.
Default Namespace

Target:

Deploy phase

Namespaces:

default

Matches Kubernetes built-in default namespace that holds objects that have no specified no namespace.

Note:

If the built-in scopes are not modified, the Last modified by parameter is Carbon Black. After you edit a scope, the Last modified by parameter changes.