From 04e849357a5a355a28bf4bbd983d1479df0e7b63 Mon Sep 17 00:00:00 2001 From: an1l4 <1995anila@gmail.com> Date: Wed, 3 Apr 2024 15:33:17 +0530 Subject: [PATCH] trivy-enhancement-and-healthcheck --- .../1.0.0/1-docs-structure/_index.en.md | 10 ++-- .../1.0.0/3-setup/installation/_index.en.md | 2 +- content/kubviz/1.0.0/4-community/_index.en.md | 2 +- .../1.0.0/8-security-tracking/_index.en.md | 54 +++++++++++++++++++ .../kubviz/1.0.0/9-health-check/_index.en.md | 35 ++++++++++++ 5 files changed, 96 insertions(+), 7 deletions(-) create mode 100644 content/kubviz/1.0.0/8-security-tracking/_index.en.md create mode 100644 content/kubviz/1.0.0/9-health-check/_index.en.md diff --git a/content/kubviz/1.0.0/1-docs-structure/_index.en.md b/content/kubviz/1.0.0/1-docs-structure/_index.en.md index f4e66d5..12ff38d 100644 --- a/content/kubviz/1.0.0/1-docs-structure/_index.en.md +++ b/content/kubviz/1.0.0/1-docs-structure/_index.en.md @@ -13,21 +13,21 @@ Welcome to the KubViz Documentation! This guide is designed to provide you with ### Overview -[Overview](../2-overview/_index.en.md): Discover a comprehensive overview of the KubViz project, where seamless solutions for Kubernetes and DevSecOps workflows await. Explore how KubViz transforms complexities into ease, offering a suite of user-friendly features crafted to enhance and simplify your tasks. +[Overview](../2-overview): Discover a comprehensive overview of the KubViz project, where seamless solutions for Kubernetes and DevSecOps workflows await. Explore how KubViz transforms complexities into ease, offering a suite of user-friendly features crafted to enhance and simplify your tasks. ### Installation -[Getting started](../3-setup/installation/_index.en.md): The starting point to set up KubViz on your cluster. Follow the instructions here to get KubViz up and running efficiently. +[Getting started](../3-setup/installation): The starting point to set up KubViz on your cluster. Follow the instructions here to get KubViz up and running efficiently. ### Usecase -[Usecase](../5-usecase/_index.en.md): This section we illuminate the powerful capabilities designed to streamline your Kubernetes and DevSecOps workflows. Discover how KubViz simplifies complex tracking tasks across various crucial aspects of your infrastructure. +[Usecase](../5-usecase): This section we illuminate the powerful capabilities designed to streamline your Kubernetes and DevSecOps workflows. Discover how KubViz simplifies complex tracking tasks across various crucial aspects of your infrastructure. ### Contribution -[Contributing](../6-contribution/_index.en.md): KubViz, developed using Golang under the Apache License, enthusiastically invites contributions from individuals like you. Your input is invaluable, whether it's providing feedback on GitHub, engaging in discussions within our Discord server's `#feedback` channel, or actively participating in feature testing. Your involvement greatly enriches the KubViz community and development efforts. +[Contributing](../6-contribution): KubViz, developed using Golang under the Apache License, enthusiastically invites contributions from individuals like you. Your input is invaluable, whether it's providing feedback on GitHub, engaging in discussions within our Discord server's `#feedback` channel, or actively participating in feature testing. Your involvement greatly enriches the KubViz community and development efforts. ### FAQs -[FAQs](../7-faq/_index.en.md) : Have questions about KubViz? Check out our FAQ section, where we aim to address common queries. Your suggestions for additional questions are always welcome. Find answers to frequently asked questions about KubViz. +[FAQs](../7-faq) : Have questions about KubViz? Check out our FAQ section, where we aim to address common queries. Your suggestions for additional questions are always welcome. Find answers to frequently asked questions about KubViz. diff --git a/content/kubviz/1.0.0/3-setup/installation/_index.en.md b/content/kubviz/1.0.0/3-setup/installation/_index.en.md index 3ed2620..ca97262 100644 --- a/content/kubviz/1.0.0/3-setup/installation/_index.en.md +++ b/content/kubviz/1.0.0/3-setup/installation/_index.en.md @@ -164,7 +164,7 @@ Once everything is up and running, you need to perform additional configurations To ensure that these events are sent to KubViz, you need to create a webhook for your repository. This webhook will transmit the event data of the specific repository or registry to KubViz. -To set up a webhook in your repository, [please follow these steps](../configuration/_index.en.md) +To set up a webhook in your repository, [please follow these steps](../configuration) #### How to View Event Data in Grafana diff --git a/content/kubviz/1.0.0/4-community/_index.en.md b/content/kubviz/1.0.0/4-community/_index.en.md index 2a64402..ecdf81e 100644 --- a/content/kubviz/1.0.0/4-community/_index.en.md +++ b/content/kubviz/1.0.0/4-community/_index.en.md @@ -8,7 +8,7 @@ draft: false The KubViz community, brought together by Intelops, comprises industry-experienced individuals united by a singular mission: "Sharing is caring!" -Engage and [contribute](../6-contribution/_index.en.md) to our community, where collaboration and shared knowledge thrive. +Engage and [contribute](../6-contribution) to our community, where collaboration and shared knowledge thrive. ## Discord Server diff --git a/content/kubviz/1.0.0/8-security-tracking/_index.en.md b/content/kubviz/1.0.0/8-security-tracking/_index.en.md new file mode 100644 index 0000000..93504da --- /dev/null +++ b/content/kubviz/1.0.0/8-security-tracking/_index.en.md @@ -0,0 +1,54 @@ +--- +title: "Security Tracking" +date: 2024-04-03 +weight: 8 +draft: false +--- + +## Cluster Scanning + +Using KubViz, you can comprehensively scan Kubernetes containers for security flaws such as vulnerabilities and misconfigurations. + +### Purpose + +- It helps in detecting vulnerabilities in operating system packages (like Alpine, Debian, Ubuntu, etc.) +- This could include ensuring the security of containerized applications, compliance with security standards, or reducing the risk of security breaches. +- Detects configuration issues in Kubernetes cluster. + +## Image Scanning + +KubViz helps to identify vulnerabilities in container images. + +It focuses on scanning container images for known vulnerabilities in the installed packages and libraries. + +It will analyze the layers of the image and compare the installed packages and libraries against its vulnerability database. It will then provide a report highlighting any known vulnerabilities found. + +## Sbom + +Generate reports for Software Bill of Materials (SBOM) from images within your Kubernetes cluster using KubViz in the CycloneDX format. + +These reports will be available in JSON format, and you can visualize this data on Grafana dashboard. + +## Customizing Security Scanning + +You can customize the security scans by changing the chart values. + +- To [Disable](https://github.com/intelops/kubviz/blob/main/charts/agent/values.yaml#L189) the cluster scan you can pass 0 or empty string + +```yaml +schedule: + enabled: true + trivyclusterscanInterval: 0 +... +``` + +- For changing the interval, pass the interval time + +```yaml +schedule: + enabled: true + trivyclusterscanInterval: "@every 24h" +... +``` + +Same you can change for [image-scan](https://github.com/intelops/kubviz/blob/main/charts/agent/values.yaml#L187) and [sbom](https://github.com/intelops/kubviz/blob/main/charts/agent/values.yaml#L188) diff --git a/content/kubviz/1.0.0/9-health-check/_index.en.md b/content/kubviz/1.0.0/9-health-check/_index.en.md new file mode 100644 index 0000000..962c3a7 --- /dev/null +++ b/content/kubviz/1.0.0/9-health-check/_index.en.md @@ -0,0 +1,35 @@ +--- +title: "Health Check" +date: 2024-04-03 +weight: 9 +draft: false +--- + +## Health Check + +You can run different types of checks against your Kubernetes cluster to detect any issues or potential problems before they cause any downtime or service disruptions. Check will run in the background and sends data to kubviz. After analysing the data from dashboard you can take corrective action quickly, if any issues are detected. + +### Configuration + +You'll need to [configure](https://github.com/intelops/kubviz/blob/main/charts/agent/values.yaml#L192) it to run health checks on your Kubernetes cluster. + +```yaml +kuberhealthy: + enabled: true +... +``` + +## Run Health Checks + +Once you've configured it will start running health checks on your Kubernetes cluster. It supports a variety of health checks, The checks are: + + +Check Name | Description | +------ | -------- | +Daemonset check | Ensures daemonsets can be successfully deployed | +DNS status check | Checks for failures with DNS, including resolving within the cluster and outside of the cluster | +Deployment check | Ensures that a Deployment and Service can be provisioned, created, and serve traffic within the Kubernetes cluster | +Image pull check | Verifies that an image can be pulled from an image repository | +Pod status check | Checks for unhealthy pod statuses in a target namespace | +Pod restart | Checks for excessive pod restarts in any namespace | +Resource quota check | Checks if resource quotas (CPU & memory) are available |