Kubernetes Resources Inventory
Learn about the Illumio Cloud Kubernetes Resources Inventory. Kubernetes administrators benefit from advanced search and filter capabilities to quickly locate Kubernetes resources such as clusters, nodes, namespaces, or workloads for both cloud-managed and self-managed clusters. The Kubernetes Resource Inventory helps you quickly and efficiently identify resources that may pose security risks.
See Agentless Containers overview.
For information about Inventory Details pages for your resources, see Inventory Details.
For general information about the Inventory page, see Inventory.
Key capabilities
The Kubernetes Resources Inventory provides a comprehensive list of Kubernetes resources and visualizes connections across clusters and workloads. You can drill down to display Kubernetes resources detailed information on an inventory page, as described in Kubernetes Resources on this page.
Use the following capabilities to identify Kubernetes resources that may be at risk:
Discover clusters: Agentless Containers lets you search for cloud-managed clusters in your cloud service source (CSP). This lets you proactively identify clusters that are not yet protected by Illumio Cloud. For cloud-managed clusters, it helps you determine the total number of protected clusters within each CSP. For example, you can search by the following across different environments:
Region
Kubernetes clusters
Combinations of whole or partial cluster names and CSPs
Identify workload security gaps: Identify and address security gaps across Kubernetes environments by searching according to workload types, including:
Deployment
DaemonSet
Job
CronJob
Application
Labels
Identify resource type security gaps: In addition to searching by workload, you can search by resource types including:
Namespace
NetworkPolicy
Node
Services
Kubernetes resources
The Kubernetes Resources tab displays a list of known Kubernetes resources, including both cloud-managed and self-managed clusters. Illumio Cloud supports all Kubernetes resources, including:
Clusters
Nodes
Namespaces
Deployments
Network Polices
Kubernetes Labels
You can filter them by the following parameters (columns):
Resource (name)
Cloud (self-managed clusters have empty entries)
Region (self-managed clusters have empty entries)
Cluster/Namespace (if the resource is not itself a namespace)
Kubernetes Labels
Last Updated On
Click a Kubernetes entry in the Resource column to see its details, including Resource state and the above column information. This is useful when screen space limits the number of columns visible to you. When you click on a namespace or cluster resource, the details panel displays the following tabs:
General (similar details as seen for other Kubernetes resource types. Note that for non-cluster or namespace resources, you will get only the General tab)
Attached Resources (resources associated with the namespace, with parameters shown in columns similar to those on the main Kubernetes Resources tab)
Map (Kubernetes-focused map where you can view traffic lines and drill down into regions, clusters, and the like)
You can hover over the entries in the Resource, and Cluster/Namespace columns to see their details as well. The hover details may be more concise than those in the details panel.
The Map also displays Kubernetes resources in a separate view. See Map.
Limitations for Kubernetes Resources Inventory
Note that cloud-managed Kubernetes resources have Accounts, Regions, and Clouds associated with them. These three categories are shared across Illumio Cloud. This means that in addition to showing cloud resources like EC2 instances, filtering on terms like Account also shows cloud-managed Kubernetes resources like nodes. However, it does not show self-managed Kubernetes resources because they are not associated with any of these three categories. Filtering on Kubernetes-specific categories like K8s Resource Name shows both cloud- and self-managed resources.
Note that for EKS, Kubernetes Inventory supports only nodes that are part of a node group.