Views:

Connect Kubernetes and Amazon ECS clusters, deploy Container Protection policies and proxy settings, create and manage Kubernetes cluster groups, and monitor your container environment from Container Inventory.

Different options are available for Kubernetes and Amazon ECS clusters. The options are outlined in the tables below.
Tip
Tip
You can find assets by using the search function or clicking the filter icon (filter_icon=GUID-1d5c17ad-8efa-46f7-a1c7-33cbc1b1329c.png) to apply filters by column headings.

Kubernetes

The following table outlines the options available for Kubernetes clusters.
Option
Options
View details about your container environment
Container Inventory provides a tree view to manage the protection of all your connected Kubernetes clusters.
Kubernetes tree hierarchy: Orchestration system (Kubernetes) > Orchestration platform > Cluster > Node > Pod > Container
The following orchestrations platforms are available:
  • Amazon EKS
  • Microsoft AKS
  • Google Cloud GKE
  • Self-managed
Add new Kubernetes clusters
Select an orchestration platform from the tree. Click Add Cluster (if clusters have previously been added to the orchestration platform) or Deploy protection to a Kubernetes Cluster (if no clusters have previously been added to the orchestration platform).
For detailed instructions, see:
Stop protecting Kubernetes clusters
Select Kubernetes or an orchestration platform from the tree, select the radio button next to the cluster name, and then click Remove Cluster.
Note
Note
Removing a cluster from the list does not delete existing data received by Trend Vision One.
Create and manage cluster groups
Organize Kubernetes clusters into groups for enhanced control and streamlined management.
  • Create a new group: Select the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) next to the orchestration platform or an existing group. The new group will be created within the selected group.
  • Create a new cluster within a group: Select a group from the tree and click Add Cluster or Deploy protection to a Kubernetes Cluster. The new cluster will be added within the selected group.
  • Move clusters to a different group: Select the orchestration platform from the tree and then select the clusters from the list. Click Change Cluster Group and then follow the on-screen instructions.
    Note
    Note
    You can only move clusters between groups that are the same type. For example, you cannot move an EKS cluster to an AKS group.
  • Edit group settings: Click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) next to the group to rename, or remove the group.
Note
Note
Asset Visibility Scope supports this feature by allowing specific permissions to be assigned by groups, facilitating more efficient management of clusters.
Change cluster settings
Select a cluster from the tree to manage settings. You can change the following settings.
  • Proxy Settings Tool: Generate a Helm script that you can use to deploy new proxy settings to your cluster.
  • Policy: Select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.
  • Policy: Select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.
  • Map to cloud account: Turn on, specify the required information (ARN, Resource ID), and click Save.
    Hover over the link below the text field to find out how to locate the required information in your management service.

Amazon ECS

The following table outlines the options available for Amazon ECS cluster.
Option
Options
View details about your container environment
Container Inventory provides a tree view to manage the protection of all your connected Amazon ECS clusters.
Amazon ECS hierarchy: Orchestration platform (Amazon ECS) > Cloud account > Region > Cluster > Services > Tasks > Containers
Add new Amazon ECS clusters
Select Amazon ECS, a cloud account, or a region from the tree. Click Add account (if other clusters have previously been added) or Add and protect Amazon ECS assets (if no clusters have previously been added).
For detailed instructions, see:
Enable or disable runtime security and scanning on clusters
Select one or more clusters from the tree to enable or disable runtime security or runtime scanning.
  • Runtime security: Provides visibility into any activity of your running containers that violates a customizable set of rules.
  • Runtime scanning: Provides visibility of operating system and open source code vulnerabilities that are part of containers running in clusters.
Assign new policies
Select a cluster from the tree. In the Policy field, select from existing Container Protection policies or click View Policy editor in Container Protection App to modify the current policy settings.