Red Hat SummitChapter 23. Accessing vulnerability information in the OpenShift Container Platform web console
Beginning with the 4.10 release, Red Hat Advanced Cluster Security for Kubernetes (RHACS) includes a dynamic plugin as a part of the RHACS Operator. This plugin provides access to vulnerability management information for your secured cluster workloads directly from the OpenShift Container Platform web console.
With this console dynamic plugin, data gathered by RHACS is displayed in the OpenShift Container Platform interface, providing information about CVEs, image and workload vulnerabilities, and verified image signature status. Authorized security administrators, platform engineers, and application developers gain a unified view of security status that is embedded in their day-to-day OpenShift Container Platform workflows.
RHACS Vulnerability Management in OpenShift Container Platform plugin is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.
23.1. Enabling the plugin
To view vulnerability information for a secured cluster, make sure that the console dynamic plugin is enabled.
For a fresh installation of Red Hat Advanced Cluster Security for Kubernetes (RHACS) 4.10, the console dynamic plugin is enabled by default when you install the RHACS Operator on a cluster. You can choose to disable the plugin if you do not want to use it. For an upgrade to RHACS 4.10, the dynamic plugin is disabled by default, and you must enable the plugin during or after the installation of the RHACS Operator.
To review enablement status during Operator installation, or to enable the console plugin after Operator installation, use the following steps.
Prerequisites
- You are running OpenShift Container Platform version 4.19 or later.
- You are running the RHACS version 4.10 code base for both secured cluster services and Central services.
- You have access to an OpenShift Container Platform cluster using an account with Operator installation permissions.
- As part of the installation process for the RHACS Operator, you will install secured cluster services on the cluster.
Procedure
During the installation of the RHACS Operator on the cluster, on the Install Operator page, ensure that the Console plugin option is set to Enable.
NoteYou can also review and change the enablement status of the console dynamic plugin after the installation of the RHACS Operator by viewing the installed operator details and checking whether the Console plugin section shows the console plugin with an Enabled or Disabled status.
Verification
- In the web console, verify that a new Security option, with a Vulnerabilities secondary option, displays in the navigation menu. If you are an authorized user with access to all of the deployment-like resources within the selected project or namespace for a secured cluster, use these options to view vulnerability information.
- In addition, verify that a new Security tab displays on certain pages in the web console, such as the details views for individual projects, namespaces, deployments, and daemonsets.
23.2. Viewing vulnerability information in the web console
Use the Security navigation option in the OpenShift Container Platform web console to view vulnerability information that is scoped to the namespace of a secured cluster.
Prerequisites
- The console plugin is enabled on the secured cluster.
Procedure
- In the web console, ensure that the relevant project for the secured cluster is selected.
- In the OpenShift Container Platform web console navigation, click Security > Vulnerabilities.
- From the Workload vulnerabilities page, click the CVEs, Images, or Deployments option to determine the context in which you want to view vulnerabilities.
In the displayed results, click a specific result to view detailed information about the vulnerability.
NoteYou can also view vulnerability information on other pages in the OpenShift Container Platform web console by clicking the Security tab. For example, you can view vulnerability information in the details views for individual projects, namespaces, deployments, and daemonsets.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}