Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 5. Customizing platform components
Red Hat Advanced Cluster Security for Kubernetes (RHACS) includes enhanced capabilities to classify violations and vulnerabilities into User Workload or Platform categories. Thus helping you focus on actionable data by segmenting issues based on who is responsible for addressing them.
User workloads refer to the applications and images you deploy and manage directly. Platform components include the underlying infrastructure, Operators, and third-party services. By categorizing security findings, RHACS helps you maintain oversight while prioritizing fixes for issues they directly control.
RHACS automatically identifies platform components based on predefined namespaces. Additionally, you can also customize which namespaces RHACS identify as platform components. You can address platform issues by upgrading the offending component, such as OpenShift Container Platform or third-party software, rather than requiring direct user remediation. Thus, by customizing platform components, you can focus on actionable security findings within your user workloads
5.1. Understanding platform components
RHACS automatically identify platform components by built-in definitions. However, with RHACS 4.8 and newer, you can view and customize these definitions, providing more granular control over how RHACS categorizes security findings.
When viewing violations and vulnerabilities in RHACS, they are categorized as either User workloads or Platform. This distinction helps you understand the scope and responsibility for addressing security findings.
User workloads include violations and vulnerabilities that affect the applications and images you deploy and manage in your system.
Platform includes violations and vulnerabilities related to the platform itself, such as those in workloads and images deployed by OpenShift Container Platform and layered services. Platform components are currently defined using entire namespaces, and RHACS uses regular expression patterns to specify such namespaces.
You can view the platform components definition in the RHACS portal by going to Platform Configuration > System Configuration.
The Platform components configuration section lists platform components in the following categories:
- Core system components: These components are part of the core OpenShift Container Platform and Kubernetes namespaces. RHACS includes them in the platform definition by default. You cannot customize these definitions. These definitions might change when you upgrade the system.
- Red Hat layered products: Components found in Red Hat layered and partner product namespaces are included in the platform definition by default. Ensure that you update the definition if you install Red Hat products, including RHACS, into a non-default namespace.
- Custom components: You can extend the platform definition by defining namespaces for additional applications and products. You can use it to classify other namespaces as Platform, such as third-party applications, to exclude them from the focused User workloads views.
5.2. Modifying platform component definitions
You can define platform components by using namespaces to segment platform security findings from user workloads.
Prerequisites
-
You must have the
Administrationrole withreadpermission to view the platform component configuration options. -
You must have the
Administrationrole withwritepermission to modify the platform component configuration.
Procedure
- In the RHACS portal, go to Platform Configuration > System Configuration.
- On the System Configuration view header, click Edit.
Under the Platform components configuration section, click on the Red Hat layered products tab. Components found in Red Hat layered and partner product namespaces are included in the platform definition by default.
-
To modify the Red Hat layered products definition, enter one or more namespaces using regular expressions, separated by a pipe
|symbol. For more information on the syntax structure, see the RE2 syntax reference.
-
To modify the Red Hat layered products definition, enter one or more namespaces using regular expressions, separated by a pipe
Click on the Custom components tab.
- To add a custom platform component, click Add custom platform component. You can add more than one.
- In the new Custom component entry, enter a descriptive Name.
-
Enter the Namespace rules (Regex) for this custom component. Enter one or more namespaces using regular expressions, separated by a pipe
|symbol. For more information on the syntax structure, see the RE2 syntax reference.
- Click Save.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}