From f04a011c17ef5751f33b97c1fb66966f482a4613 Mon Sep 17 00:00:00 2001 From: Vadim Zharov Date: Fri, 20 Sep 2024 17:04:12 -0500 Subject: [PATCH 1/2] docs: update compliance-scan.md (#3841) * Update compliance-scan.md * ci: auto-formatting prettier issues * text updated * ci: auto-formatting prettier issues * docs: minor fixes to match voice and style in docs * docs: vale fix * Update docs/docs-content/clusters/cluster-management/compliance-scan.md --------- Co-authored-by: vadimzharov Co-authored-by: Karl Cardenas Co-authored-by: Karl Cardenas <29551334+karl-cardenas-coding@users.noreply.github.com> (cherry picked from commit 9253440b47d72325a6845d2423c693f0044eba43) --- .../cluster-management/compliance-scan.md | 75 +++++++++++++++---- 1 file changed, 59 insertions(+), 16 deletions(-) diff --git a/docs/docs-content/clusters/cluster-management/compliance-scan.md b/docs/docs-content/clusters/cluster-management/compliance-scan.md index 9187a1a021..d837aaf4c3 100644 --- a/docs/docs-content/clusters/cluster-management/compliance-scan.md +++ b/docs/docs-content/clusters/cluster-management/compliance-scan.md @@ -154,30 +154,33 @@ page for that particular vulnerability. ## Scan Options -The following options are available for running cluster scans: +The following options are available cluster scans. -## On Demand +- **On Demand**: Start a scan immediately. +- **Scheduled**: Schedule a scan to start at a specific time. -A cluster scan of any type can be started by navigating to the **Scans** tab of a cluster in Palette. Scan progress -displays as 'Initiated' and transitions to 'Completed' when the scan is complete. +#### On Demand -| **On Demand Scan** | -| ---------------------------------------------------------- | -| Select the cluster to scan -> Scan(top panel) -> Run Scan. | +On demand scans can be initiated by navigating to the **Scans** tab of a cluster's details page in Palette. The scan +progress displays as **Initiated** and changes to **Completed** when the scan is complete. -## Scheduled +| **On Demand Scan** | +| --------------------------------------------------------------------------------------------------- | +| From the cluster details page. Select the Scan tab. Click on **Run Scan** on the desired scan type. | -You can set a schedule for each scan type when you deploy the cluster, and you can change the schedule at a later time. +#### Scheduled -| **During Cluster Deployment** | -| ----------------------------------------------------------------------------------- | -| Add New Cluster -> Settings -> Schedule scans -> Enable and schedule desired scans. | +You can set a fixed schedule for a scan when you deploy the cluster. You can also change the schedule at a later time. -| **Running Cluster** | -| ------------------------------------------------------------------------------------------------------------------------ | -| Select the cluster to scan -> Settings -> Cluster Settings -> Scan Policies -> Enable and schedule scans of your choice. | +| **Cluster Deployment** | +| ----------------------------------------------------------------------------------------------------- | +| From the cluster creation settings page. Click on **Schedule scans** tab and configured the schedule. | -### Schedule Options Available +| **Active Cluster** | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| From the cluster details page. Click on the **Settings drop-down Menu**. Select **Cluster Settings**, followed by clicking on the **Scan Policies** tab. Enable and schedule the scans of your choice. | + +#### Schedule Options Available This operation can be performed on all cluster types across all clouds. Schedule your compliance scan for month, day, hour, or minute. The following options are available: @@ -186,3 +189,43 @@ hour, or minute. The following options are available: - Every two weeks at midnight. - Every month on the first day of the month at midnight. - Every two months on the first day of the month at midnight + +## Scan reports + +All scan reports are available in the Palette UI. You can download them in CSV or PDF formats. + +The Palette agent stores reports in the Kubernetes cluster as a Kubernetes resource. You can list all available reports +in the cluster and gather each report's status. To retrieve the list of all available reports, use the admin kubeconfig +file downloaded and kubectl. Refer to the [Kubectl](./palette-webctl.md) to learn how to download the kubeconfig file +and configure kubectl. + +To list all available reports, use the following command. + +``` +kubectl get audits.cluster.spectrocloud.com --all-namespaces +``` + +The output of this command provides the list of all reports executed on this Kubernetes cluster with the status for each +report. + +```shell hideClipboard +NAMESPACE NAME AGE STATUS +cluster-66d8a761ed405e70b86a8a17 kube-bench-66df28ab3c13fb7876674c98-xscvq 5h14m Complete +cluster-66d8a761ed405e70b86a8a17 kube-hunter-66df65dced406e0856d8536a-zetys 53m Complete +cluster-66d8a761ed405e70b86a8a17 syft-66df6d437cda16db7074cefe-czfxq 21m Complete +``` + +To check the details for a particular report, including report content. Issue the following command and replace the +`` with the actual cluster UUID and `` with the name of the report from the list. + +```shell +kubectl get audits.cluster.spectrocloud.com --namespace cluster- --output yaml +``` + +Below is an example of the command to get the details of the kube-bench report. + +```shell +kubectl get audits.cluster.spectrocloud.com --namespace cluster-66d8a761ed405e70b86a8a17 kube-bench-66df28ab3c13fb7876674c98-xscvq --output yaml +``` + +The scan report content is available in the output block `status.results..scanReport.Worker.reportData`. From 4766d6e43c4ba032edf20f3eb9811fe1b0c82878 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Fri, 20 Sep 2024 15:33:10 -0700 Subject: [PATCH 2/2] chore: fixed gitleaks --- .gitleaksignore | 1 + docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitleaksignore b/.gitleaksignore index 33e95bb132..e0489d81fa 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -136,3 +136,4 @@ e4040084011d4d7935a589959b96ebc5cfba7a94:docs/docs-content/integrations/kubernet 59fcb296e3d4651a5d979fb8e9cab772e429bf81:docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md:generic-api-key:199 60a2dee998e99037999d2f561ffd442cc667af57:docs/docs-content/integrations/kubernetes.md:generic-api-key:1005 99f9720516a709d2122104a2fc95efefe8e798c5:docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md:generic-api-key:187 +41db907f669bfbfca80c9501b9b90209fb94d946:docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md:generic-api-key:187 diff --git a/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md b/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md index 884b5e75f8..0c26f24d76 100644 --- a/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md +++ b/docs/docs-content/tutorials/edge/deploy-cluster-virtualbox.md @@ -184,7 +184,7 @@ displayed in the example output below. stylus: site: paletteEndpoint: api.spectrocloud.com - edgeHostToken: 62ElvdMeX5MdOESgTleBjjKAB123456 + edgeHostToken: **************** users: - name: kairos