Discover Red Hat Advanced Cluster Security for Kubernetes architecture and concepts.
Red Hat Advanced Cluster Security for Kubernetes installs as a set of containers in your OpenShift Container Platform cluster and it includes multiple components. You can categorize these components as follows:
Centralized components
Per-cluster components
Per-node component
Category | Quantity | Components |
---|---|---|
Centralized components |
1 for multiple clusters. |
Central |
Scanner |
||
Per-cluster components |
1 for each cluster. |
Sensor |
Admission controller |
||
Per-node component |
1 on each node. |
Collector |
You deploy centralized components only once and you can monitor multiple separate clusters by using the same installation. Red Hat Advanced Cluster Security for Kubernetes includes the following centralized components:
Central
Scanner
Central is the main component of Red Hat Advanced Cluster Security for Kubernetes and it is installed as a Kubernetes deployment. It handles data persistence, API interactions, and user interface (Portal) access. You can use the same Central instance to secure multiple OpenShift Container Platform or Kubernetes clusters.
Red Hat Advanced Cluster Security for Kubernetes includes an image vulnerability scanning component called Scanner. It analyzes all image layers to check for known vulnerabilities from the Common Vulnerabilities and Exposures (CVEs) list. Scanner also identifies vulnerabilities in packages installed by package managers and in dependencies for multiple programming languages.
Scanner only scans those images that are not already scanned by other integrated vulnerability scanners. It means that if you have integrated Red Hat Advanced Cluster Security for Kubernetes with other vulnerability scanners, Scanner checks and uses the scanning results from the integrated scanner if available. |
You deploy the per-cluster components into each cluster that you want to monitor. Red Hat Advanced Cluster Security for Kubernetes includes the following per-cluster components:
Sensor
Admission controller
Red Hat Advanced Cluster Security for Kubernetes uses the Sensor component to monitor Kubernetes and OpenShift Container Platform clusters. It handles interactions with the OpenShift Container Platform or Kubernetes API server for policy detection and enforcement, and it coordinates with Collector.
The admission controller prevents users from creating workloads that violate security policies in Red Hat Advanced Cluster Security for Kubernetes.
You deploy the per-node components in all nodes that you want to monitor. Red Hat Advanced Cluster Security for Kubernetes includes the following per-cluster components:
Collector
Collector collects and monitors information about container runtime and network activity. It then sends the collected information to Sensor.