Compliance 2.0 is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope. |
You can view the compliance results associated with your cluster by using the compliance 2.0 feature in the Red Hat Advanced Cluster Security for Kubernetes (RHACS) portal. The feature collects compliance information gathered by the Compliance Operator into a single interface.
For more information about using the Compliance Operator, see Using the Compliance Operator with Red Hat Advanced Cluster Security for Kubernetes.
Currently, the compliance 2.0 feature and the Compliance Operator evaluate only infrastructure and platform compliance. |
By viewing the cluster compliance page, you can get a comprehensive overview of the compliance status of your clusters.
In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Coverage tab.
The cluster compliance page organizes information in the following groups:
Cluster: Gives the details of your cluster and provides a snapshot of its current state and configurations.
Operator status: Assesses the health and operational status of the Compliance Operator instance within your cluster and ensures that the Operator is running optimally and functioning seamlessly.
Compliance: Shows the percentage of checks that have been passed for the scanned profiles.
By creating a compliance scan schedule, you can customize and automate your compliance scans to align with your operational requirements.
In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Schedules tab.
Click Create scan schedule.
In the Configuration options page, provide the following information:
Name: Enter a name to identify different compliance scans.
Description: Specify the reason for each compliance scan.
Configure schedule: Adjust the scan schedule to fit your required schedule:
Frequency: From the drop-down list, select how often you want to perform the scan.
The following values are supported:
Daily
Weekly
Monthly
On day(s): From the list, select one or more days of the week on which you want to perform the scan.
The following values are supported:
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
The first of the month
The middle of the month
These values are only applicable if you specify the frequency of scan as |
Time: Start to type the time in hh:mm
at which you want to run the scan. From the list that is displayed, select a time.
Click Next.
In the Clusters page, select one or more clusters that you want to include in the scan.
Click Next.
In the Profiles page, select one or more profiles that you want to include in the scan.
Click Next.
Review your scan configuration, and then click Create.
In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Schedules tab.
Select the compliance scan you have created.
In the Clusters section, verify that the operator status is healthy.
Optional: To edit the scan schedule, click Edit scan schedule, make your changes, and then click Save.
By viewing the status of a compliance scan, you can efficiently monitor and analyze the health of your clusters.
Wait until the Compliance Operator returns the scan results. It might take a few minutes. |
In the RHACS portal, go to the Compliance (2.0) → Cluster Compliance → Coverage tab.
Select a cluster to view the details of the individual scans.
Optional: Enter the name of the compliance check in the Filter by keyword box to view the status.
Optional: From the Compliance status drop-down list, select one or more statuses by using which you want to filter the scan details.
The following values are supported:
Pass
Fail
Error
Info
Manual
Not Applicable
Inconsistent
By understanding the compliance scan status, you can manage the overall security posture of your environment.
Status | Description |
---|---|
|
The compliance check failed. |
|
The compliance check passed. |
|
Skipped the compliance check because it was not applicable. |
|
The compliance check gathered data, but RHACS could not make a pass or fail determination. |
|
The compliance check failed due to a technical issue. |
|
Manual intervention is required to ensure compliance. |
|
The compliance scan data is inconsistent, and requires closer inspection and targeted resolution. |