Deployments visibility and compliance

Learn how to view deployment and compliance details for your clusters.

1 minute read

StackRox provides visibility into all running workloads in your clusters. This section helps you explore the various ways that StackRox presents cluster information and the associated security context.

Prerequisites

  • You must be running the StackRox Kubernetes Security Platform in an environment with existing running deployments.
  • If you’re running StackRox in an isolated cluster without any application workloads, deploy the Sock shop demo application.
    1. Make a clone of the Sock shop demo application repository:
      Copy
      git clone https://github.com/microservices-demo/microservices-demo.git
    2. Open the cloned folder and use the configuration files to deploy it into your cluster.
      Copy
      cd microservices-demo/deploy/kubernetes/
      kubectl create namespace sock-shop
      kubectl apply -f complete-demo.yaml

1. View deployment details

Use the Network Graph view to see active and allowed network connections between the namespaces and the deployments.

  1. Select Network Graph from the navigation menu on the left.
  2. Select All for Connections to see both active and allowed connections.
  3. Zoom in the SOCK-SHOP namespace to view names of all the deployments in this namespace.
  4. Select the orders deployment to view its details.

2. View compliance details

Use the Compliance Dashboard view to check and validate compliance based on industry standards.

  1. Select Compliance from the left hand navigation menu.

  2. On the Compliance view header, select Scan Environment.

    Scanning the entire environment takes about 2 minutes to complete. This time may vary depending on the number of clusters and nodes in your environment.

  3. After the scan is complete, select View Standard on the PCI DSS compliance widget from the Compliance Dashboard view.

  4. Apply the Namespace:sock-shop and Control:1.1.4 filters to view the compliance status of this control in the sock-shop namespace.

3. Generate network policy

The StackRox Kubernetes Security Platform allows you to autogenerate network policies based on the actual observed network communication flows in your environment. Generate network policies from the Network Graph view to improve the compliance score on the PCI benchmark.

  1. Select Network Graph from the navigation menu on the left.
  2. On the filter bar, apply the Namespace:sock-shop filter to view the details of sock-shop namespace.
  3. Select Network Policy Simulator.
  4. In the panel that opens, select Generate and simulate network policies. The generated network policy configuration YAML opens in the same panel.
  5. Select Apply Network Policies, to apply the generated policies.

After applying the autogenerated network policy, follow the instructions in the View compliance details section again to check the increased PCI compliance score.

Since the generated network policies meet requirements for isolation of retail applications that handle cardholder data, after applying these policies the PCI compliance score increase for the sock-shop namespace.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.