Cluster Check

The security check feature provides the security checklist, cluster risk statistics, security check details, and check item management. It allows installing the scanner for specified clusters, performing risk checks, and viewing cluster risk details.
Installing the Scanner
1. Log in to the TCSS console and click Cluster Risk Management > Security Check on the left sidebar.
2. The Security Check page presets a scheduled cluster sync every hour. Click Sync assets to manually sync clusters.
Note: 
Currently, the security checklist applies to the sync of TKE managed and self-deployed clusters.
During your first use of cluster security, you need to manually "sync the assets" once, and the system will then automatically sync them.
﻿

3. On the Security Check page, install the component for a single or multiple clusters.
Single: Select the target Cluster ID and click Install scanner or Install component.
﻿
Multiple: Select the target Cluster IDs and click Install component.
 
﻿
3. In the pop-up window, click OK.
4. After the confirmation, the system will deploy the DaemonSet component on all nodes in the cluster. The scanner will be in the Running status after the installation.
Note: 
When the scanner is installed, the cluster-security-defender DaemonSet workload will be installed in the kube-system namespace of the cluster. To execute a cluster security check, make sure that the DaemonSet workload runs normally.
DaemonSet doesn't affect cluster running or performance. It is subject to the following resource limits:
CPU: 100–250 MB
MEM: 100–250 MiB
To delete the scanner, log in to the TKE console, click Workload on the Cluster details page, select DaemonSet, select cluster-security-defender in the kube-system namespace, and click More > Delete in the Operation column.
Performing a Security Check
On the Security Check page, the system will automatically perform a check after the scanner is installed successfully. You can specify a cluster and click Check again, or specify multiple clusters and click Batch check.
Note: 
 The scanner is not installed by default and needs to be installed before a scan is performed.
﻿
Viewing the Security Check Result
1. On the Security Check page, the Statistics card displays the total number of clusters and the numbers of clusters involving no risks and those not checked.
﻿
2. The Cluster risks card displays the numbers of risky clusters and clusters involving critical risks, high risks, medium risks, and low risks.
﻿
3. On the Security Check page, click View details in the Operation column of the cluster list to enter the Cluster risk details page.
﻿
4. The Cluster risk details page displays all identified cluster risks, cluster details, and risk details of the current cluster.
﻿
5. On the risk details list, select the target check item and click View details to enter the Risk check item details page.
﻿
6. The Risk check item details page displays the risk details, description, solution, and affected assets in the current cluster.
Enabling Automatic Check
Enabling automatic check for a single cluster
1. On the Security Check page, select the target cluster and toggle on 
﻿
.
﻿
2. In the pop-up window, click OK.
Note: 
 After the confirmation, automatic check will be enabled and performed as follows:
Nodes newly added to the cluster will be automatically checked.
The cluster will be checked across every midnight.
Enabling automatic check for multiple clusters
On the Security Check page, select multiple clusters and click Batch check.
Note: 
 Automatic security check is disabled by default and can be enabled for the following check items:
Nodes newly added to the cluster will be automatically checked.
The cluster will be checked across every midnight.
Managing Security Check Items
1. On the Security Check page, click Check item management in the top-right corner.
2. On the check item settings page, the list of check items displays all check items of a security check performed by the system. Click View details to view the check item details.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

TencentCloud TI Platform

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha