In this tutorial we will learn about Alcide Kubernetes Advisor, and how we can implement continuous security and cluster hygiene for one or more Kubernetes clusters.

Alcide Code-to-production security

Alcide Advisor is an agentless Kubernetes audit, compliance and hygiene scanner that's built to ensure a friction free DevSecOps workflows. Alcide Advisor can be plugged in early in the development process and before moving to production.

With Alcide Advisor, the security checks you can cover includes:

If you already have a running kubernetes cluster you can work with you can skip this step

For this tutorial you will need a Kubernetes cluster with enough permissions to deploy resources into it.

Alcide Code-to-production security

Clone Alcide Advisor Git repo

cd /tmp
git clone https://github.com/alcideio/advisor.git

Go to the Helm chart named cluster-job and edit values.yaml file

cd advisor/deploy/charts/alcide-advisor-cronjob/
vi values.yaml

Find the next lines and set your Slack Channel and Token:

slack:
  channel: <Your_Slack_Channel>
  token: <Your_Slack_API_Token>

Go to your Slack Channel and download the scan.html and review the result across the various categories.
Positive

Note that if your didn't change the default configuration then the Advisor's scan would run every 1 minute

Alcide Code-to-production security

To uninstall the Helm Chart and delete the related files, simply run this:

helm uninstall advisor-job
cd /tmp
rm -rf advisor/

Alcide Code-to-production security

CI+CD Integration samples

See https://github.com/alcideio/pipeline

GKE Multi-cluster Scan Example

See gke-advisor-scan.sh

Alcide Code-to-production security