To integrate Bridgecrew Cloud with a Kubernetes workload:

1. Under Kubernetes, press Workload and then Add Subscription.

2. In your Kubernetes cluster, create a namespace, secret and cron job.
3. Add the cluster name in Bridgecrew Cloud as shown below.

4. Copy the example shown in Bridegcrew Cloud, add the actual cluster name and run the commands in your Kubernetes CLI.

Namespace filtering

If you want to suppress a namespace from scans, update the above CLI commands to add a skip section. See the below example skipping the kube-system namespace:

kubectl create ns bridgecrew
kubectl create secret generic bridgecrew-rt-secret \ 
    --from-literal=apikey=<my_api_key> \
    --from-literal=repoid='runtime/<my_cluster_name>' \
    --from-literal=skip='kube-system' -n bridgecrew

If you have already deployed the integration, you can update the skipped namespaces as shown below:

kubectl patch secret bridgecrew-rt-secret -n bridgecrew -p='{"stringData":{"skip": "kube-system,default"}}'

Kubernetes Versioning

Use this command for pre-1.19 versions:

kubectl apply -f https://raw.githubusercontent.com/bridgecrewio/bridgecrew-kubernetes/master/bridgecrew-cronjob-pre-1.19.yaml

Use this command for versions 1.19 and higher:

kubectl apply -f https://raw.githubusercontent.com/bridgecrewio/bridgecrew-kubernetes/master/bridgecrew-cronjob.yaml

Resource Requests and Limits

By default, the manifest specifies the following resource requests and limits:

• CPU: 0.5
• Memory: 512 Mi

We recommend allocating 1 vCPU and 1 Gi for every 1000 resources in the cluster. The following table shows sample values that work as a starting point. You may need to modify these numbers based on the details of your cluster, and in many cases you may be able to use smaller values.

If the scanning job does not complete within an hour, we recommend increasing these limits and / or decreasing the cron job frequency.