Kubernetes Security Posture Management (KSPM)
KSPM scans your cluster resources to identify configuration risks and compliance violations. This includes checks across:- Cluster configuration: API server, etcd, network policies, and admission controls
- Access controls: RBAC roles, service accounts, and permissions
- Workload configuration: Namespace policies, pod security standards, and resource limits
Kubernetes workload scanning
Workload scanning goes beyond posture checks by inspecting the software inside your workloads. This includes:- Containers and images: Scanning OS packages, libraries, and dependencies for known vulnerabilities
- Runtime workloads: Monitoring pods and deployments for insecure or outdated components
- Registry images: Detecting risks before they are deployed into clusters
Collector manager
Plerion’s collector manager is a Kubernetes deployment that connects your cluster to the Plerion Control Plane. It coordinates collectors inside the cluster, ensuring both KSPM and workload scanning data is collected and sent securely to Plerion.Role of collectors
Collectors gather Kubernetes artifacts, metrics, and events. This data is essential for evaluating cluster posture, detecting misconfigurations, and identifying vulnerabilities in workloads before being processed by the Plerion Control Plane.Why “collector-manager”
The collector manager acts as an operator that oversees multiple collectors, each with a specific task. By centralizing orchestration, it simplifies management and ensures a consistent security and compliance view across the cluster.High availability
To provide resilience, the collector manager is deployed with multiple replicas for redundancy. The controller pod is scheduled with the highest priority (system-cluster-critical), ensuring reliable operation even under heavy cluster workloads.
Supported distributions
The collector manager runs on a range of Kubernetes environments, including:- AWS Elastic Kubernetes Service (EKS)
- On-premises Kubernetes clusters