Red Hat Advanced Cluster Security for Kubernetes Support Policy
Red Hat Advanced Cluster Security for Kubernetes (Red Hat Advanced Cluster Security or ACS) provides the tools and capabilities to address the security needs of a cloud-native development approach on Kubernetes. The ACS solution offers visibility into the security of your cluster, vulnerability management, and security compliance through auditing, network segmentation awareness and configuration, security risk profiling, security-related configuration management, threat detection, and incident response. In addition, ACS grants an ability to pull the actions from that tooling deep into the application code development process through APIs. These security features represent the primary work any developer or administrator faces as they work across a range of environments, including multiple datacenters, private clouds, or public clouds that run Kubernetes clusters.
Using Red Hat Advanced Cluster Security for Kubernetes (Red Hat Advanced Cluster Security), you can gain comprehensive Kubernetes security that includes the following use cases:
- Visibility: See your entire landscape of images, registries, containers, deployments, and runtime behavior.
- Vulnerability Management: Identify and remediate vulnerabilities in both container images and Kubernetes across the entire software development life cycle.
- Compliance: Audit your systems against CIS Benchmarks, NIST, PCI, and HIPAA, with interactive dashboards and one-click audit reports.
- Network Segmentation: Visualize existing connections and enforce tighter segmentation using Kubernetes-native controls to reduce your blast radius.
- Risk Profiling: See all your deployments ranked by risk level, using context from Kubernetes’ declarative data, to prioritize remediation.
- Configuration Management: Apply best practices for Docker and Kubernetes to harden your environment for a more secure and stable application.
- Threat Detection: Use rules, automated allow lists, and baselining to accurately identify suspicious activity in your running applications.
- Incident Response: Take action, from failing builds and blocking deployments to killing pods and thwarting attacks, using Kubernetes for enforcement.
The following table outlines the browsers that are supported for viewing the Red Hat Advanced Cluster Security web user interface.
Browser support is divided into tiers:
- Tier 1: Browser and operating system combinations that are fully tested and fully supported. Red Hat Engineering is committed to fixing issues with browsers on this tier.
- Tier 2: Browser and operating system combinations that are partially tested, and are likely to work. Limited support is provided for this tier. Red Hat Engineering will attempt to fix issues with browsers on this tier.
- Tier 3: Browser and operating system combinations that are not tested, but may work. Minimal support is provided for this tier. Red Hat Engineering will attempt to fix only minor issues with browsers on this tier.
|Tier 1||Google Chrome 88.0 (64-bit)|
|Tier 2||Mozilla Firefox Version 82.0.2 (64-bit)|
|Tier 3||Microsoft Internet Explorer Edge - Version 44 and later (Windows), Version 81 (Official build) (64-bit) (MacOS) Safari on MacOS (Mojave) - Version 14.0|
Supported Platforms for Red Hat Advanced Cluster Security for Kubernetes
Red Hat Advanced Cluster Security has 2 main architectural components with sub components:
- A server component called the “Central” where the scanner, persistent storage, API server, and user interface is running.
- A distributed framework wherein a “Collector” is run on each node inside the clusters, a single “Sensor” is run on each managed cluster, and a single “Admission Controller” is run on each managed cluster. These are the 3 components that are installed on all Kubernetes clusters that will be managed by the “Central”.
|Platform||Supported for Central||Supported for Security|
|Red Hat OpenShift Container Platform (OCP) 3.11.z||No||Yes|
|Red Hat OpenShift Container Platform (OCP) 4.x||Yes||Yes|
|Red Hat OpenShift Kubernetes Engine (OKE) 4.x||No||Yes|
|Amazon Elastic Kubernetes Service (Amazon EKS) (Kubernetes 1.15and later)||Limited||Yes|
|Google Kubernetes Engine (Google GKE) (Kubernetes 1.15 and later)||Limited||Yes|
|Microsoft Azure Kubernetes Service (Microsoft AKS) (Kubernetes 1.15 and later)||Limited||Yes|
Support is provided for Red Hat Advanced Cluster Security for Kubernetes (ACS) software versions up to 6 months after they are released, which typically corresponds to the previous 9 released versions (Y.X.Z.Q). You may be requested to upgrade to a newer released version of RHACS for full support when you fall outside of that timeline.
Note: More detailed information on supported platforms and product life cycle can be found here.
Previously-mentioned features found in Red Hat Advanced Cluster Security for Kubernetes are offered on all supported platforms listed in the previous table, with the exception of the admission controller. Only the architectural components are limited at this time to specific Kubernetes distributions.
Support Acquisition Information
Red Hat Advanced Cluster Security for Kubernetes (ACS) is an acquired offering. Should you have an existing support relationship with StackRox, that will be honored for its duration. Existing customers of StackRox at the time of the acquisition are grandfathered into their existing supported platforms as explained in the StackRox documentation.
- The availability of support for any platform may be subject to the overarching platform life cycle and end of life dates
- The Red Hat Advanced Cluster Security for Kubernetes (ACS) Admission Controller has limited support on Red Hat OpenShift Container Platform 3.11.z. This only limits the feature capabilities related to capturing cluster events based on port forwards and pod execs.
- Advanced Cluster Security for Kubernetes (ACS) Central is tested, qualified and fully supported exclusively on Red Hat OpenShift 4. Deployment and use of Central on non-OpenShift 4 environments is possible; support is limited to the ACS product software and not the underlying infrastructure provider. As part of diagnosing and isolating the issue, customers could be required to reproduce issues on an OpenShift 4 environment. In the event of an issue being specific to a provider and cluster which is not OpenShift 4, Red Hat provides commercially reasonable support to isolate issues. Customers may be expected to open a case with their respective provider. Please see the Red Hat 3rd party support policy.