Security
Headlines
HeadlinesLatestCVEs

Headline

Insights Advisor for OpenShift - How to react to Advisor recommendations

Red Hat Insights is a SaaS (Software as a Service) offering from Red Hat that centralizes different tools and technologies to help analyze and remediate systems, platforms, and applications. It helps you keep your infrastructure compliant with best practices and security profiles, while also offering cost management and cluster update risks analysis.Insights is available for Red Hat Enterprise Linux, Red Hat Ansible Automation Platform, and Red Hat OpenShift at no additional cost with the associated subscriptions.Insights for OpenShiftRed Hat Insights is present by default in each OpenShift cl

Red Hat Blog
#vulnerability#web#linux#red_hat

Red Hat Insights is a SaaS (Software as a Service) offering from Red Hat that centralizes different tools and technologies to help analyze and remediate systems, platforms, and applications. It helps you keep your infrastructure compliant with best practices and security profiles, while also offering cost management and cluster update risks analysis.

Insights is available for Red Hat Enterprise Linux, Red Hat Ansible Automation Platform, and Red Hat OpenShift at no additional cost with the associated subscriptions.

****Insights for OpenShift****

Red Hat Insights is present by default in each OpenShift cluster as an operator performing cluster data gathering and ingestion. It also provides integration with the web console, which gives a quick view of the cluster and operator status based on the data analysis.

By default, it also provides metrics and alerting configuration for OpenShift Monitoring integration.

The registered cluster, matched by Cluster ID, is also present in the Red Hat Hybrid cloud console, where all details about the cluster are reported. This includes the subscription and monitoring status, as well as a tab where you can get support and retrieve support cases linked to the cluster.

A widget with data about the detected recommendations for the cluster appears in the OpenShift web console when you click the Insights operator field:

****Working with Insights Advisor for OpenShift****

One of the core functionalities of Red Hat Insights for OpenShift is the capability to report and remediate configuration drifts, best practices suggestions, and potential vulnerabilities and issues affecting the clusters registered to it.

This functionality, called Advisor, provides a comprehensive collection of information about your cluster, allowing you to further investigate a reported issue and the remediation steps or processes to fix it.

Recommendations, advisories, and best practices are reviewed and managed by Red Hat and are categorized using two main indicators:

****Recommendations Category****

Based on the type of recommendation, Red Hat indicates five different categories:

  • Service Availability: The recommendation can impact the availability of one or more services in the cluster
  • Performance: The detected issue can potentially impact the performance of the cluster
  • Fault Tolerance: The detected issue can disrupt the availability of the cluster
  • Security: A security threat (CVE, cluster access, and so on) is detected and should be addressed
  • Best Practice: Some configurations may not follow the best practices and should be reviewed

****Total Risk****

This indicator is the result of a combination of:

  • The impact that the advisory has on your clusters
  • The associated risk of change measuring how invasive the remediation is

By combining these two indicators, it’s possible to plan and implement remediation in all clusters.

****Just-in-time notifications for your advisories****

Thanks to the integration of the Insights operator with OpenShift Monitoring, you can be notified through a pre-configured alertmanager alert if there’s any recommendation available for your cluster. It provides useful information with a description of the advisory and a link to the Red Hat Hybrid Cloud console with details on how to remediate it.

Since the alert is based on a metric exposed by the Insights operator to Prometheus, it can also be integrated with other monitoring and notification tools so you can receive notifications by email, or have an ITSM ticket raised upon advisory detection.

****The remediation recipe****

Once an advisory is available for your cluster, you can head to Advisor > Recommendations in the Red Hat Hybrid cloud console, or by following the link you find in the alert.

Once you access the recommendation for your cluster, you get a detailed and dedicated section with the description and the steps required to remediate it.

In this example, it’s a very simple one, Insights detected a misconfiguration (two default storage classes defined in the same cluster) that could lead to potentially unexpected behaviors when attempting to attach storage to my workloads.

As you can see in the picture, along with the steps for resolution, there is a dedicated tab called Update risks that provides information about a potential blocker or issue that could be affecting or preventing cluster updates.

Once the suggested remediation is applied, the issue will be dropped in the next data collection iteration, along with the alerts and notifications in the platform.

****Red Hat Insights Advisor****

Red Hat Insights is a great tool for OpenShift administrators, offering a unified solution for analyzing and remedying system security and compliance issues.

The Advisor feature streamlines issue identification with categorized recommendations and a user-friendly interface within the Red Hat Hybrid Cloud console facilitates quick response to advisories providing detailed steps for resolution.

Do you want to test out Insights Advisor in a semi-connected or even disconnected environment? There’s a procedure for that too! You can use the following instructions.

Are you worried about data privacy and contents sent to Red Hat? Anonymization and obfuscation functions are available as well as the ability to inspect Insights Operator archive before sending it to Red Hat.

Learn more about Insights, or try it out for yourself, on the Red Hat Insights page, or contact us!

Red Hat Blog: Latest News

Managed Identity and Workload Identity support in Azure Red Hat OpenShift