This topic explains how to quickly get started with Cisco Panoptica. It is intended for users who are evaluating it.

Getting started with Panoptica on a Kubernetes cluster involves these steps, discussed in the following sections:

• Create a Panoptica account
• Deploy the Panoptica admission controller on your cluster
• Create a Panoptica Environment for the cluster
• Create a Panoptica runtime policy for the environment/cluster
• Visualize activity on your cluster in Panoptica

Prerequisites for the cluster

• Kubernetes 1.22 or later
• Cluster should have at least three nodes
• K8s CLI should be installed on the machine or VM from which the deployment is run, with connectivity to the cluster (to run kubectl commands)
• DNS resolution and external access to these domains, on port 443:
  • Panoptica platform: appsecurity.cisco.com (34.74.85.197)
  • GCP Container Registry (if not using internal registry): gcr.io/eticloud/k8sec
  • Grype database: toolbox-data.anchore.io

Panoptica without Istio

• 5GB memory, 1.2 vCPU cores (total, for all nodes together)

Panoptica including Istio control plane

• 13.5 GB memory, 7 vCPU cores (total, for all nodes together)

Panoptica including Istio control plane and API tracing

• 15 GB memory, 10 vCPU cores (total, for all nodes together)

Create your Panoptica account

If you haven't registered with Cisco Panoptica yet, you first need to create an account at panoptica.app.
Click Login, then Sign Up, and choose how you wish to authenticate.

Deploy Panoptica on your cluster

You first define your Kubernetes cluster in Panoptica, then deploy the Panoptica admission controller on the cluster. With the controller deployed, you gain visibility about the workloads running on the cluster, and can create and apply Panoptica runtime policies to manage activity and communications on the cluster.

Create a cluster on Panoptica

1. Navigate to the Deployments page, and select the CLUSTER CONTROLLERS tab.

2. Click Connect Cluster.

3. Enter a name for the cluster (as it will appear in Panoptica).
4. Leave the option switches unchanged.
5. Click FINISH. The new cluster will appear in the list of clusters.

For more details about creating clusters, see Deploy Panoptica on a Kubernetes Cluster.

Deploy the Panoptica admission controller

1. Hover over the cluster in the list, and click on the download symbol, to download the installation script.

2. Follow the onscreen instructions to deploy the controller on your cluster.

📘

Note

Run the commands from the VM on which kubectl is installed. The station must have connectivity to Panoptica as well (IP 34.74.85.197:443).

Once the controller is deployed, it will appear on the CLUSTER CONTROLLERS tab of the Deployments page as 'Active'.

Create an Environment on Panoptica

The next step is to define a Panoptica Environment for the cluster. You can apply Panoptica runtime policies on environments (but not not clusters). You can also visualize activities on environments.

1. Navigate to the Deployments page, and select the ENVIRONMENTS tab.
2. Click New Environment.

3. Enter a name for the environment.
4. Click NEXT.
5. Select Kubernetes Settings, from the Kubernetes Infrastructure list.
6. Select the new cluster created above from the Cluster list.

7. Select one of the namespaces.
8. Click FINISH.

The new environment will appear in the list on the ENVIRONMENTS tab.

*For more details about creating an environment, see Panoptica Environments .

Create a Panoptica Runtime Policy

The next step is to define a Panoptica runtime policy for your environment. Runtime policies govern workload activities in your Cisco Panoptica environments, as well as communication between workloads. Panoptica has several types of runtime policies, which you can use to control workloads in your environments. You can learn more at Runtime Policies.

For our Quick Start, we’ll define one simple rule to detect any pod with critical vulnerability severity in all environments.

1. Navigate to the Policies page, and select the DEPLOYMENT RULES tab.
2. Click New Deployment Rule.

3. In STEP 1, give your rule a logical name, and decide what Action it should take.
4. Click NEXT
5. In STEP 2, select which workloads will be affected by the rule, and choose your filter(s).

6. Click NEXT
7. In STEP 3, select the target of your rule

8. Click FINISH

Once your rule is defined, it will appear on the DEPLOYMENT RULES tab of the Policies page.

Visualize activity on your cluster

Once you have created the environment, and defined a rule, you can view runtime activity on your cluster on the Runtime page of the Panoptica console. You will find there the following views:

View Workloads

The Workloads view shows the workloads detected on your environments. It shows whether the workload is active (Status) and whether it is in a namespace with a Panoptica controller deployed in it (Protected).

For more details about this view, see Visualize Workloads.

View Connections

The Connections view shows connections between the workloads running in your environments. It shows source and destination workloads, and the connection status (for example, if the connection was blocked by a runtime policy).

For more details about this view, see Visualize Workloads.

View Namespaces

The Namespaces view shows the namespaces on your cluster on which the Panoptica controller has been deployed. For each, it shows the workloads that are active, and the number of Kubernetes pods.

For more details about this view, see Visualize Workloads.

Navigator

The Navigator is a graphical view of your workloads. You can see the environments, the workloads running on them, and the connections between them.

You can expand the view for an environment, to see the workloads on it, and see details.

For more details about the map, see Visualize Workloads.