The primary methods for protecting Kubernetes are namespace-centric and application-centric. Namespace-centric is the recommended method because it discovers and protects all namespaces and non-namespaced (cluster-scoped) API resources/objects in the cluster, regardless of whether they are directly referenced by an application manifest.
Application-centric protection discovers and protects Pods, DaemonSets, Deployments, StatefulSets, PersistentVolumeClaims, and helm chart-deployed apps. Application-centric protection also uses intelligent inference to discover and protect related API resources/objects.
How to Determine Which Protection Method an Application Group Uses
To determine which protection method an application group uses, look in the Content section on the application group overview page.
-
From the navigation pane, go to Protect > Kubernetes.
The Applications tab appears.
-
On the Application groups tab, click the application group.
The application group overview page appears.
-
In the Content section, review the description, which describes both the protection method and the application group type:
Description
Protection method
Application group type
Unprotected Kubernetes applications
Namespace-centric
Default
The process of adding a Kubernetes cluster includes creating the first application group for the cluster. The first application group is the default application group, regardless of what the application group is named.
Full cluster (all namespaced and non-namespaced objects
Namespace-centric
Other descriptions
Application-centric