Namespace-Centric and Application-Centric Protection for Kubernetes

The primary methods for protecting Kubernetes are namespace-centric and application-centric. Namespace-centric is the recommended method because it discovers and protects all namespaces and non-namespaced (cluster-scoped) API resources/objects in the cluster, regardless of whether they are directly referenced by an application manifest.

Application-centric protection discovers and protects Pods, DaemonSets, Deployments, StatefulSets, PersistentVolumeClaims, and helm chart-deployed apps. Application-centric protection also uses intelligent inference to discover and protect related API resources/objects.

How to Determine Which Protection Method an Application Group Uses

To determine which protection method an application group uses, look in the Content section on the application group overview page.

  1. From the navigation pane, go to Protect > Kubernetes.

    The Applications tab appears.

  2. On the Application groups tab, click the application group.

    The application group overview page appears.

  3. In the Content section, review the description, which describes both the protection method and the application group type:


    Protection method

    Application group type

    Unprotected Kubernetes applications



    The process of adding a Kubernetes cluster includes creating the first application group for the cluster. The first application group is the default application group, regardless of what the application group is named.

    Full cluster (all namespaced and non-namespaced objects


    Full cluster

    Other descriptions