Skip to content

📚 v13 Documentation improvements #1420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
slntopp merged 1 commit into from
Mar 13, 2026
Merged

📚 v13 Documentation improvements #1420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 22 additions & 14 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ Install the operator in a central management cluster and scan remote clusters vi
│ └──────────┬──────────────────┘ │
└─────────────┼───────────────────────┘
│ kubeconfig / WIF / SPIFFE
│ kubeconfig / WIF* / SPIFFE*
┌─────────┴─────────┬─────────────────┐
▼ ▼ ▼
Expand All @@ -84,13 +84,15 @@ Install the operator in a central management cluster and scan remote clusters vi
└─────────┘ └─────────┘ └─────────┘
```

_*WIF and SPIFFE authentication are experimental features._

**Use when:** You want centralized scanning, cannot install operators in target clusters, or want to reduce operational overhead.

**Authentication methods:**

- **Kubeconfig**: Use a kubeconfig file stored in a Secret
- **Workload Identity (WIF)**: Native cloud provider authentication for GKE, EKS, AKS
- **SPIFFE**: Use SPIFFE/SPIRE for cross-cluster authentication
- **Workload Identity (WIF)** _(Experimental)_: Native cloud provider authentication for GKE, EKS, AKS
- **SPIFFE** _(Experimental)_: Use SPIFFE/SPIRE for cross-cluster authentication

```yaml
# External cluster scanning with kubeconfig
Expand Down Expand Up @@ -130,17 +132,23 @@ spec:

## Features

| Feature | Self-Cluster | External Cluster |
| ------------------------------- | :----------: | :--------------: |
| Kubernetes Resources Scanning | ✅ | ✅ |
| Node Scanning | ✅ | ❌ |
| Container Image Scanning | ✅ | ✅ |
| Namespace Filtering | ✅ | ✅ |
| Kubeconfig Auth | - | ✅ |
| Workload Identity (GKE/EKS/AKS) | - | ✅ |
| SPIFFE Auth | - | ✅ |

![Architecture](docs/img/architecture.svg)
| Feature | Self-Cluster | External Cluster |
| -------------------------------- | :----------: | :---------------------: |
| Kubernetes Resources Scanning | ✅ | ✅ |
| Node Scanning | ✅ | ❌ |
| Container Image Scanning | ✅ | ✅ |
| Namespace Filtering | ✅ | ✅ |
| Kubeconfig Auth | - | ✅ |
| Workload Identity (GKE/EKS/AKS) | - | ✅ ⚠️ Experimental |
| SPIFFE Auth | - | ✅ ⚠️ Experimental |

Comment thread
mondoo-code-review[bot] marked this conversation as resolved.
### Self-Cluster Scanning Architecture

![Self-Cluster Scanning](docs/img/architecture-self-cluster.svg)

### External Cluster Scanning Architecture

![External Cluster Scanning](docs/img/architecture-external-cluster.svg)

## Getting Started
Comment thread
mondoo-code-review[bot] marked this conversation as resolved.

Expand Down
3 changes: 3 additions & 0 deletions docs/img/architecture-external-cluster.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
3 changes: 3 additions & 0 deletions docs/img/architecture-self-cluster.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Loading