• Product

      Product

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary Webinars Whitepapers Workshops Latest Blogs Documentation
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps
      Whitepaper
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
  • LOGIN
Cisco Logo Deepfactor is now part of Cisco | Learn more
Learn more
Deepfactor Logo
  • Product

      Product

      Use Cases

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary
      Webinars Whitepapers Workshops Latest Blogs Documentation
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost
      Next-Gen AppSec Series
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
LOGIN
Deepfactor's Application Security Platform will no longer be offered for sale or renewal effective September 20, 2024.

Getting Started

  • QuickStart Guide
  • Install Deepfactor CLI
  • Deepfactor Support Matrix

Tutorials

  • SBOM & SCA
    • Artifact Releases
    • Deepfactor Scanner
    • Integrate Deepfactor scanner in your CI/CD pipelines
    • Scanning container images from private registries using Deepfactor CLI
    • Scan container images in K8s cluster
      • Scanning images from private registries in K8s cluster using Deepfactor
      • Scanning container images from private registries with basic authentication support in K8s
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS Fargate
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS EC2
  • Runtime Security
    • Introduction to Deepfactor Runtime Security
    • Deepfactor CLI Reference
    • Kubernetes workload
      • Run your Kubernetes workload with Deepfactor
      • Install Deepfactor Mutating Webhook
      • Configure Deepfactor Kubernetes admission webhook
      • Install Deepfactor K8s webhook on EKS Fargate
      • Selecting the pods you want to run with Deepfactor
      • Configuring application name, component name and component version in K8s webhook
      • Install Deepfactor mutating admission webhook using Argo CD
      • Install Deepfactor portal & webhook using Argo CD and vault
      • Use image pull secret for Runtime images
    • Containers/Other orchestration platforms
      • Run your Container Images with Deepfactor
      • Run containers in ECS with Deepfactor
    • Non-containerized workloads
      • Running non-containerized applications with Deepfactor

Deepfactor Platform

  • Introduction to Deepfactor
  • Alert Policies
  • Alert States and Triaging Flows
  • Deepfactor’s Correlation Capabilities
  • Organization and Teams
  • Role Based Access Control
  • Insights Knowledge Base
    • Privilege Separation and Privilege Dropping
    • Buffer Overflow Alerts
  • Knowledge Base
    • Deepfactor scan errors
    • K8s Webhook & Runtime Troubleshooting Guide
    • Tools for viewing CycloneDX and SPDX SBOMs
    • Graceful handling of pod restarts
    • Deepfactor telemetry events
    • Deepfactor Instrumentation Warning Messages
    • Best Practices for running your applications with Deepfactor in production environments
    • Golang Specific Notes
    • How to access Deepfactor Portal in different AWS subnet types
    • How the Deepfactor Management Portal Communicates With The Outside World
    • Language Specific Agents (LSA)
    • Mixed libc environments
    • Sensitive Information and Secrets in Process Environment Remediation
    • Running HAProxy with Deepfactor
    • Augmenting Alert Evidence with Runtime Stack Traces
  • FAQs
    • General FAQs
    • Open Source Disclosure

Integrations

  • Single Sign On (SSO) for authentication to Deepfactor
  • Integrate Jira with Deepfactor
  • Integrate Slack with Deepfactor
  • Okta
  • Deepfactor HTTPS webhook

Self managed Deepfactor portal

  • Deepfactor Portal architecture & deployment options
  • Install Self managed Deepfactor portal
    • Kubernetes Cluster
      • Prerequisites for deploying Deepfactor portal in Kubernetes Cluster
      • Deploying Deepfactor Portal in your Kubernetes Cluster
      • Install Deepfactor portal using Helm
      • Customizing Deepfactor portal deployment
        • Customizing your Deepfactor Portal Deployment in K8s
        • Deploy Deepfactor Portal With Resource Limits
        • Deploying Deepfactor Portal using external IP
        • Deepfactor Portal Installation with Existing Ingress Controller
    • AWS EC2
      • Prerequisites for installing Deepfactor Portal in AWS Cloud
      • Deploying Deepfactor on AWS using CFT
      • Install AWS Certificate Manager(ACM) certificate on Deepfactor portal EC2 instance
    • VMWare vSphere
      • Deepfactor Portal Proxy Configuration for OVA deployments
      • Prerequisites for deploying Deepfactor portal in VWware vSphere
      • Deploying Deepfactor on VMware vSphere
  • Manage Deepfactor Portal
    • Using Deepfactor APIs
    • Managing Users
    • Updating your Deepfactor Portal
    • Updating Deepfactor portal certificate
  • Deepfactor Portal Certificate
    • Generate certificate using cert-manager for Deepfactor portal
    • Create self-signed certificate for Deepfactor Portal on your K8s cluster
    • Create AWS Private CA Certificate for Deepfactor Portal on your K8s cluster
    • Create Let’s Encrypt certificate for Deepfactor Portal on your K8s cluster

Release Notes

  • Deepfactor Release Notes
  • Home
  • Docs
  • Tutorials
  • Runtime Security
  • Kubernetes workload

Configuring application name, component name and component version in K8s webhook

Deepfactor enable users to instrument their Kubernetes workload without the need to change their kubernetes pod/deployment yaml files. You can read more about how to enable the webhook for your K8s cluster in the article below.

Run your Kubernetes workload with Deepfactor

Users can also select the pods that should be run with Deepfactor enabled by using the fine grained options provided in the webhook config. You can read more about how to select the pods for Deepfactor instrumentation in the article below.

Selecting the pods you want to run with Deepfactor

 

Grouping pods into an application #

Different enterprises deploy and run their application pods differently in their kubernetes clusters.

A few common scenarios are

  1. All pods belonging to an application are deployed exclusively in a single namespace
  2. Pods belonging to an application are spread across multiple namespaces but have the same label value (ex. app=myapp)
  3. Same pods are running in multiple clusters but you would like to view the findings per cluster

Deepfactor mutating admission webhook provides the Application Name config option to support the various use cases. Deepfactor Config options can be set at cluster level and also overriden per namespace if you would like to customize the behavior of Deepfactor in particular namespaces.

This option can be set to a literal string or a templatized string which takes the following variables

  • clusterName
  • namespace
  • podName
  • labels.x (the value of the label ‘x’ in the podspec)

With this capability, users can pick the pods that should be grouped into a single application. A few common examples are covered in the table below.

Option value Description When to use
%podName%
(Default)
Every pod will be shown as a separate application. All pods running with the same podName in all namespaces within the cluster will be mapped to the same application. You can filter based on the namespace on the Deepfactor portal UI.
Example: If a pod with the name ‘user-service’ is running in two namespaces ‘dev’ and ‘staging’, a single application named ‘user-service’ will be shown in the UI and namespace filter dropdown will have the options ‘dev’ and ‘staging’
– You have a monolith running as a pod OR you want to view individual microservices as separate applications on the Deepfactor portal UI.

– You are running the same pod in multiple namespaces but want to view the insights from the pod in all namespaces in a single application

%namespace% All containers running with Deepfactor in pods within the namespace will be grouped into a single application with the namespace being the name of the application

Example: If you have two namespaces, ‘publicapp’ and ‘privatetool’ running 15 and 10 containers respectively, you will see two applications ‘publicapp’ and ‘privatetool’ on the Deepfactor portal UI with 15 and 10 components respectively

– You run all pods related to a single application in an exclusive namespace.

– You have less than 20 pod containers in your namespaces

We do not recommend using this mode for namespaces that have pods from different applications or for namespaces that have more than 20 containers. 

%clusterName%-%podName% Every pod running in every cluster will be shown as a separate application.

Example: If pod with name ‘user-service’ is running in two different clusters ‘dev’ and ‘staging’, two applications named ‘dev-user-service’ and ‘staging-user-service’ will be shown in the UI

– You are running the same pod in multiple clusters but would like to view their insights separately.
%podName%-%namespace% Every pod running in every namespace will be shown as a separate application.

Example: If pod with name ‘user-service’ is running in two namespaces ‘dev’ and ‘staging’, two applications named ‘user-service-dev’ and ‘user-service-staging’ will be shown in the UI

– You have a monolith running as a pod OR you want to view individual microservices as separate applications on the Deepfactor portal UI.

– You are running the same pod in multiple namespaces and want to view the insights for the pod running in each namespace in a separate application

%labels.x% All pods that have the same value for label ‘x’ in the podspec will be grouped into a single application.

Example: If 5 pods have the label ‘app=user-service’ in two namespaces ‘dev’ and ‘staging’ and the appName option is set to %labels.app%, then all of these pods will be grouped into an application called ‘user-service’ and namespace filter dropdown will have the options ‘dev’ and ‘staging’

– You add a specific label to all the pods that belong to a single application.

– You want to see the insights of such pods running across different namespaces in a single application.

%labels.x%-%namespace% All pods that have the same value for label ‘x’ in the podspec will be grouped into a single application per namespace.

Example: If 5 pods have the label ‘app=user-service’ in two namespaces ‘dev’ and ‘staging’ and the appName option is set to %labels.app%, then you will see two applications on the UI: ‘user-service-dev’ and ‘user-service-staging’

– You add a specific label to all the pods that belong to a single application.

– You want to see the insights of such pods running across different namespaces as different applications on the Deepfactor portal UI

Note: You can use a combination of string literals and variables. Example: myapp-%labels.x%-%namespace%

 

Composing component names for containers #

The previous section described the ways to group pods into an application for the different use cases. This section will describe how you can specify the name for the containers running within the pods.

Every container that is included for instrumentation by Deepfactor is treated as a separate component within the application. Users have the flexibility to name the components using the Component Name option in the webhook config.

 

Similar to Application Name option, Component Name option can be set to a literal string or a templatized string which takes the following variables

  • namespace
  • podName
  • containerName
  • containerImagePath
  • containerImageTag
  • labels.x (the value of the label ‘x’ in the podspec)

Note: If you are running multi container pods, then providing at least one of the following three variables in the component name option is mandatory to ensure different containers don’t get assigned the same name.

  • containerName
  • containerImagePath
  • containerImageTag

With this capability, users can pick the names of their choice for the containers running with Deepfactor. A few common examples are covered in the table below.

Option value Description When to use
%containerName%
(Default)
The name specified for the container in the podspec will be used for the component name.
Example: If a pod has two containers with the names ‘user-service’ and ‘logger’, two components with the same names will be shown on the UI
You want to see the container name as the name of the component
%containerImagePath% The container image path will be used for the component name

Example: If a pod has two containers with the container image paths as ‘internal.deepfactor.acme.org/user-service:v1.0.0’ and ‘internal.deepfactor.acme.org/transaction-service:v1.0.1’, then two components with the same name will be shown on the UI.

You want to see the container image path as the component name
%namespace%-%podName%-%containerName% A concatenated string of namespace, podName and containerName will be used as component name.

Example: If a pod has the name ‘user-service’, is running in the ‘dev’ namespace and has two containers with names, ‘springapp’ and ‘logger’, two components with the names, ‘dev-user-service-springapp’ and ‘dev-user-service-logger’ will be shown on the UI

You would like to see the namespace and pod name along with container name in the component name

Note: You can use a combination of string literals and variables. Example: component-%namespace%-%podName%-%containerName%

Assigning component version #

This section will describe the Component Version option which can be used to specify the version of the component for every container.

Similar to application name and component name options, component version option can be set to a literal string or a templatized string which takes the following variables

  • imageTag

By default, %imageTag% is used for the component version and you can view the image tags in the version filter dropdown on the UI.

Example: Consider the following deployment yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
  labels:
    app: demo-app
spec:
  selector:
    matchLabels:
      app: nginx-server
  template:
    metadata:
      labels:
        app: nginx-server
        logging: info
    spec:
      containers:
      - name: nginx-container
        ports: 
        - containerPort: 4000
          image: nginx:1.23.0

Webhook options and the output values are shown below:

Option Option value Output
Application Name “app-%labels.app%” app-nginx-server
Component Name “comp-%containerName%” comp-nginx-container
Component Version “%imageTag% 1.23.0

 

Was this article helpful?
Still stuck? How can we help?

How can we help?

Updated on December 20, 2023
Selecting the pods you want to run with DeepfactorInstall Deepfactor mutating admission webhook using Argo CD

Powered by BetterDocs

Table of Contents
  • Grouping pods into an application
  • Composing component names for containers
  • Assigning component version
Deepfactor Icon

Deepfactor is a next-gen application security platform, using static container scan data + runtime analysis to prioritize vulnerabilities to those representing true risk to a business—based on reachability, runtime usage, deployment context, and exploit maturity.

Product Pricing Resources Company Documentation Login

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up
LinkedIn Icon YouTube Icon GitHub Icon Twitter Icon

© 2025 Deepfactor, Inc. All Rights Reserved.

Privacy Statement | Terms of Service | Open Source Disclosure