This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Netwitness Platform Integration with Amazon Elastic Kubernetes Service

RachanaSR
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2024-08-07 10:43 AM

Kubernetes:

Kubernetes is an open-source system that helps us to run and management of containerized applications and workloads. It is a distributed system consisting a cluster of control plane nodes and worker nodes. The worker nodes host the Pods that are the components of the application workload. The control plane manages each node in the cluster.

 

Components of a Node:

  • kubelet: It is an agent node that runs on each node in a cluster and communicates with control plane. It runs health checks and reports them.
  • container runtime: It is a software that helps run the containers.
  • kube-proxy: It is an agent that translates service object to network rules in the nodes.

Components of Control plane:

  • kube-apiserver: It is the front-end component of control plane that exposes the Kubernetes API.
  • kube-scheduler: It watches each pod and makes sure it is assigned to a node.
  • kube-controller-manager: It is a control plane component that runs all control processes like node controller, job controller, Service Account controller and EndpointSlice controller.
  • cloud-controller-manager: This is a component that runs controller processes that are only specific to cloud provider like checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding (node controller) or setting up routes in the underlying cloud infrastructure (route controller) or creating, updating and deleting cloud provider load balancers (service controller)
  • etcd: It is a key-value data store to store all critical information throughout the cluster.

 

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on Amazon Web Services. Amazon EKS ensures every cluster has its own unique Kubernetes control plane to avoid overlaps of cluster or aws accounts. The Amazon EKS architecture can be referred here: Amazon EKS architecture - Amazon EKS

 

Amazon EKS provides built-in tools for logging. The EKS audit and diagnostic of control plane can be forwarded to Amazon CloudWatch and these logs are sent as log streams to a group for each Amazon EKS cluster in CloudWatch.

For configuring logging to CloudWatch refer: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html 

 

Netwitness Platform now has integrated the Amazon EKS control plane logs with Amazon CloudWatch plugin.

 

RachanaSR_0-1723041623045.png

 

To take advantage of this new capability within RSA NetWitness, please visit the link below and search for the terms below in RSA Live.
Configuration Guide: https://community.netwitness.com/t5/netwitness-platform-integrations/aws-cloudwatch-event-source-log-configuration-guide/ta-p/570164?attachment-id=45532 
Collector Package on RSA Live: "Log Collector configuration content for event source Amazon CloudWatch"
Parser on RSA Live: Kubernetes

© 2022 RSA Security LLC or its affiliates. All rights reserved.