search
    search
      7 Aug, 2024

      Kubernetes:

      Kubernetes is an open-source system that helps us to run and management of containerized applications and workloads. It is a distributed system consisting a cluster of control plane nodes and worker nodes. The worker nodes host the Pods that are the components of the application workload. The control plane manages each node in the cluster.

      Components of a Node:

      • kubelet: It is an agent node that runs on each node in a cluster and communicates with control plane. It runs health checks and reports them.
      • container runtime: It is a software that helps run the containers.
      • kube-proxy: It is an agent that translates service object to network rules in the nodes.

      Components of Control plane:

      • kube-apiserver: It is the front-end component of control plane that exposes the Kubernetes API.
      • kube-scheduler: It watches each pod and makes sure it is assigned to a node.
      • kube-controller-manager: It is a control plane component that runs all control processes like node controller, job controller, Service Account controller and EndpointSlice controller.
      • cloud-controller-manager: This is a component that runs controller processes that are only specific to cloud provider like checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding (node controller) or setting up routes in the underlying cloud infrastructure (route controller) or creating, updating and deleting cloud provider load balancers (service controller)
      • etcd: It is a key-value data store to store all critical information throughout the cluster.

      Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for you to run Kubernetes on Amazon Web Services. Amazon EKS ensures every cluster has its own unique Kubernetes control plane to avoid overlaps of cluster or aws accounts. The Amazon EKS architecture can be referred here: Amazon EKS architecture - Amazon EKS

      Amazon EKS provides built-in tools for logging. The EKS audit and diagnostic of control plane can be forwarded to Amazon CloudWatch and these logs are sent as log streams to a group for each Amazon EKS cluster in CloudWatch.

      For configuring logging to CloudWatch refer: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html 

      Netwitness Platform now has integrated the Amazon EKS control plane logs with Amazon CloudWatch plugin.

      RachanaSR_0-1723041623045.png

      To take advantage of this new capability within RSA NetWitness, please visit the link below and search for the terms below in RSA Live.
      Configuration Guide: https://community.netwitness.com/s/article/AWSCloudWatchEventSourceLogConfigurationGuide 
      Collector Package on RSA Live: "Log Collector configuration content for event source Amazon CloudWatch"
      Parser on RSA Live: Kubernetes
      Topic:
      0 Comment
        CATEGORIES
        RECENT POST
        Amazon Cloudwatch Event Source Log Configuration Guide
        3 Dec, 2025
        F5 Source Code Breach: Hunting UNC5221's BRICKSTORM with NetWitness
        31 Oct, 2025
        MSAzureGraph Universal Plugin for Microsoft Graph API
        17 Oct, 2025