Kubernetes

Overview

Visualize and analyze Kubernetes resources, including pods, nodes, namespaces, and deployments. Monitor cluster health, track resource utilization, and ensure governance across Kubernetes environments. Detect vulnerabilities, optimize resource allocation, and ensure compliance with organizational policies and best practices for secure and efficient cluster management.

Configurations

Configuration
Description

Blueprint Account Name

A human-readable name for your account that will be used to identify this account across the application.

Access Key

AWS IAM Access Key with permissions to access the Kubernetes cluster.

Secret Key

AWS IAM Secret Key corresponding to the above Access Key.

Role

The IAM Role ARN to assume for accessing the Kubernetes cluster. This is optional if the Access Key has direct access.

Region

The AWS region where your Kubernetes (EKS) cluster is hosted.

Cluster Name

The name of your Kubernetes cluster to be monitored.

Enable CISKubernetes Benchmark

Enable this to run automated checks against the CIS Kubernetes Benchmark for security best practices.

Enable Vulnerability Scan

Enable this to perform vulnerability scanning for vulnerabilities in Kubernetes environment.

Data Crawl Frequency

The frequency at which Kaleidoscope should scan the cluster for resources (like pods, services, etc.).

Event Crawl Frequency

The frequency at which Kaleidoscope will crawl the account to monitor the cluster for events (like deployments, scaling, etc.).

Permissions

Kubernetes Resources

  • read:namespaces

  • read:services

  • read:serviceaccounts

  • read:pods

  • read:replicasets

  • read:deployments

  • read:daemonsets

  • read:configmaps

  • read:nodes

  • read:persistentvolumes

Kubernetes RBAC

  • read:clusterroles

  • read:clusterrolebindings

  • read:clusterroles

KubeBench

  • read:namespaces

  • read:services

  • read:serviceaccounts

  • read:pods

  • read:replicasets

  • read:deployments

  • read:daemonsets

  • read:configmaps

  • read:nodes

  • read:persistentvolumes

For more details on the Kubernetes permissions, you can refer to the following documentation:Using RBAC Authorization

Schema Model

Resources
Source Entity
Normalized Entity
Description

Kubernetes Cluster

kubernetes.cluster

Cluster

A Kubernetes cluster entity.

Kubernetes Cluster Details

kubernetes.cluster.Cluster

ClusterDetails

Detailed information about a cluster.

Kubernetes ConfigMap

kubernetes.cluster.ConfigMap

ConfigMap

A Kubernetes ConfigMap resource.

Kubernetes Container

kubernetes.cluster.Container

Container

A container running in Kubernetes.

Kubernetes DaemonSet

kubernetes.cluster.DaemonSet

DaemonSet

A DaemonSet resource in Kubernetes.

Kubernetes Deployment

kubernetes.cluster.Deployment

Deployment

A Deployment resource in Kubernetes.

Kubernetes Namespace

kubernetes.cluster.Namespace

Namespace

A namespace within a Kubernetes cluster.

Kubernetes Node

kubernetes.cluster.Node

Node

A node within the Kubernetes cluster.

Kubernetes PersistentVolume

kubernetes.cluster.PersistentVolume

PersistentVolume

A persistent volume resource.

Kubernetes PersistentVolumeClaim

kubernetes.cluster.PersistentVolumeClaim

PersistentVolumeClaim

A claim for a persistent volume.

Kubernetes Pod

kubernetes.cluster.Pod

Pod

A pod running in Kubernetes.

Kubernetes ReplicaSet

kubernetes.cluster.ReplicaSet

ReplicaSet

A ReplicaSet resource in Kubernetes.

Kubernetes Service

kubernetes.cluster.Service

Service

A service in Kubernetes.

Kubernetes ServiceAccount

kubernetes.cluster.ServiceAccount

ServiceAccount

A service account in Kubernetes.

Kubernetes KubeBench

kubernetes.kubebench

KubeBench

Security benchmarking output.

Kubernetes KubeBench Output

kubernetes.kubebench.Output

KubeBenchOutput

Output from the kube-bench tool.

Kubernetes KubeBench Controls

kubernetes.kubebench.Controls

KubeBenchControls

Security controls from kube-bench.

Kubernetes KubeBench Group

kubernetes.kubebench.Group

KubeBenchGroup

A group of related kube-bench checks.

Kubernetes KubeBench Check

kubernetes.kubebench.Check

KubeBenchCheck

An individual check result.

Kubernetes Scan Document

kubernetes.ScanDocument

ScanDocument

A scan document for a cluster.

Kubernetes Image Scan

kubernetes.ImageScan

ImageScan

Results of an image scan.

Kubernetes Resource Scan

kubernetes.ResourceScan

ResourceScan

Scan results for a specific resource.

Kubernetes Control

kubernetes.Control

Control

A security control in the scan results.

Kubernetes Rule

kubernetes.Rule

Rule

A specific rule for compliance or security.

Kubernetes Vulnerable Package

kubernetes.VulnerablePackage

VulnerablePackage

A package identified as vulnerable.

Kubernetes Vulnerability

kubernetes.Vulnerability

Vulnerability

A vulnerability identified in the scan.

Events

Event
Description

FailedScheduling

Indicates a pod could not be scheduled due to insufficient resources or constraints.

SuccessfulCreate

Indicates a resource, such as a pod or deployment, was successfully created.

RegisteredNode

Signals that a new node has been added and registered with the cluster.

LeaderElection

Denotes that a component has successfully assumed the role of the leader in a high-availability setup.

PreviousGithubNextOkta

Last updated

Was this helpful?