Kubernetes-gke

Overview

Visualize and monitor Kubernetes resources within Google Kubernetes Engine (GKE), such as deployments, pods, services, storage, and configmaps. Gain insights into cluster performance, workload efficiency, and resource utilization, while ensuring governance and visibility across Kubernetes environments. The blueprint helps identify potential risks, improve configurations, streamline workflows, enable real-time monitoring, and integrate with other tools for enhanced orchestration and operational efficiency.

Configurations

Configuration
Description

Blueprint Account Name

A human-readable name for your account that will be used to identify this account across the application.

Project ID

GCP Project ID that contains the Kubernetes cluster.

Private Key

GCP Private Key with access to the Kubernetes Cluster.

ClientEmail

Client email associated with the service account.

Region

The GCP region where your Kubernetes cluster is hosted.

Cluster Name

The name of your Kubernetes cluster to be monitored.

Enable CISKubernetes Benchmark

Enable this to run automated checks against the CIS Kubernetes Benchmark for security best practices.

Data Crawl Frequency

The frequency at which Kaleidoscope should scan the cluster for resources (like pods, services, etc.).

Event Crawl Frequency

The frequency at which Kaleidoscope will crawl the account to monitor the cluster for events (like deployments, scaling, etc.).

Permissions

Kubernetes Resources

  • read:namespaces

  • read:services

  • read:serviceaccounts

  • read:pods

  • read:replicasets

  • read:deployments

  • read:daemonsets

  • read:configmaps

  • read:nodes

  • read:persistentvolumes

Kubernetes RBAC

  • read:clusterroles

  • read:clusterrolebindings

  • read:clusterroles

KubeBench

  • read:namespaces

  • read:services

  • read:serviceaccounts

  • read:pods

  • read:replicasets

  • read:deployments

  • read:daemonsets

  • read:configmaps

  • read:nodes

  • read:persistentvolumes

For more details on the Kubernetes permissions, you can refer to the following documentation:Using RBAC Authorization

Schema Model

Resources
Source Entity
Normalized Entity
Description

kubernetes.cluster

kubernetes.cluster

Cluster

Represents the overall Kubernetes cluster.

kubernetes.cluster.Cluster

kubernetes.cluster

Cluster

Represents specific cluster information.

kubernetes.cluster.ConfigMap

kubernetes.cluster

ConfigMap

Stores configuration data in key-value pairs.

kubernetes.cluster.Container

kubernetes.cluster

Container

Represents a running container in a Kubernetes pod.

kubernetes.cluster.DaemonSet

kubernetes.cluster

DaemonSet

Ensures a copy of a pod runs on all or some nodes.

kubernetes.cluster.Deployment

kubernetes.cluster

Deployment

Manages the deployment of replicas and rollout updates.

kubernetes.cluster.Namespace

kubernetes.cluster

Namespace

Provides a mechanism for isolating groups of resources.

kubernetes.cluster.Node

kubernetes.cluster

Node

Represents a worker machine in Kubernetes.

kubernetes.cluster.PersistentVolume

kubernetes.cluster

PersistentVolume

Represents a piece of storage in the cluster.

kubernetes.cluster.PersistentVolumeClaim

kubernetes.cluster

PersistentVolumeClaim

Represents a request for storage by a user.

kubernetes.cluster.Pod

kubernetes.cluster

Pod

The smallest deployable unit of computing in Kubernetes.

kubernetes.cluster.ReplicaSet

kubernetes.cluster

ReplicaSet

Ensures a specified number of pod replicas are running.

kubernetes.cluster.Service

kubernetes.cluster

Service

Exposes a set of pods as a network service.

kubernetes.cluster.ServiceAccount

kubernetes.cluster

ServiceAccount

Provides an identity for processes running in a pod.

kubernetes.kubebench

kubernetes.kubebench

KubeBench

Represents the Kube-bench tool for security benchmarking.

kubernetes.kubebench.Output

kubernetes.kubebench

Output

Stores the output results of the Kube-bench scans.

kubernetes.kubebench.Controls

kubernetes.kubebench

Controls

Represents control checks performed by Kube-bench.

kubernetes.kubebench.Group

kubernetes.kubebench

Group

Groups related checks in Kube-bench.

kubernetes.kubebench.Check

kubernetes.kubebench

Check

Represents individual security checks performed by Kube-bench.

Events

Event
Description

DNSRecordProvisioningSucceeded

Indicates successful provisioning of a DNS record.

Unhealthy

Indicates that a component is unhealthy.

Scheduled

A pod has been scheduled to a node.

Created

A new resource has been created.

Killing

A pod is being terminated.

Pulled

A container image has been successfully pulled.

Pulling

A container image is being pulled.

SuccessfulCreate

Indicates the successful creation of a resource.

Started

A container or pod has started running.

FailedMount

Indicates a failure in mounting a volume to a pod.

SuccessfulDelete

Indicates the successful deletion of a resource.

ScalingReplicaSet

A replica set is scaling up or down.

NetworkNotReady

Indicates that the network is not ready.

NodeNotReady

A node is marked as not ready.

NodeNotSchedulable

A node is marked as unschedulable.

NodeHasSufficientPID

A node has sufficient PIDs available.

ImageStreaming

Indicates that a container image is being streamed.

RemovingNode

A node is being removed from the cluster.

DeletingNode

A node is being deleted.

NodeAllocatableEnforced

Node allocatable resources have been enforced.

NodeHasSufficientMemory

A node has sufficient memory available.

NodeHasNoDiskPressure

A node has no disk pressure issues.

NodeReady

A node is marked as ready.

EvictionThresholdMet

An eviction threshold has been reached.

FailedGetResourceMetric

A failure occurred while retrieving resource metrics.

RegisteredNode

A node has been successfully registered.

Synced

Resources have been synchronized successfully.

NodeRegistrationCheckerStart

The node registration checker has started.

Completed

Indicates successful completion of an operation.

ADD

An addition event occurred.

NodeRegistrationCheckerDidNotRunChecks

Node registration checks did not run.

NodeSysctlChange

Indicates a change in sysctl configuration on a node.

LeaderElection

An event related to Kubernetes leader election.

FailedCreatePodSandBox

Failure in creating a pod sandbox.

FailedCreate

Indicates a failure in creating a resource.

Starting

Indicates that a process is starting.

InvalidDiskCapacity

Indicates invalid disk capacity settings.

NodeHasInsufficientMemory

A node has insufficient memory available.

FailedDaemonPod

A failure occurred while running a DaemonSet pod.

Evicted

A pod has been evicted.

PreviousCheckmarxNextSBOM

Last updated

Was this helpful?