PKS can also be monitored with sinks. RFC 5424 describes log ingress over TCP and introduces the notion of a sink. These sink resources help PKS to send the logs to that destination. Logs as well as events can use a shared format. The Kubernetes API events are denoted by the string “k8s.event” and with their “APP-NAME” field. A typical Kubernetes API event includes the host ID of the BOSH VM, the namespace and the Pod-ID as well. Failure to retrieve containers from Registry is specified with an identifying string of “Error: ErrImagePull”. Malfunctioning containers are denoted with “Back-off restarting failed container” in their events. Successful scheduling of containers has “Started container” in their events.
The logs for any cluster can also be downloaded from the PKS VM using the BOSH CLI command such as “logs pks/0”
Kubernetes master node VMs also have etcd an open source distributed key value store which it uses for service discovery and configuration sharing. The etcd also has metrics which help cluster health monitoring.
Overall PKS has a multi-layer security model for VMWare Enterprise. The layers are Application layer, Container management layer, Platform layer, Infrastructure layer. IAM and monitoring span across all these layers. All aspects of AAA apply to each of these layers and is done with the help of IAM and monitoring.
The Application layer visibility is provided with the help of auditing. PKS integrates well with VMWare and leverages the monitoring of containerized applications and log events.
The Platform layer security is provided by PKS Identity and Access management which is handled primarily by a service called the User Account and Authentication.
Container management layer is secured with the help of private image registry, flexible multi-tenancy, and vulnerability scanning. PKS uses Clair an open source project to statically analyze containers while importing information about vulnerabilities from a variety of sources. Signed container images provide content trust.
Infrastructure security is provided by micro-segmentation, a unified network policy layer and operational tools including those for troubleshooting.
The logs for any cluster can also be downloaded from the PKS VM using the BOSH CLI command such as “logs pks/0”
Kubernetes master node VMs also have etcd an open source distributed key value store which it uses for service discovery and configuration sharing. The etcd also has metrics which help cluster health monitoring.
Overall PKS has a multi-layer security model for VMWare Enterprise. The layers are Application layer, Container management layer, Platform layer, Infrastructure layer. IAM and monitoring span across all these layers. All aspects of AAA apply to each of these layers and is done with the help of IAM and monitoring.
The Application layer visibility is provided with the help of auditing. PKS integrates well with VMWare and leverages the monitoring of containerized applications and log events.
The Platform layer security is provided by PKS Identity and Access management which is handled primarily by a service called the User Account and Authentication.
Container management layer is secured with the help of private image registry, flexible multi-tenancy, and vulnerability scanning. PKS uses Clair an open source project to statically analyze containers while importing information about vulnerabilities from a variety of sources. Signed container images provide content trust.
Infrastructure security is provided by micro-segmentation, a unified network policy layer and operational tools including those for troubleshooting.
No comments:
Post a Comment