Kubernetes Cluster Attributes

We added the collection of Kubernetes cluster attributes starting in Container Security version 1.10. You can search the Kubernetes cluster attributes collected by the sensor using search tokens starting with cluster.k8s when searching containers (under Assets > Containers) or sensors (under Configurations > Sensors). Kubernetes cluster attributes include node details, pod details, controller details and more. Use Container Security APIs to see the Kubernetes cluster attributes collected for your containers and sensors.

Important - Kubernetes attributes will only be processed for containers discovered after the version 1.10 release. Kubernetes attributes are collected as part of container inspect processing when containers are discovered for the first time. To fetch Kubernetes cluster attributes for an existing deployment in Kubernetes, you will have to "rollout restart" the existing deployment, which will create new containers and this will start the container inspect processing. Kubernetes attributes will get collected for the newly created containers on Kubernetes clusters.

Use the following command for the "rollout restart":

kubectl rollout restart deployment <deployment-name> -n <namespace>

What are the Kubernetes cluster attributes?

- Cluster type (Kubernetes)

- Cluster version

- Project name (collected for projects in Google Cloud Platform)

- Node name and flag indicating whether the node is the master node

- Pod name

- Pod UUID

- Pod namespace

- Pod labels (key and value pairs)

- Controller name

- Controller UUID

- Controller type (e.g. DaemonSet, Deployment, ReplicaSet, etc)