Kubernetes Cluster Attributes in API Output

We added the collection of Kubernetes cluster attributes starting in Container Security version 1.10 and made this information searchable in the UI. Kubernetes cluster attributes include node details, pod details, controller details, and more. Use Container Security APIs to see Kubernetes cluster attributes collected for containers and sensors.

Kubernetes attributes will only be processed for containers discovered after the version 1.10 release. Kubernetes attributes are collected as part of container inspect processing when containers are discovered for the first time. To fetch Kubernetes cluster attributes for an existing deployment in Kubernetes, you will have to "rollout restart" the existing deployment, which will create new containers and this will start the container inspect processing. Kubernetes attributes will get collected for the newly created containers on Kubernetes clusters.

Use the following command for the "rollout restart":
kubectl rollout restart deployment <deployment-name> -n <namespace>

API output

Kubernetes cluster attributes appear in the API output for these Container Security APIs

Fetch Container Details | Fetch a Detailed Containers List | Fetch Sensor Details

You’ll see these attributes in the API output, when available:

• Cluster type (Kubernetes)
• Cluster version
• Project name (collected for projects in Google Cloud Platform)
• Node name and flag indicating whether the node is the master node
• Pod name
• Pod UUID
• Pod namespace
• Pod labels (key and value pairs)
• Controller name
• Controller UUID
• Controller type (e.g. DaemonSet, Deployment, ReplicaSet, etc)