The Kubernetes dossier displays information about Kubernetes Pods/containers and clusters.
To navigate to the Kubernetes Workload dossier in the Lacework Console, click Workload > Kubernetes. See Workload Dossier Navigation and Filters for information about filtering dossier data.
To populate the data available in this dossier, you must install both parts of the Lacework agent:
- A YAML file with configuration information is installed on the cluster
- An agent that transmits information to Lacework is installed on each node in the cluster
By default this dossier displays all Kubernetes clusters and all Pod namespaces for the current day, beginning at midnight. Use the drop-downs in the top center of the page to filter data for specific clusters or Pod namespaces.
These charts aggregate data for all running Kubernetes clusters where Lacework agents are installed. Available charts present cluster, node, and Pod information, CPU and memory usage, etc.
The timeline displays events that match the date/time filter and any specified optional parameter filters set at the top of the page.
Polygraphs display network connections. Available Polygraphs include Pod Communication, Node Communication, and Kubernetes Launch Graph.
List of Kubernetes Clusters, List of Namespaces, and List of Pods
These tables display information for clusters, namespaces, and Pods.
Pod External Connections
This table displays network traffic to external sources, such as external repositories, GKE/EKS control planes, and similar sources.
This table displays process, port, and network information at the Pod level.
This table displays processes, ports, etc. running on the base host, as well as Pods running on that host.
List of Active Containers and Container Image Information
These tables display all containers running in all Kubernetes clusters, container image information, and any vulnerabilities found in them. Container information includes the container type, the host where it is located, associated tags, hash, etc. Image information includes size, number of such containers, creation time, etc.
To view additional details about the compliance status for a container or image, hover over a row until View Report displays and click View Report. Click an entry link in any table to open a new view with details about that entry. For example, click a hostname to display additional information about that machine.
If your environment does not have any running containers, these tables do not display any data.
A Kubernetes Pod is the smallest deployed unit in the Kubernetes object model. A Pod represents a single instance of an application in Kubernetes, which might consist of either a single container or a small number of containers that are tightly coupled and share resources.
Kubernetes Cluster Name
A Kubernetes cluster name may not always display in the List of Active Containers. For more information about how Lacework collects the cluster name from tags, see the Derive the Kubernetes Cluster Name section in Deploy on Kubernetes.