Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubernetes extension - the initial shape #1131

Open
PavelJurka opened this issue Jul 1, 2024 · 0 comments
Open

Kubernetes extension - the initial shape #1131

PavelJurka opened this issue Jul 1, 2024 · 0 comments

Comments

@PavelJurka
Copy link
Contributor

PavelJurka commented Jul 1, 2024

This issue is about to extend OCSF schema by Kubernetes mapping. The extension should be provided as a separated extension like the current Windows and Linux.

After data analyses the topology copies K8s API - the objects are split by type (workload, cluster resources etc.) with common shared object. Each objects leads to asset and usage is via discovery classes. The hierarchy is defined as bottom-up.

The basic elements defined by this issue:

  • Cluster - the root element object k8s_cluster - used by **K8s Cluster Inventory Info **
  • Workload - object of type k8s_workload - used by - K8s Workload Inventory Info
  • Cluster resource - k8s_cluster_resource used by K8s Cluster resource Inventory Info
  • Container - k8s_container used by K8s Container Inventory Info

Common structure:

Inventory classes

  • extension of discovery

K8s elements

  • basic fields + common shared objects like **k8s_metada, status, annotations ect... **
  • enumeration defines a type of it

Cluster Overview:
image

Discovery Overview:

image

Workload Overview:
image

Cluster resource:
image

Container overview:
image

This was referenced Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant