Skip to content

Commit

Permalink
Add OpenTelemetry Reference in README
Browse files Browse the repository at this point in the history
  • Loading branch information
@daemon1024
daemon1024 authored Oct 18, 2023
1 parent 34b9f3b commit 72156a8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ KubeArmor emits following types of events:

There are two approaches that one can take to stream the kubearmor events.
1. Using kubearmor-relay stdout: This is the easiest way i.e. if the SIEM tool connects to the k8s pod logging interface then all the kubearmor events (across all nodes) are available at the kubearmor-relay stdout. [Fluentd](https://docs.fluentd.org/v/0.12/articles/kubernetes-fluentd)/[Microsoft Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/monitoring-azure-kubernetes-service-aks-with-microsoft-sentinel/ba-p/1583204) does support this mode wherein the `stdout` of the pod can be streamed to the SIEM tool.
By default the stdout is turned off. To enable it update the environment variable in the deployment yaml `ENABLE_STDOUT_LOGS`, `ENABLE_STDOUT_ALERTS` , `ENABLE_STDOUT_MSGS` as `true `
By default the stdout is turned off to not impact performance. To enable it update the environment variable in the deployment yaml `ENABLE_STDOUT_LOGS`, `ENABLE_STDOUT_ALERTS` , `ENABLE_STDOUT_MSGS` as `true `

example
```
Expand All @@ -29,7 +29,7 @@ example
```

2. Creating an adapter for the SIEM tool. Kubearmor-relay events could be accessed using its GRPC server ([ref code](https://github.com/kubearmor/kubearmor-client/tree/main/log)) and then the events could be streamed to the SIEM tool (splunk/elk/MS-sentinel ...).
2. Creating an adapter for the SIEM tool. Kubearmor-relay events could be accessed using its GRPC server ([ref code](https://github.com/kubearmor/kubearmor-client/tree/main/log)) and then the events could be streamed to the SIEM tool (splunk/elk/MS-sentinel ...). An example adaptor is [OpenTemetery-Adapater for KubeArmor](https://github.com/kubearmor/otel-adapter/), The OpenTelemetry KubeArmor receiver connects to KubeArmor-Relay and converts KubeArmor telemetry data to the OpenTelemetry format which in turn can be configured to connect to SIEM Tools like Splunk,Grafana etc. [Here's the tutorial](https://github.com/kubearmor/otel-adapter/blob/main/example/tutorials/tutorial.md) for the same.

<img src="docs/kubearmor-event-stream-arch.png" width="512">

Expand Down

0 comments on commit 72156a8

Please sign in to comment.