Cloud Discovery & Visibility (CDV) supports discovery of Kubernetes resources within an AWS Elastic Kubernetes Service (EKS) Cluster. When discovering EKS Clusters, within BlueCat Address Manager (BAM), clusters are converted into devices and node groups are converted into tags. CDV can also optionally discover resources internal to an EKS Cluster (currently only pods and services). If you are discovering internal Kubernetes resources, CDV will also create a new Configuration for each Kubernetes cluster to hold that cluster's pods and services.
When CDV imports internal Kubernetes resources (pods and services), it creates separate Configurations for each Kubernetes cluster and imports each cluster's resources the appropriate Configuration. These Configurations are distinct from standard and overlapping Configurations.
CDV updates internal EKS resources as follows:
During Discovery jobs, CDV updates the list of pods and services within an EKS Cluster.
During Visibility jobs, CDV updates pods and services only when related nodes are updated. CDV does not directly run visibility jobs on EKS Clusters.
When CDV imports EKS data into Address Manager, it is also imported as a hierarchy of tags based on the region, cluster, and node group of the EKS data:
- Tag Group: named as AWS Elastic Kubernetes Service to distinguish EKS data from other resource tags.
- Level 1 tag: named as the discovered Region name in AWS to distinguish cluster and node group tags from other regions.
- Level 2 tag: named as the BlueCat configuration name. Since tags are used across configurations, using the name of the BlueCat configuration avoids data conflict and mismatches when multiple discovery and visibility requests are run against resources on the same Address Manager.
- Level 3 tag: named as the EKS cluster name.
- Level 4 tag: named as the EKS node group name.
The following examples illustrate how EKS data is imported into BAM.
Clusters
In the following image, EKS clusters have been created in the AWS infrastructure.
When imported into Address Manager, an EKS cluster is represented by a device with the Kubernetes Clusters device subtype.
Within the AWS infrastructure, each EKS cluster is registered with a VPC. To represent this relationship in Address Manager, a tag is created with the same name as the EKS Cluster Device and linked to the corresponding address space.
Node groups
In the following image, node groups have been added to an existing EKS cluster in the AWS infrastructure.
When imported into Address Manager, an EKS node group is represented by a tag. The node group tag is added to the associated EKS cluster device.
Within the AWS infrastructure, a node group manages one or many EC2 instances. If you enable the discovery of EC2 instances, node groups tagged to the EC2 instance device are also imported
Pods and services
CDV imports Kubernetes pods and services into BAM as devices. Pods can share the same IP address, which means it is possible that a specific pod will not link directly to its IP Address in BAM. (In BAM, only one device can link to a specific IP address.)
Pods and services are imported using the specified View and tagged with the cluster to which they belong.
Example list of pods and services associated with a cluster: