Skip to main content

Kubernetes Security FAQ

Can I install different Lacework components in my clusters (mixed deployment)?

You can pick and choose the level of visibility and security you need for each of your clusters, and therefore install just some of the components or integrations for each cluster. Lacework designed the different components to work independently of each other.

Do you support all versions of Kubernetes?

Each component has a list of supported platforms. Some managed or serverless Kubernetes for cloud providers may not support access to all features, such as Kubernetes audit logs or the admission controller.

I seem to be hitting a limit with the Kinesis Firehose for the EKS logs, and I'm seeing a drop in throughput and a lot of throttling. Can this limit be increased?

Yes, you can request an increase in the quota from Amazon. For information about the quota, see Amazon Kinesis Data Firehose Quota.

To monitor throttling issues, the following CloudWatch alarms are recommended:

  • IncomingBytes (Sum per 5 Minutes) / 300 approaches a percentage of BytesPerSecondLimit.
  • IncomingRecords (Sum per 5 Minutes) / 300 approaches a percentage of RecordsPerSecondLimit.
  • IncomingPutRequests (Sum per 5 Minutes) / 300 approaches a percentage of PutRequestsPerSecondLimit.

See Best Practices with CloudWatch Alarms for details.

Why is the Kubernetes inventory empty or incorrect?

The agent has to be installed. Check if the Kubernetes cluster name has been explicitly set in the Kubernetes configmap.